From 22949e40e58ba61064067512543d8a8597c55c3c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 11:05:54 +0000 Subject: [PATCH 1/3] build(deps): bump @actions/core from 1.11.0 to 1.11.1 Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.11.0 to 1.11.1. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core) --- updated-dependencies: - dependency-name: "@actions/core" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 687d4b33..e808310a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7,7 +7,7 @@ "name": "setup-task", "license": "GPL-3.0", "dependencies": { - "@actions/core": "^1.11.0", + "@actions/core": "^1.11.1", "@actions/tool-cache": "^2.0.1", "semver": "^7.6.3", "typed-rest-client": "^2.1.0" @@ -52,9 +52,9 @@ } }, "node_modules/@actions/core": { - "version": "1.11.0", - "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.0.tgz", - "integrity": "sha512-I21jQUzEjbZolw3jFZ/0iHGCb+rePCww9MaA0SbVFae4FpBTQWP1GIvr/m5Y6GVaxrDz7p3RhBtpBzwkA3rPSA==", + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz", + "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==", "dependencies": { "@actions/exec": "^1.1.1", "@actions/http-client": "^2.0.1" @@ -10002,9 +10002,9 @@ "dev": true }, "@actions/core": { - "version": "1.11.0", - "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.0.tgz", - "integrity": "sha512-I21jQUzEjbZolw3jFZ/0iHGCb+rePCww9MaA0SbVFae4FpBTQWP1GIvr/m5Y6GVaxrDz7p3RhBtpBzwkA3rPSA==", + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz", + "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==", "requires": { "@actions/exec": "^1.1.1", "@actions/http-client": "^2.0.1" diff --git a/package.json b/package.json index 0d68beaf..847cc80f 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "author": "Arduino", "license": "GPL-3.0", "dependencies": { - "@actions/core": "^1.11.0", + "@actions/core": "^1.11.1", "@actions/tool-cache": "^2.0.1", "semver": "^7.6.3", "typed-rest-client": "^2.1.0" From 0fc73288ca7015eb346b3ad03c4f277edf9b2356 Mon Sep 17 00:00:00 2001 From: per1234 Date: Mon, 7 Oct 2024 09:19:02 -0700 Subject: [PATCH 2/3] Repackage action following `@actions/core` bump GitHub downloads each action run in a workflow during runtime and executes it as a complete package of code before you can use workflow commands like run to interact with the runner machine. This means that we must provide all JavaScript package dependencies as part of the distributed action in order for it to be usable in workflows. A naive approach to doing this is checking in the `node_modules` folder. However, this approach results in a huge amount of frequently changing external content being included in the repository, much of which is not even part of the executed program. A far better approach is to use the excellent ncc tool to compile the program, including all the relevant code from the dependencies, into a single file. We use a "continuous packaging" approach, where the packaged action code that is generated via ncc is always kept in sync with the development source code and dependencies. This allows a beta version of the action to be easily used in workflows by beta testers or those who need changes not in the release simply by using the name of the branch as the action ref (e.g., `uses: arduino/arduino-lint-action@main` will cause the version of the action from the tip of the `main` branch to be used by the workflow run). The update of the package dependency results in a change to the packaged code, so the packaging is here updated accordingly. --- dist/index.js | 1 + 1 file changed, 1 insertion(+) diff --git a/dist/index.js b/dist/index.js index 044726bd..e339c75d 100644 --- a/dist/index.js +++ b/dist/index.js @@ -773,6 +773,7 @@ Object.defineProperty(exports, "__esModule", ({ value: true })); exports.prepareKeyValueMessage = exports.issueFileCommand = void 0; // We use any as a valid input type /* eslint-disable @typescript-eslint/no-explicit-any */ +const crypto = __importStar(__nccwpck_require__(6982)); const fs = __importStar(__nccwpck_require__(9896)); const os = __importStar(__nccwpck_require__(857)); const utils_1 = __nccwpck_require__(302); From e4cc67a668fffcccb5cf6be1866bb3feef9af286 Mon Sep 17 00:00:00 2001 From: per1234 Date: Mon, 7 Oct 2024 09:19:55 -0700 Subject: [PATCH 3/3] Update dependency license metadata cache for `@actions/core` bump --- .licenses/npm/@actions/core.dep.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.licenses/npm/@actions/core.dep.yml b/.licenses/npm/@actions/core.dep.yml index 9313832a..09e099f7 100644 --- a/.licenses/npm/@actions/core.dep.yml +++ b/.licenses/npm/@actions/core.dep.yml @@ -1,6 +1,6 @@ --- name: "@actions/core" -version: 1.11.0 +version: 1.11.1 type: npm summary: Actions core lib homepage: https://github.com/actions/toolkit/tree/main/packages/core