From 500eae7acfd7a820bc96a28645ae6ae3a37e6ecd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 14 Sep 2025 16:01:12 +0000 Subject: [PATCH 01/13] Bump actions/create-github-app-token from 2.1.1 to 2.1.4 Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.1.1 to 2.1.4. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/a8d616148505b5069dccd32f177bb87d7f39123b...67018539274d69449ef7c02e8e71183d1719ab42) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 2.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/dependabot-auto-merge.yml | 2 +- .github/workflows/dependabot-build.yml | 2 +- .github/workflows/release-bump-version.yml | 2 +- .github/workflows/release-move-tracking-tag.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 46714a7..d25a7e7 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -9,7 +9,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 with: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} diff --git a/.github/workflows/dependabot-build.yml b/.github/workflows/dependabot-build.yml index 0f2043c..554eeac 100644 --- a/.github/workflows/dependabot-build.yml +++ b/.github/workflows/dependabot-build.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 with: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} diff --git a/.github/workflows/release-bump-version.yml b/.github/workflows/release-bump-version.yml index 291554e..c481c69 100644 --- a/.github/workflows/release-bump-version.yml +++ b/.github/workflows/release-bump-version.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 with: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} diff --git a/.github/workflows/release-move-tracking-tag.yml b/.github/workflows/release-move-tracking-tag.yml index e815057..e78decf 100644 --- a/.github/workflows/release-move-tracking-tag.yml +++ b/.github/workflows/release-move-tracking-tag.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 with: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} From a62b0915e2232c859228be17c5ac220fb8bc5bd0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Oct 2025 20:18:16 +0000 Subject: [PATCH 02/13] Bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/check-uncommitted.yml | 4 ++-- .github/workflows/ci.yml | 2 +- .github/workflows/dependabot-auto-merge.yml | 2 +- .github/workflows/dependabot-build.yml | 4 ++-- .github/workflows/release-bump-version.yml | 2 +- .github/workflows/release-move-tracking-tag.yml | 2 +- .github/workflows/release-publish-package.yml | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/check-uncommitted.yml b/.github/workflows/check-uncommitted.yml index 5fca679..fc48acf 100644 --- a/.github/workflows/check-uncommitted.yml +++ b/.github/workflows/check-uncommitted.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-node@v4 with: @@ -33,7 +33,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Compare the expected vs actual files run: test -z "$(git status --porcelain)" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ee1eba6..828b124 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: name: CI runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-node@v4 with: diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index d25a7e7..69b3289 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -14,7 +14,7 @@ jobs: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Auto-merge run: gh pr merge --auto --merge '${{ github.event.pull_request.html_url }}' diff --git a/.github/workflows/dependabot-build.yml b/.github/workflows/dependabot-build.yml index 554eeac..c813902 100644 --- a/.github/workflows/dependabot-build.yml +++ b/.github/workflows/dependabot-build.yml @@ -16,7 +16,7 @@ jobs: dependency-type: ${{ steps.dependabot-metadata.outputs.dependency-type }} package-ecosystem: ${{ steps.dependabot-metadata.outputs.package-ecosystem }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Fetch dependabot metadata id: dependabot-metadata @@ -36,7 +36,7 @@ jobs: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: # Check out using an app token so any pushed changes will trigger checkruns token: ${{ steps.generate_token.outputs.token }} diff --git a/.github/workflows/release-bump-version.yml b/.github/workflows/release-bump-version.yml index c481c69..6b210b0 100644 --- a/.github/workflows/release-bump-version.yml +++ b/.github/workflows/release-bump-version.yml @@ -27,7 +27,7 @@ jobs: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: # Ensure we start from main in case the workflow is run from a branch ref: "main" diff --git a/.github/workflows/release-move-tracking-tag.yml b/.github/workflows/release-move-tracking-tag.yml index e78decf..2862319 100644 --- a/.github/workflows/release-move-tracking-tag.yml +++ b/.github/workflows/release-move-tracking-tag.yml @@ -43,7 +43,7 @@ jobs: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: token: ${{ steps.generate_token.outputs.token }} diff --git a/.github/workflows/release-publish-package.yml b/.github/workflows/release-publish-package.yml index 0fa3663..6817a35 100644 --- a/.github/workflows/release-publish-package.yml +++ b/.github/workflows/release-publish-package.yml @@ -14,7 +14,7 @@ jobs: packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Publish id: publish From 328a418469975c44847e9f49d3ffb5c7bbdb0f44 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Oct 2025 20:21:11 +0000 Subject: [PATCH 03/13] Bump actions/setup-node from 4 to 5 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/check-uncommitted.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/dependabot-build.yml | 2 +- .github/workflows/release-bump-version.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check-uncommitted.yml b/.github/workflows/check-uncommitted.yml index fc48acf..a2c8401 100644 --- a/.github/workflows/check-uncommitted.yml +++ b/.github/workflows/check-uncommitted.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@v5 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v5 with: node-version-file: .nvmrc cache: 'npm' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 828b124..d521d93 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@v5 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v5 with: node-version-file: .nvmrc cache: 'npm' diff --git a/.github/workflows/dependabot-build.yml b/.github/workflows/dependabot-build.yml index c813902..351706e 100644 --- a/.github/workflows/dependabot-build.yml +++ b/.github/workflows/dependabot-build.yml @@ -41,7 +41,7 @@ jobs: # Check out using an app token so any pushed changes will trigger checkruns token: ${{ steps.generate_token.outputs.token }} - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v5 with: node-version-file: .nvmrc cache: 'npm' diff --git a/.github/workflows/release-bump-version.yml b/.github/workflows/release-bump-version.yml index 6b210b0..de897e8 100644 --- a/.github/workflows/release-bump-version.yml +++ b/.github/workflows/release-bump-version.yml @@ -33,7 +33,7 @@ jobs: ref: "main" token: ${{ steps.generate_token.outputs.token }} - - uses: actions/setup-node@v4 # bin/bump-version needs npm + - uses: actions/setup-node@v5 # bin/bump-version needs npm with: node-version-file: .nvmrc cache: 'npm' From dbb03871b75627fd0ae05ad249bd11f82c12ff8d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 19 Oct 2025 16:01:11 +0000 Subject: [PATCH 04/13] Bump actions/setup-node from 5 to 6 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/check-uncommitted.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/dependabot-build.yml | 2 +- .github/workflows/release-bump-version.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check-uncommitted.yml b/.github/workflows/check-uncommitted.yml index a2c8401..827e6d2 100644 --- a/.github/workflows/check-uncommitted.yml +++ b/.github/workflows/check-uncommitted.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@v5 - - uses: actions/setup-node@v5 + - uses: actions/setup-node@v6 with: node-version-file: .nvmrc cache: 'npm' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d521d93..c1bd193 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@v5 - - uses: actions/setup-node@v5 + - uses: actions/setup-node@v6 with: node-version-file: .nvmrc cache: 'npm' diff --git a/.github/workflows/dependabot-build.yml b/.github/workflows/dependabot-build.yml index 351706e..2c9cdc9 100644 --- a/.github/workflows/dependabot-build.yml +++ b/.github/workflows/dependabot-build.yml @@ -41,7 +41,7 @@ jobs: # Check out using an app token so any pushed changes will trigger checkruns token: ${{ steps.generate_token.outputs.token }} - - uses: actions/setup-node@v5 + - uses: actions/setup-node@v6 with: node-version-file: .nvmrc cache: 'npm' diff --git a/.github/workflows/release-bump-version.yml b/.github/workflows/release-bump-version.yml index de897e8..bc9cf14 100644 --- a/.github/workflows/release-bump-version.yml +++ b/.github/workflows/release-bump-version.yml @@ -33,7 +33,7 @@ jobs: ref: "main" token: ${{ steps.generate_token.outputs.token }} - - uses: actions/setup-node@v5 # bin/bump-version needs npm + - uses: actions/setup-node@v6 # bin/bump-version needs npm with: node-version-file: .nvmrc cache: 'npm' From b02431692bac847d0c70154a56f9c6aebec59c43 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 23 Nov 2025 16:01:14 +0000 Subject: [PATCH 05/13] Bump actions/create-github-app-token from 2.1.4 to 2.2.0 Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.1.4 to 2.2.0. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/67018539274d69449ef7c02e8e71183d1719ab42...7e473efe3cb98aa54f8d4bac15400b15fad77d94) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/dependabot-auto-merge.yml | 2 +- .github/workflows/dependabot-build.yml | 2 +- .github/workflows/release-bump-version.yml | 2 +- .github/workflows/release-move-tracking-tag.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 69b3289..3e09446 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -9,7 +9,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 with: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} diff --git a/.github/workflows/dependabot-build.yml b/.github/workflows/dependabot-build.yml index 2c9cdc9..42b6f74 100644 --- a/.github/workflows/dependabot-build.yml +++ b/.github/workflows/dependabot-build.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 with: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} diff --git a/.github/workflows/release-bump-version.yml b/.github/workflows/release-bump-version.yml index bc9cf14..94eaeda 100644 --- a/.github/workflows/release-bump-version.yml +++ b/.github/workflows/release-bump-version.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 with: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} diff --git a/.github/workflows/release-move-tracking-tag.yml b/.github/workflows/release-move-tracking-tag.yml index 2862319..64c854a 100644 --- a/.github/workflows/release-move-tracking-tag.yml +++ b/.github/workflows/release-move-tracking-tag.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 with: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} From f7daeaadf0078fd947e7d01b180c0ba122a67c26 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 19:42:08 +0000 Subject: [PATCH 06/13] Bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/check-uncommitted.yml | 4 ++-- .github/workflows/ci.yml | 2 +- .github/workflows/dependabot-auto-merge.yml | 2 +- .github/workflows/dependabot-build.yml | 4 ++-- .github/workflows/release-bump-version.yml | 2 +- .github/workflows/release-move-tracking-tag.yml | 2 +- .github/workflows/release-publish-package.yml | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/check-uncommitted.yml b/.github/workflows/check-uncommitted.yml index 827e6d2..568c95d 100644 --- a/.github/workflows/check-uncommitted.yml +++ b/.github/workflows/check-uncommitted.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: actions/setup-node@v6 with: @@ -33,7 +33,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Compare the expected vs actual files run: test -z "$(git status --porcelain)" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c1bd193..300b6da 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: name: CI runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: actions/setup-node@v6 with: diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 3e09446..0ea983a 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -14,7 +14,7 @@ jobs: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Auto-merge run: gh pr merge --auto --merge '${{ github.event.pull_request.html_url }}' diff --git a/.github/workflows/dependabot-build.yml b/.github/workflows/dependabot-build.yml index 42b6f74..70e0684 100644 --- a/.github/workflows/dependabot-build.yml +++ b/.github/workflows/dependabot-build.yml @@ -16,7 +16,7 @@ jobs: dependency-type: ${{ steps.dependabot-metadata.outputs.dependency-type }} package-ecosystem: ${{ steps.dependabot-metadata.outputs.package-ecosystem }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Fetch dependabot metadata id: dependabot-metadata @@ -36,7 +36,7 @@ jobs: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: # Check out using an app token so any pushed changes will trigger checkruns token: ${{ steps.generate_token.outputs.token }} diff --git a/.github/workflows/release-bump-version.yml b/.github/workflows/release-bump-version.yml index 94eaeda..9d750a1 100644 --- a/.github/workflows/release-bump-version.yml +++ b/.github/workflows/release-bump-version.yml @@ -27,7 +27,7 @@ jobs: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: # Ensure we start from main in case the workflow is run from a branch ref: "main" diff --git a/.github/workflows/release-move-tracking-tag.yml b/.github/workflows/release-move-tracking-tag.yml index 64c854a..6e1cce9 100644 --- a/.github/workflows/release-move-tracking-tag.yml +++ b/.github/workflows/release-move-tracking-tag.yml @@ -43,7 +43,7 @@ jobs: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: token: ${{ steps.generate_token.outputs.token }} diff --git a/.github/workflows/release-publish-package.yml b/.github/workflows/release-publish-package.yml index 6817a35..a623c5b 100644 --- a/.github/workflows/release-publish-package.yml +++ b/.github/workflows/release-publish-package.yml @@ -14,7 +14,7 @@ jobs: packages: write steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Publish id: publish From dc132f8d6beee699f469b7c03c41631ec61c9c82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 7 Dec 2025 16:01:11 +0000 Subject: [PATCH 07/13] Bump actions/create-github-app-token from 2.2.0 to 2.2.1 Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.2.0 to 2.2.1. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/7e473efe3cb98aa54f8d4bac15400b15fad77d94...29824e69f54612133e76f7eaac726eef6c875baf) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 2.2.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/dependabot-auto-merge.yml | 2 +- .github/workflows/dependabot-build.yml | 2 +- .github/workflows/release-bump-version.yml | 2 +- .github/workflows/release-move-tracking-tag.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 0ea983a..735a461 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -9,7 +9,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 with: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} diff --git a/.github/workflows/dependabot-build.yml b/.github/workflows/dependabot-build.yml index 70e0684..ef91aa0 100644 --- a/.github/workflows/dependabot-build.yml +++ b/.github/workflows/dependabot-build.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 with: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} diff --git a/.github/workflows/release-bump-version.yml b/.github/workflows/release-bump-version.yml index 9d750a1..2593668 100644 --- a/.github/workflows/release-bump-version.yml +++ b/.github/workflows/release-bump-version.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 with: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} diff --git a/.github/workflows/release-move-tracking-tag.yml b/.github/workflows/release-move-tracking-tag.yml index 6e1cce9..d23c2de 100644 --- a/.github/workflows/release-move-tracking-tag.yml +++ b/.github/workflows/release-move-tracking-tag.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 with: app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }} private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }} From 84c891ecc223caac49af317368a1df9d6fb72ff7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Dec 2025 20:04:10 +0000 Subject: [PATCH 08/13] Bump js-yaml from 3.14.1 to 3.14.2 Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 56 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 15 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9088d9b..901d564 100644 --- a/package-lock.json +++ b/package-lock.json @@ -190,6 +190,7 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.22.9.tgz", "integrity": "sha512-G2EgeufBcYw27U4hhoIwFcgc1XU7TlXJ3mv04oOv1WCuo900U/anZSPzEqNjwdjgffkk2Gs0AN0dW1CKVLcG7w==", "dev": true, + "peer": true, "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.22.5", @@ -896,10 +897,11 @@ } }, "node_modules/@eslint/eslintrc/node_modules/js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", "dev": true, + "license": "MIT", "dependencies": { "argparse": "^2.0.1" }, @@ -1495,6 +1497,7 @@ "version": "3.6.0", "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz", "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==", + "peer": true, "dependencies": { "@octokit/auth-token": "^2.4.4", "@octokit/graphql": "^4.5.8", @@ -1809,6 +1812,7 @@ "integrity": "sha512-v1DKRfUdyW+jJhZNEI1PYy29S2YRxMV5AOO/x/SjKmW0acCIOqmbj6Haf9eHAhsPmrhlHSxEhv/1WszcLWV4cg==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "undici-types": "~6.21.0" } @@ -1881,6 +1885,7 @@ "integrity": "sha512-LKMrmwCPoLhM45Z00O1ulb6jwyVr2kr3XJp+G+tSEZcbauNnScewcQwtJqXDhXeYPDEjZ8C1SjXm015CirEmGg==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@typescript-eslint/scope-manager": "8.32.1", "@typescript-eslint/types": "8.32.1", @@ -2093,6 +2098,7 @@ "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.1.tgz", "integrity": "sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg==", "dev": true, + "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -2513,6 +2519,7 @@ "url": "https://github.com/sponsors/ai" } ], + "peer": true, "dependencies": { "caniuse-lite": "^1.0.30001503", "electron-to-chromium": "^1.4.431", @@ -3292,6 +3299,7 @@ "integrity": "sha512-Hx0MOjPh6uK9oq9nVsATZKE/Wlbai7KFjfCuw9UHaguDW3x+HF0O5nIi3ud39TWgrTjTO5nHxmL3R1eANinWHQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.12.1", @@ -3817,6 +3825,7 @@ "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "accepts": "^2.0.0", "body-parser": "^2.2.0", @@ -5047,6 +5056,7 @@ "resolved": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", "integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==", "dev": true, + "peer": true, "dependencies": { "@jest/core": "^29.7.0", "@jest/types": "^29.6.3", @@ -5604,10 +5614,11 @@ "dev": true }, "node_modules/js-yaml": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "version": "3.14.2", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz", + "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==", "dev": true, + "license": "MIT", "dependencies": { "argparse": "^1.0.7", "esprima": "^4.0.0" @@ -7332,6 +7343,7 @@ "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==", "dev": true, + "peer": true, "dependencies": { "@cspotcode/source-map-support": "^0.8.0", "@tsconfig/node10": "^1.0.7", @@ -7549,6 +7561,7 @@ "integrity": "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ==", "dev": true, "license": "Apache-2.0", + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -7910,6 +7923,7 @@ "integrity": "sha512-OdqJE9UDRPwWsrHjLN2F8bPxvwJBK22EHLWtanu0LSYr5YqzsaaW3RMgmjwr8Rypg5k+meEJdSPXJZXE/yqOMg==", "dev": true, "license": "MIT", + "peer": true, "funding": { "url": "https://github.com/sponsors/colinhacks" } @@ -8049,6 +8063,7 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.22.9.tgz", "integrity": "sha512-G2EgeufBcYw27U4hhoIwFcgc1XU7TlXJ3mv04oOv1WCuo900U/anZSPzEqNjwdjgffkk2Gs0AN0dW1CKVLcG7w==", "dev": true, + "peer": true, "requires": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.22.5", @@ -8576,9 +8591,9 @@ "dev": true }, "js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", "dev": true, "requires": { "argparse": "^2.0.1" @@ -9049,6 +9064,7 @@ "version": "3.6.0", "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz", "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==", + "peer": true, "requires": { "@octokit/auth-token": "^2.4.4", "@octokit/graphql": "^4.5.8", @@ -9354,6 +9370,7 @@ "resolved": "https://registry.npmjs.org/@types/node/-/node-22.15.18.tgz", "integrity": "sha512-v1DKRfUdyW+jJhZNEI1PYy29S2YRxMV5AOO/x/SjKmW0acCIOqmbj6Haf9eHAhsPmrhlHSxEhv/1WszcLWV4cg==", "dev": true, + "peer": true, "requires": { "undici-types": "~6.21.0" } @@ -9409,6 +9426,7 @@ "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.32.1.tgz", "integrity": "sha512-LKMrmwCPoLhM45Z00O1ulb6jwyVr2kr3XJp+G+tSEZcbauNnScewcQwtJqXDhXeYPDEjZ8C1SjXm015CirEmGg==", "dev": true, + "peer": true, "requires": { "@typescript-eslint/scope-manager": "8.32.1", "@typescript-eslint/types": "8.32.1", @@ -9531,7 +9549,8 @@ "version": "8.14.1", "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.1.tgz", "integrity": "sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg==", - "dev": true + "dev": true, + "peer": true }, "acorn-jsx": { "version": "5.3.2", @@ -9830,6 +9849,7 @@ "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.9.tgz", "integrity": "sha512-M0MFoZzbUrRU4KNfCrDLnvyE7gub+peetoTid3TBIqtunaDJyXlwhakT+/VkvSXcfIzFfK/nkCs4nmyTmxdNSg==", "dev": true, + "peer": true, "requires": { "caniuse-lite": "^1.0.30001503", "electron-to-chromium": "^1.4.431", @@ -10376,6 +10396,7 @@ "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.26.0.tgz", "integrity": "sha512-Hx0MOjPh6uK9oq9nVsATZKE/Wlbai7KFjfCuw9UHaguDW3x+HF0O5nIi3ud39TWgrTjTO5nHxmL3R1eANinWHQ==", "dev": true, + "peer": true, "requires": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.12.1", @@ -10747,6 +10768,7 @@ "resolved": "https://registry.npmjs.org/express/-/express-5.1.0.tgz", "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==", "dev": true, + "peer": true, "requires": { "accepts": "^2.0.0", "body-parser": "^2.2.0", @@ -11601,6 +11623,7 @@ "resolved": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", "integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==", "dev": true, + "peer": true, "requires": { "@jest/core": "^29.7.0", "@jest/types": "^29.6.3", @@ -12029,9 +12052,9 @@ "dev": true }, "js-yaml": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "version": "3.14.2", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz", + "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==", "dev": true, "requires": { "argparse": "^1.0.7", @@ -13222,6 +13245,7 @@ "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==", "dev": true, + "peer": true, "requires": { "@cspotcode/source-map-support": "^0.8.0", "@tsconfig/node10": "^1.0.7", @@ -13369,7 +13393,8 @@ "version": "5.8.3", "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.8.3.tgz", "integrity": "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ==", - "dev": true + "dev": true, + "peer": true }, "unbox-primitive": { "version": "1.1.0", @@ -13619,7 +13644,8 @@ "version": "3.24.4", "resolved": "https://registry.npmjs.org/zod/-/zod-3.24.4.tgz", "integrity": "sha512-OdqJE9UDRPwWsrHjLN2F8bPxvwJBK22EHLWtanu0LSYr5YqzsaaW3RMgmjwr8Rypg5k+meEJdSPXJZXE/yqOMg==", - "dev": true + "dev": true, + "peer": true }, "zod-to-json-schema": { "version": "3.24.5", From d411582f801e564114e3c0e221a9301030b6b7dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Dec 2025 20:10:26 +0000 Subject: [PATCH 09/13] Bump express from 5.1.0 to 5.2.1 Bumps [express](https://github.com/expressjs/express) from 5.1.0 to 5.2.1. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](https://github.com/expressjs/express/compare/v5.1.0...v5.2.1) --- updated-dependencies: - dependency-name: express dependency-version: 5.2.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 156 +++++++++++++++++++++++++--------------------- 1 file changed, 85 insertions(+), 71 deletions(-) diff --git a/package-lock.json b/package-lock.json index 901d564..98d914a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2458,24 +2458,28 @@ "integrity": "sha512-3pZEU3NT5BFUo/AD5ERPWOgQOCZITni6iavr5AUw5AUwQjMlI0kzu5btnyD39AF0gUEsDPwJT+oY1ORBJijPjQ==" }, "node_modules/body-parser": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.0.tgz", - "integrity": "sha512-02qvAaxv8tp7fBa/mw1ga98OGm+eCbqzJOKoRt70sLmfEEi+jyBYVTDGfCL/k06/4EMk/z01gCe7HoCH/f2LTg==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.1.tgz", + "integrity": "sha512-nfDwkulwiZYQIGwxdy0RUmowMhKcFVcYXUU7m4QlKYim1rUtg83xm2yjZ40QjDuc291AJjjeSc9b++AWHSgSHw==", "dev": true, "license": "MIT", "dependencies": { "bytes": "^3.1.2", "content-type": "^1.0.5", - "debug": "^4.4.0", + "debug": "^4.4.3", "http-errors": "^2.0.0", - "iconv-lite": "^0.6.3", + "iconv-lite": "^0.7.0", "on-finished": "^2.4.1", "qs": "^6.14.0", - "raw-body": "^3.0.0", - "type-is": "^2.0.0" + "raw-body": "^3.0.1", + "type-is": "^2.0.1" }, "engines": { "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/brace-expansion": { @@ -2911,9 +2915,9 @@ } }, "node_modules/debug": { - "version": "4.4.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.1.tgz", - "integrity": "sha512-KcKCqiftBJcZr++7ykoDIEwSa3XWowTfNPo92BYxjXiyYEVrUQh2aLyhxBCwww+heortUFxEJYcRzosstTEBYQ==", + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", "dev": true, "license": "MIT", "dependencies": { @@ -3820,20 +3824,21 @@ } }, "node_modules/express": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/express/-/express-5.1.0.tgz", - "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==", + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/express/-/express-5.2.1.tgz", + "integrity": "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==", "dev": true, "license": "MIT", "peer": true, "dependencies": { "accepts": "^2.0.0", - "body-parser": "^2.2.0", + "body-parser": "^2.2.1", "content-disposition": "^1.0.0", "content-type": "^1.0.5", "cookie": "^0.7.1", "cookie-signature": "^1.2.1", "debug": "^4.4.0", + "depd": "^2.0.0", "encodeurl": "^2.0.0", "escape-html": "^1.0.3", "etag": "^1.8.1", @@ -4402,20 +4407,24 @@ "dev": true }, "node_modules/http-errors": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", - "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", "dev": true, "license": "MIT", "dependencies": { - "depd": "2.0.0", - "inherits": "2.0.4", - "setprototypeof": "1.2.0", - "statuses": "2.0.1", - "toidentifier": "1.0.1" + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" }, "engines": { "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/human-signals": { @@ -4428,9 +4437,9 @@ } }, "node_modules/iconv-lite": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", - "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.1.tgz", + "integrity": "sha512-2Tth85cXwGFHfvRgZWszZSvdo+0Xsqmw8k8ZwxScfcBneNUraK+dxRxRm24nszx80Y0TVio8kKLt5sLE7ZCLlw==", "dev": true, "license": "MIT", "dependencies": { @@ -4438,6 +4447,10 @@ }, "engines": { "node": ">=0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/ignore": { @@ -6524,19 +6537,19 @@ } }, "node_modules/raw-body": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.0.tgz", - "integrity": "sha512-RmkhL8CAyCRPXCE28MMH0z2PNWQBNk2Q09ZdxM9IOOXwxwZbN+qbWaatPkdkWIKL2ZVDImrN/pK5HTRz2PcS4g==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.2.tgz", + "integrity": "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==", "dev": true, "license": "MIT", "dependencies": { - "bytes": "3.1.2", - "http-errors": "2.0.0", - "iconv-lite": "0.6.3", - "unpipe": "1.0.0" + "bytes": "~3.1.2", + "http-errors": "~2.0.1", + "iconv-lite": "~0.7.0", + "unpipe": "~1.0.0" }, "engines": { - "node": ">= 0.8" + "node": ">= 0.10" } }, "node_modules/react-is": { @@ -7060,9 +7073,9 @@ } }, "node_modules/statuses": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", - "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", "dev": true, "license": "MIT", "engines": { @@ -9809,20 +9822,20 @@ "integrity": "sha512-3pZEU3NT5BFUo/AD5ERPWOgQOCZITni6iavr5AUw5AUwQjMlI0kzu5btnyD39AF0gUEsDPwJT+oY1ORBJijPjQ==" }, "body-parser": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.0.tgz", - "integrity": "sha512-02qvAaxv8tp7fBa/mw1ga98OGm+eCbqzJOKoRt70sLmfEEi+jyBYVTDGfCL/k06/4EMk/z01gCe7HoCH/f2LTg==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.1.tgz", + "integrity": "sha512-nfDwkulwiZYQIGwxdy0RUmowMhKcFVcYXUU7m4QlKYim1rUtg83xm2yjZ40QjDuc291AJjjeSc9b++AWHSgSHw==", "dev": true, "requires": { "bytes": "^3.1.2", "content-type": "^1.0.5", - "debug": "^4.4.0", + "debug": "^4.4.3", "http-errors": "^2.0.0", - "iconv-lite": "^0.6.3", + "iconv-lite": "^0.7.0", "on-finished": "^2.4.1", "qs": "^6.14.0", - "raw-body": "^3.0.0", - "type-is": "^2.0.0" + "raw-body": "^3.0.1", + "type-is": "^2.0.1" } }, "brace-expansion": { @@ -10118,9 +10131,9 @@ } }, "debug": { - "version": "4.4.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.1.tgz", - "integrity": "sha512-KcKCqiftBJcZr++7ykoDIEwSa3XWowTfNPo92BYxjXiyYEVrUQh2aLyhxBCwww+heortUFxEJYcRzosstTEBYQ==", + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", "dev": true, "requires": { "ms": "^2.1.3" @@ -10764,19 +10777,20 @@ } }, "express": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/express/-/express-5.1.0.tgz", - "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==", + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/express/-/express-5.2.1.tgz", + "integrity": "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==", "dev": true, "peer": true, "requires": { "accepts": "^2.0.0", - "body-parser": "^2.2.0", + "body-parser": "^2.2.1", "content-disposition": "^1.0.0", "content-type": "^1.0.5", "cookie": "^0.7.1", "cookie-signature": "^1.2.1", "debug": "^4.4.0", + "depd": "^2.0.0", "encodeurl": "^2.0.0", "escape-html": "^1.0.3", "etag": "^1.8.1", @@ -11183,16 +11197,16 @@ "dev": true }, "http-errors": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", - "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", "dev": true, "requires": { - "depd": "2.0.0", - "inherits": "2.0.4", - "setprototypeof": "1.2.0", - "statuses": "2.0.1", - "toidentifier": "1.0.1" + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" } }, "human-signals": { @@ -11202,9 +11216,9 @@ "dev": true }, "iconv-lite": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", - "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.1.tgz", + "integrity": "sha512-2Tth85cXwGFHfvRgZWszZSvdo+0Xsqmw8k8ZwxScfcBneNUraK+dxRxRm24nszx80Y0TVio8kKLt5sLE7ZCLlw==", "dev": true, "requires": { "safer-buffer": ">= 2.1.2 < 3.0.0" @@ -12691,15 +12705,15 @@ "dev": true }, "raw-body": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.0.tgz", - "integrity": "sha512-RmkhL8CAyCRPXCE28MMH0z2PNWQBNk2Q09ZdxM9IOOXwxwZbN+qbWaatPkdkWIKL2ZVDImrN/pK5HTRz2PcS4g==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.2.tgz", + "integrity": "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==", "dev": true, "requires": { - "bytes": "3.1.2", - "http-errors": "2.0.0", - "iconv-lite": "0.6.3", - "unpipe": "1.0.0" + "bytes": "~3.1.2", + "http-errors": "~2.0.1", + "iconv-lite": "~0.7.0", + "unpipe": "~1.0.0" } }, "react-is": { @@ -13065,9 +13079,9 @@ } }, "statuses": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", - "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", "dev": true }, "strict-event-emitter": { From 99c27add52552e57615946e8e3e30bb1e06c907f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Dec 2025 23:35:48 +0000 Subject: [PATCH 10/13] Bump @modelcontextprotocol/sdk from 1.11.2 to 1.24.0 Bumps [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) from 1.11.2 to 1.24.0. - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](https://github.com/modelcontextprotocol/typescript-sdk/compare/1.11.2...1.24.0) --- updated-dependencies: - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.24.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 325 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 293 insertions(+), 32 deletions(-) diff --git a/package-lock.json b/package-lock.json index 98d914a..80c87be 100644 --- a/package-lock.json +++ b/package-lock.json @@ -943,6 +943,19 @@ "node": "^18.18.0 || ^20.9.0 || >=21.1.0" } }, + "node_modules/@hono/node-server": { + "version": "1.19.7", + "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.7.tgz", + "integrity": "sha512-vUcD0uauS7EU2caukW8z5lJKtoGMokxNbJtBiwHgpqxEXokaHCBkQUmCHhjFB1VUTWdqj25QoMkMKzgjq+uhrw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18.14.1" + }, + "peerDependencies": { + "hono": "^4" + } + }, "node_modules/@humanfs/core": { "version": "0.19.1", "resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.1.tgz", @@ -1411,25 +1424,88 @@ } }, "node_modules/@modelcontextprotocol/sdk": { - "version": "1.11.2", - "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.11.2.tgz", - "integrity": "sha512-H9vwztj5OAqHg9GockCQC06k1natgcxWQSRpQcPJf6i5+MWBzfKkRtxGbjQf0X2ihii0ffLZCRGbYV2f2bjNCQ==", + "version": "1.25.1", + "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.25.1.tgz", + "integrity": "sha512-yO28oVFFC7EBoiKdAn+VqRm+plcfv4v0xp6osG/VsCB0NlPZWi87ajbCZZ8f/RvOFLEu7//rSRmuZZ7lMoe3gQ==", "dev": true, "license": "MIT", "dependencies": { + "@hono/node-server": "^1.19.7", + "ajv": "^8.17.1", + "ajv-formats": "^3.0.1", "content-type": "^1.0.5", "cors": "^2.8.5", - "cross-spawn": "^7.0.3", + "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", + "eventsource-parser": "^3.0.0", "express": "^5.0.1", "express-rate-limit": "^7.5.0", + "jose": "^6.1.1", + "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", - "zod": "^3.23.8", - "zod-to-json-schema": "^3.24.1" + "zod": "^3.25 || ^4.0", + "zod-to-json-schema": "^3.25.0" }, "engines": { "node": ">=18" + }, + "peerDependencies": { + "@cfworker/json-schema": "^4.1.1", + "zod": "^3.25 || ^4.0" + }, + "peerDependenciesMeta": { + "@cfworker/json-schema": { + "optional": true + }, + "zod": { + "optional": false + } + } + }, + "node_modules/@modelcontextprotocol/sdk/node_modules/ajv": { + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", + "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", + "dev": true, + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/@modelcontextprotocol/sdk/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true, + "license": "MIT" + }, + "node_modules/@modelcontextprotocol/sdk/node_modules/zod": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/zod/-/zod-4.2.1.tgz", + "integrity": "sha512-0wZ1IRqGGhMP76gLqz8EyfBXKk0J2qo2+H3fi4mcUP/KtTocoX08nmIAHl1Z2kJIZbZee8KOpBCSNPRgauucjw==", + "dev": true, + "license": "MIT", + "peer": true, + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + }, + "node_modules/@modelcontextprotocol/sdk/node_modules/zod-to-json-schema": { + "version": "3.25.0", + "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.25.0.tgz", + "integrity": "sha512-HvWtU2UG41LALjajJrML6uQejQhNJx+JBO9IflpSja4R03iNWfKXrj6W2h7ljuLyc1nKS+9yDyL/9tD1U/yBnQ==", + "dev": true, + "license": "ISC", + "peerDependencies": { + "zod": "^3.25 || ^4" } }, "node_modules/@mswjs/interceptors": { @@ -2131,6 +2207,48 @@ "url": "https://github.com/sponsors/epoberezkin" } }, + "node_modules/ajv-formats": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-3.0.1.tgz", + "integrity": "sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "ajv": "^8.0.0" + }, + "peerDependencies": { + "ajv": "^8.0.0" + }, + "peerDependenciesMeta": { + "ajv": { + "optional": true + } + } + }, + "node_modules/ajv-formats/node_modules/ajv": { + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", + "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", + "dev": true, + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ajv-formats/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true, + "license": "MIT" + }, "node_modules/ansi-escapes": { "version": "4.3.2", "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", @@ -3918,6 +4036,23 @@ "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=", "dev": true }, + "node_modules/fast-uri": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", + "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fastify" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/fastify" + } + ], + "license": "BSD-3-Clause" + }, "node_modules/fastq": { "version": "1.13.0", "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.13.0.tgz", @@ -4400,6 +4535,17 @@ "node": ">= 0.4" } }, + "node_modules/hono": { + "version": "4.11.1", + "resolved": "https://registry.npmjs.org/hono/-/hono-4.11.1.tgz", + "integrity": "sha512-KsFcH0xxHes0J4zaQgWbYwmz3UPOOskdqZmItstUG93+Wk1ePBLkLGwbP9zlmh1BFUiL8Qp+Xfu9P7feJWpGNg==", + "dev": true, + "license": "MIT", + "peer": true, + "engines": { + "node": ">=16.9.0" + } + }, "node_modules/html-escaper": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", @@ -5620,6 +5766,16 @@ "url": "https://github.com/chalk/supports-color?sponsor=1" } }, + "node_modules/jose": { + "version": "6.1.3", + "resolved": "https://registry.npmjs.org/jose/-/jose-6.1.3.tgz", + "integrity": "sha512-0TpaTfihd4QMNwrz/ob2Bp7X04yuxJkjRGi4aKmOqwhov54i6u79oCv7T+C7lo70MKH6BesI3vscD1yb/yzKXQ==", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, "node_modules/js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", @@ -5670,6 +5826,13 @@ "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", "dev": true }, + "node_modules/json-schema-typed": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/json-schema-typed/-/json-schema-typed-8.0.2.tgz", + "integrity": "sha512-fQhoXdcvc3V28x7C7BMs4P5+kNlgUURe2jmUT1T//oBRMDrqy1QPelJimwZGo7Hg9VPV3EQV5Bnq4hbFy2vetA==", + "dev": true, + "license": "BSD-2-Clause" + }, "node_modules/json-stable-stringify-without-jsonify": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", @@ -6621,6 +6784,16 @@ "node": ">=0.10.0" } }, + "node_modules/require-from-string": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/resolve": { "version": "1.22.8", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", @@ -7936,20 +8109,9 @@ "integrity": "sha512-OdqJE9UDRPwWsrHjLN2F8bPxvwJBK22EHLWtanu0LSYr5YqzsaaW3RMgmjwr8Rypg5k+meEJdSPXJZXE/yqOMg==", "dev": true, "license": "MIT", - "peer": true, "funding": { "url": "https://github.com/sponsors/colinhacks" } - }, - "node_modules/zod-to-json-schema": { - "version": "3.24.5", - "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.24.5.tgz", - "integrity": "sha512-/AuWwMP+YqiPbsJx5D6TfgRTc4kTLjsh5SOcd4bLsfUg2RcEXrFMJl1DGgdHy2aCfsIA/cr/1JM0xcB2GZji8g==", - "dev": true, - "license": "ISC", - "peerDependencies": { - "zod": "^3.24.1" - } } }, "dependencies": { @@ -8636,6 +8798,13 @@ "levn": "^0.4.1" } }, + "@hono/node-server": { + "version": "1.19.7", + "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.7.tgz", + "integrity": "sha512-vUcD0uauS7EU2caukW8z5lJKtoGMokxNbJtBiwHgpqxEXokaHCBkQUmCHhjFB1VUTWdqj25QoMkMKzgjq+uhrw==", + "dev": true, + "requires": {} + }, "@humanfs/core": { "version": "0.19.1", "resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.1.tgz", @@ -9008,21 +9177,61 @@ } }, "@modelcontextprotocol/sdk": { - "version": "1.11.2", - "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.11.2.tgz", - "integrity": "sha512-H9vwztj5OAqHg9GockCQC06k1natgcxWQSRpQcPJf6i5+MWBzfKkRtxGbjQf0X2ihii0ffLZCRGbYV2f2bjNCQ==", + "version": "1.25.1", + "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.25.1.tgz", + "integrity": "sha512-yO28oVFFC7EBoiKdAn+VqRm+plcfv4v0xp6osG/VsCB0NlPZWi87ajbCZZ8f/RvOFLEu7//rSRmuZZ7lMoe3gQ==", "dev": true, "requires": { + "@hono/node-server": "^1.19.7", + "ajv": "^8.17.1", + "ajv-formats": "^3.0.1", "content-type": "^1.0.5", "cors": "^2.8.5", - "cross-spawn": "^7.0.3", + "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", + "eventsource-parser": "^3.0.0", "express": "^5.0.1", "express-rate-limit": "^7.5.0", + "jose": "^6.1.1", + "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", - "zod": "^3.23.8", - "zod-to-json-schema": "^3.24.1" + "zod": "^3.25 || ^4.0", + "zod-to-json-schema": "^3.25.0" + }, + "dependencies": { + "ajv": { + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", + "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", + "dev": true, + "requires": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + } + }, + "json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true + }, + "zod": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/zod/-/zod-4.2.1.tgz", + "integrity": "sha512-0wZ1IRqGGhMP76gLqz8EyfBXKk0J2qo2+H3fi4mcUP/KtTocoX08nmIAHl1Z2kJIZbZee8KOpBCSNPRgauucjw==", + "dev": true, + "peer": true + }, + "zod-to-json-schema": { + "version": "3.25.0", + "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.25.0.tgz", + "integrity": "sha512-HvWtU2UG41LALjajJrML6uQejQhNJx+JBO9IflpSja4R03iNWfKXrj6W2h7ljuLyc1nKS+9yDyL/9tD1U/yBnQ==", + "dev": true, + "requires": {} + } } }, "@mswjs/interceptors": { @@ -9584,6 +9793,35 @@ "uri-js": "^4.2.2" } }, + "ajv-formats": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-3.0.1.tgz", + "integrity": "sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ==", + "dev": true, + "requires": { + "ajv": "^8.0.0" + }, + "dependencies": { + "ajv": { + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", + "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", + "dev": true, + "requires": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + } + }, + "json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true + } + } + }, "ansi-escapes": { "version": "4.3.2", "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", @@ -10851,6 +11089,12 @@ "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=", "dev": true }, + "fast-uri": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", + "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", + "dev": true + }, "fastq": { "version": "1.13.0", "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.13.0.tgz", @@ -11190,6 +11434,13 @@ "function-bind": "^1.1.2" } }, + "hono": { + "version": "4.11.1", + "resolved": "https://registry.npmjs.org/hono/-/hono-4.11.1.tgz", + "integrity": "sha512-KsFcH0xxHes0J4zaQgWbYwmz3UPOOskdqZmItstUG93+Wk1ePBLkLGwbP9zlmh1BFUiL8Qp+Xfu9P7feJWpGNg==", + "dev": true, + "peer": true + }, "html-escaper": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", @@ -12059,6 +12310,12 @@ } } }, + "jose": { + "version": "6.1.3", + "resolved": "https://registry.npmjs.org/jose/-/jose-6.1.3.tgz", + "integrity": "sha512-0TpaTfihd4QMNwrz/ob2Bp7X04yuxJkjRGi4aKmOqwhov54i6u79oCv7T+C7lo70MKH6BesI3vscD1yb/yzKXQ==", + "dev": true + }, "js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", @@ -12099,6 +12356,12 @@ "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", "dev": true }, + "json-schema-typed": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/json-schema-typed/-/json-schema-typed-8.0.2.tgz", + "integrity": "sha512-fQhoXdcvc3V28x7C7BMs4P5+kNlgUURe2jmUT1T//oBRMDrqy1QPelJimwZGo7Hg9VPV3EQV5Bnq4hbFy2vetA==", + "dev": true + }, "json-stable-stringify-without-jsonify": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", @@ -12764,6 +13027,12 @@ "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=", "dev": true }, + "require-from-string": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "dev": true + }, "resolve": { "version": "1.22.8", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", @@ -13658,15 +13927,7 @@ "version": "3.24.4", "resolved": "https://registry.npmjs.org/zod/-/zod-3.24.4.tgz", "integrity": "sha512-OdqJE9UDRPwWsrHjLN2F8bPxvwJBK22EHLWtanu0LSYr5YqzsaaW3RMgmjwr8Rypg5k+meEJdSPXJZXE/yqOMg==", - "dev": true, - "peer": true - }, - "zod-to-json-schema": { - "version": "3.24.5", - "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.24.5.tgz", - "integrity": "sha512-/AuWwMP+YqiPbsJx5D6TfgRTc4kTLjsh5SOcd4bLsfUg2RcEXrFMJl1DGgdHy2aCfsIA/cr/1JM0xcB2GZji8g==", - "dev": true, - "requires": {} + "dev": true } } } From 33c7a0bfc8c64c28af2c81b3431ef4c59ec496b4 Mon Sep 17 00:00:00 2001 From: Thomas Ruggeri Date: Mon, 22 Dec 2025 20:31:50 +0000 Subject: [PATCH 11/13] bug: Mock PR body in test * Mock body to get consistent testing * Fix lint warnings --- dist/index.js | 2 -- src/dry-run.ts | 2 +- src/main.test.ts | 33 +++++++++++++++++++++++---------- src/main.ts | 4 ++-- 4 files changed, 26 insertions(+), 15 deletions(-) diff --git a/dist/index.js b/dist/index.js index ba5d534..9242b88 100644 --- a/dist/index.js +++ b/dist/index.js @@ -10497,9 +10497,7 @@ const util = __importStar(__nccwpck_require__(9180)); async function run() { const token = core.getInput('github-token'); if (!token) { - /* eslint-disable no-template-curly-in-string */ core.setFailed('github-token is not set! Please add \'github-token: "${{ secrets.GITHUB_TOKEN }}"\' to your workflow file.'); - /* eslint-enable no-template-curly-in-string */ return; } try { diff --git a/src/dry-run.ts b/src/dry-run.ts index d36fd71..1ff65d9 100755 --- a/src/dry-run.ts +++ b/src/dry-run.ts @@ -1,4 +1,4 @@ -/* eslint-disable no-console, @typescript-eslint/no-var-requires, no-unused-expressions */ + import * as github from '@actions/github' import { Context } from '@actions/github/lib/context' import * as dotenv from 'dotenv' diff --git a/src/main.test.ts b/src/main.test.ts index 7fddb0c..01bf721 100644 --- a/src/main.test.ts +++ b/src/main.test.ts @@ -11,6 +11,19 @@ beforeEach(() => { jest.spyOn(core, 'setFailed').mockImplementation(jest.fn()) jest.spyOn(core, 'startGroup').mockImplementation(jest.fn()) jest.spyOn(core, 'getBooleanInput').mockReturnValue(false) + jest.spyOn(util, 'getBody').mockReturnValue(` +Bumps [fake/package](https://github.com/) from 0.0.0 to 0.0.1. +
+Release notes +
+

0.0.1

+

Summary

+

This is a fake description for a fake update

+

What's Changed

+* Nothing +
+
+`) }) test('it early exits with an error if github-token is not set', async () => { @@ -22,10 +35,10 @@ test('it early exits with an error if github-token is not set', async () => { expect(core.setFailed).toHaveBeenCalledWith( expect.stringContaining('github-token is not set!') ) - /* eslint-disable no-unused-expressions */ + expect(dependabotCommits.getMessage).not.toHaveBeenCalled expect(dependabotCommits.getAlert).not.toHaveBeenCalled - /* eslint-enable no-unused-expressions */ + }) test('it does nothing if the PR is not verified as from Dependabot', async () => { @@ -40,9 +53,9 @@ test('it does nothing if the PR is not verified as from Dependabot', async () => expect(core.setFailed).toHaveBeenCalledWith( expect.stringContaining('PR is not from Dependabot, nothing to do.') ) - /* eslint-disable no-unused-expressions */ + expect(dependabotCommits.getAlert).not.toHaveBeenCalled - /* eslint-enable no-unused-expressions */ + }) test('it does nothing if there is no metadata in the commit', async () => { @@ -57,9 +70,9 @@ test('it does nothing if there is no metadata in the commit', async () => { expect(core.setFailed).toHaveBeenCalledWith( expect.stringContaining('PR does not contain metadata, nothing to do.') ) - /* eslint-disable no-unused-expressions */ + expect(dependabotCommits.getAlert).not.toHaveBeenCalled - /* eslint-enable no-unused-expressions */ + }) test('it sets the updated dependency as an output for subsequent actions when given a commit message for application', async () => { @@ -499,9 +512,9 @@ test('it sets the action to failed if there is an unexpected exception', async ( expect(core.setFailed).toHaveBeenCalledWith( expect.stringContaining('Something bad happened!') ) - /* eslint-disable no-unused-expressions */ + expect(dependabotCommits.getAlert).not.toHaveBeenCalled - /* eslint-enable no-unused-expressions */ + }) test('it sets the action to failed if there is a request error', async () => { @@ -525,7 +538,7 @@ test('it sets the action to failed if there is a request error', async () => { expect(core.setFailed).toHaveBeenCalledWith( expect.stringContaining('(500) Something bad happened!') ) - /* eslint-disable no-unused-expressions */ + expect(dependabotCommits.getAlert).not.toHaveBeenCalled - /* eslint-enable no-unused-expressions */ + }) diff --git a/src/main.ts b/src/main.ts index f05bc1f..4cd488f 100644 --- a/src/main.ts +++ b/src/main.ts @@ -10,11 +10,11 @@ export async function run (): Promise { const token = core.getInput('github-token') if (!token) { - /* eslint-disable no-template-curly-in-string */ + core.setFailed( 'github-token is not set! Please add \'github-token: "${{ secrets.GITHUB_TOKEN }}"\' to your workflow file.' ) - /* eslint-enable no-template-curly-in-string */ + return } From fa144c97df0d508a206af2a27295ecc2935effbd Mon Sep 17 00:00:00 2001 From: Thomas Ruggeri Date: Mon, 22 Dec 2025 20:35:52 +0000 Subject: [PATCH 12/13] chore: Migrate jest expectation function * Replace toBeCalledWith with toHaveBeenCalledWith --- src/dependabot/output.test.ts | 96 ++++++++++++++--------------- src/main.test.ts | 112 +++++++++++++++++----------------- 2 files changed, 104 insertions(+), 104 deletions(-) diff --git a/src/dependabot/output.test.ts b/src/dependabot/output.test.ts index 59e1e5f..2fbffb4 100644 --- a/src/dependabot/output.test.ts +++ b/src/dependabot/output.test.ts @@ -54,18 +54,18 @@ test('when given a single dependency it sets its values', async () => { expect(core.setOutput).toHaveBeenCalledWith('updated-dependencies-json', updatedDependencies) - expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor') - expect(core.setOutput).toBeCalledWith('directory', 'wwwroot') - expect(core.setOutput).toBeCalledWith('package-ecosystem', 'nuget') - expect(core.setOutput).toBeCalledWith('target-branch', 'main') - expect(core.setOutput).toBeCalledWith('previous-version', '1.0.2') - expect(core.setOutput).toBeCalledWith('new-version', '1.1.3-beta') - expect(core.setOutput).toBeCalledWith('compatibility-score', 43) - expect(core.setOutput).toBeCalledWith('alert-state', 'FIXED') - expect(core.setOutput).toBeCalledWith('ghsa-id', 'VERY_LONG_ID') - expect(core.setOutput).toBeCalledWith('cvss', 4.6) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'coffee-rails') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:production') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-minor') + expect(core.setOutput).toHaveBeenCalledWith('directory', 'wwwroot') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', 'nuget') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', 'main') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '1.0.2') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '1.1.3-beta') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 43) + expect(core.setOutput).toHaveBeenCalledWith('alert-state', 'FIXED') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', 'VERY_LONG_ID') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 4.6) }) test('when given a multiple dependencies, it uses the highest values for types', async () => { @@ -100,18 +100,18 @@ test('when given a multiple dependencies, it uses the highest values for types', expect(core.setOutput).toHaveBeenCalledWith('updated-dependencies-json', updatedDependencies) - expect(core.setOutput).toBeCalledWith('dependency-names', 'rspec, coffee-rails, coffeescript, rspec-coffeescript') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:development') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-major') - expect(core.setOutput).toBeCalledWith('directory', '') - expect(core.setOutput).toBeCalledWith('package-ecosystem', '') - expect(core.setOutput).toBeCalledWith('target-branch', '') - expect(core.setOutput).toBeCalledWith('previous-version', '') - expect(core.setOutput).toBeCalledWith('new-version', '') - expect(core.setOutput).toBeCalledWith('compatibility-score', 0) - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'rspec, coffee-rails, coffeescript, rspec-coffeescript') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:development') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-major') + expect(core.setOutput).toHaveBeenCalledWith('directory', '') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', '') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', '') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 0) + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) test('when the dependency has no update type', async () => { @@ -131,18 +131,18 @@ test('when the dependency has no update type', async () => { expect(core.setOutput).toHaveBeenCalledWith('updated-dependencies-json', updatedDependencies) - expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production') - expect(core.setOutput).toBeCalledWith('update-type', null) - expect(core.setOutput).toBeCalledWith('directory', '') - expect(core.setOutput).toBeCalledWith('package-ecosystem', '') - expect(core.setOutput).toBeCalledWith('target-branch', '') - expect(core.setOutput).toBeCalledWith('previous-version', '') - expect(core.setOutput).toBeCalledWith('new-version', '') - expect(core.setOutput).toBeCalledWith('compatibility-score', 0) - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'coffee-rails') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:production') + expect(core.setOutput).toHaveBeenCalledWith('update-type', null) + expect(core.setOutput).toHaveBeenCalledWith('directory', '') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', '') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', '') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 0) + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) test('when given a multiple dependencies, and some do not have update types', async () => { @@ -175,16 +175,16 @@ test('when given a multiple dependencies, and some do not have update types', as expect(core.setOutput).toHaveBeenCalledWith('updated-dependencies-json', updatedDependencies) - expect(core.setOutput).toBeCalledWith('dependency-names', 'rspec, coffee-rails, coffeescript, rspec-coffeescript') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:development') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor') - expect(core.setOutput).toBeCalledWith('directory', '') - expect(core.setOutput).toBeCalledWith('package-ecosystem', '') - expect(core.setOutput).toBeCalledWith('target-branch', '') - expect(core.setOutput).toBeCalledWith('previous-version', '') - expect(core.setOutput).toBeCalledWith('new-version', '') - expect(core.setOutput).toBeCalledWith('compatibility-score', 0) - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'rspec, coffee-rails, coffeescript, rspec-coffeescript') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:development') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-minor') + expect(core.setOutput).toHaveBeenCalledWith('directory', '') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', '') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', '') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 0) + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) diff --git a/src/main.test.ts b/src/main.test.ts index 01bf721..88a5450 100644 --- a/src/main.test.ts +++ b/src/main.test.ts @@ -133,20 +133,20 @@ test('it sets the updated dependency as an output for subsequent actions when gi ] ) - expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor') - expect(core.setOutput).toBeCalledWith('directory', '/') - expect(core.setOutput).toBeCalledWith('package-ecosystem', 'nuget') - expect(core.setOutput).toBeCalledWith('target-branch', 'main') - expect(core.setOutput).toBeCalledWith('previous-version', '4.0.1') - expect(core.setOutput).toBeCalledWith('new-version', '4.2.2') - expect(core.setOutput).toBeCalledWith('compatibility-score', 0) - expect(core.setOutput).toBeCalledWith('maintainer-changes', false) - expect(core.setOutput).toBeCalledWith('dependency-group', '') - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'coffee-rails') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:production') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-minor') + expect(core.setOutput).toHaveBeenCalledWith('directory', '/') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', 'nuget') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', 'main') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '4.0.1') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '4.2.2') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 0) + expect(core.setOutput).toHaveBeenCalledWith('maintainer-changes', false) + expect(core.setOutput).toHaveBeenCalledWith('dependency-group', '') + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) test('it sets the updated dependency as an output for subsequent actions when there is a leading v in the commit message version', async () => { @@ -206,20 +206,20 @@ test('it sets the updated dependency as an output for subsequent actions when th ] ) - expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor') - expect(core.setOutput).toBeCalledWith('directory', '/') - expect(core.setOutput).toBeCalledWith('package-ecosystem', 'nuget') - expect(core.setOutput).toBeCalledWith('target-branch', 'main') - expect(core.setOutput).toBeCalledWith('previous-version', 'v4.0.1') - expect(core.setOutput).toBeCalledWith('new-version', 'v4.2.2') - expect(core.setOutput).toBeCalledWith('compatibility-score', 0) - expect(core.setOutput).toBeCalledWith('maintainer-changes', false) - expect(core.setOutput).toBeCalledWith('dependency-group', '') - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'coffee-rails') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:production') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-minor') + expect(core.setOutput).toHaveBeenCalledWith('directory', '/') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', 'nuget') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', 'main') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', 'v4.0.1') + expect(core.setOutput).toHaveBeenCalledWith('new-version', 'v4.2.2') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 0) + expect(core.setOutput).toHaveBeenCalledWith('maintainer-changes', false) + expect(core.setOutput).toHaveBeenCalledWith('dependency-group', '') + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) test('it supports returning information about grouped updates', async () => { @@ -390,20 +390,20 @@ test('it sets the updated dependency as an output for subsequent actions when gi ] ) - expect(core.setOutput).toBeCalledWith('dependency-names', 'rubocop') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:development') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor') - expect(core.setOutput).toBeCalledWith('directory', '/') - expect(core.setOutput).toBeCalledWith('package-ecosystem', 'bundler') - expect(core.setOutput).toBeCalledWith('target-branch', 'main') - expect(core.setOutput).toBeCalledWith('previous-version', '1.30.1') - expect(core.setOutput).toBeCalledWith('new-version', '1.31.0') - expect(core.setOutput).toBeCalledWith('compatibility-score', 0) - expect(core.setOutput).toBeCalledWith('maintainer-changes', false) - expect(core.setOutput).toBeCalledWith('dependency-group', '') - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'rubocop') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:development') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-minor') + expect(core.setOutput).toHaveBeenCalledWith('directory', '/') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', 'bundler') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', 'main') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '1.30.1') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '1.31.0') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 0) + expect(core.setOutput).toHaveBeenCalledWith('maintainer-changes', false) + expect(core.setOutput).toHaveBeenCalledWith('dependency-group', '') + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) test('if there are multiple dependencies, it summarizes them', async () => { @@ -484,20 +484,20 @@ test('if there are multiple dependencies, it summarizes them', async () => { ] ) - expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails, coffeescript') - expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production') - expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-major') - expect(core.setOutput).toBeCalledWith('directory', '/api/main') - expect(core.setOutput).toBeCalledWith('package-ecosystem', 'npm_and_yarn') - expect(core.setOutput).toBeCalledWith('target-branch', 'trunk') - expect(core.setOutput).toBeCalledWith('previous-version', '4.0.1') - expect(core.setOutput).toBeCalledWith('new-version', '4.2.2') - expect(core.setOutput).toBeCalledWith('compatibility-score', 34) - expect(core.setOutput).toBeCalledWith('maintainer-changes', false) - expect(core.setOutput).toBeCalledWith('dependency-group', '') - expect(core.setOutput).toBeCalledWith('alert-state', '') - expect(core.setOutput).toBeCalledWith('ghsa-id', '') - expect(core.setOutput).toBeCalledWith('cvss', 0) + expect(core.setOutput).toHaveBeenCalledWith('dependency-names', 'coffee-rails, coffeescript') + expect(core.setOutput).toHaveBeenCalledWith('dependency-type', 'direct:production') + expect(core.setOutput).toHaveBeenCalledWith('update-type', 'version-update:semver-major') + expect(core.setOutput).toHaveBeenCalledWith('directory', '/api/main') + expect(core.setOutput).toHaveBeenCalledWith('package-ecosystem', 'npm_and_yarn') + expect(core.setOutput).toHaveBeenCalledWith('target-branch', 'trunk') + expect(core.setOutput).toHaveBeenCalledWith('previous-version', '4.0.1') + expect(core.setOutput).toHaveBeenCalledWith('new-version', '4.2.2') + expect(core.setOutput).toHaveBeenCalledWith('compatibility-score', 34) + expect(core.setOutput).toHaveBeenCalledWith('maintainer-changes', false) + expect(core.setOutput).toHaveBeenCalledWith('dependency-group', '') + expect(core.setOutput).toHaveBeenCalledWith('alert-state', '') + expect(core.setOutput).toHaveBeenCalledWith('ghsa-id', '') + expect(core.setOutput).toHaveBeenCalledWith('cvss', 0) }) test('it sets the action to failed if there is an unexpected exception', async () => { From 21025c705c08248db411dc16f3619e6b5f9ea21a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 1 Jun 2025 00:21:29 +0000 Subject: [PATCH 13/13] v2.5.0 Release notes: https://github.com/dependabot/fetch-metadata/releases/tag/v2.5.0 --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 80c87be..4e0e56d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "dependabot-pull-request-action", - "version": "2.4.0", + "version": "2.5.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "dependabot-pull-request-action", - "version": "2.4.0", + "version": "2.5.0", "license": "MIT", "dependencies": { "@actions/core": "^1.10.0", diff --git a/package.json b/package.json index c96c6cd..268d248 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "dependabot-pull-request-action", - "version": "2.4.0", + "version": "2.5.0", "description": "Parse Dependabot commit metadata to automate PR handling", "main": "dist/index.js", "scripts": {