Merge branch 'stdlib-js:develop' into fix/cosd

Author: anandkaranubc

.github/workflows/check_commit_metadata.yml

@@ -0,0 +1,78 @@
+#/
+# @license Apache-2.0
+#
+# Copyright (c) 2025 The Stdlib Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#/
+
+# Workflow name:
+name: check_commit_metadata
+
+# Workflow triggers:
+on:
+  # Trigger on pull request events:
+  pull_request_target:
+    types:
+      - opened
+
+# Global permissions:
+permissions:
+  # Allow read-only access to the repository contents:
+  contents: read
+
+# Workflow jobs:
+jobs:
+
+  # Define a job for checking the commit metadata for whether local development is properly setup...
+  check_commit_metadata:
+
+    # Define a display name:
+    name: 'Check Commit Metadata'
+
+    # Define the type of virtual host machine:
+    runs-on: ubuntu-latest
+
+    # Skip this job for PRs opened by automated bot accounts:
+    if: github.event.pull_request.user.login != 'stdlib-bot' && github.event.pull_request.user.login != 'dependabot[bot]'
+
+    # Define the sequence of job steps...
+    steps:
+      # Checkout the repository:
+      - name: 'Checkout repository'
+        # Pin action to full length commit SHA
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          # Specify whether to remove untracked files before checking out the repository:
+          clean: true
+
+          # Limit clone depth to the most recent commit:
+          fetch-depth: 1
+
+          # Specify whether to download Git-LFS files:
+          lfs: false
+        timeout-minutes: 10
+
+      # Extract commit metadata from commit messages as JSON:
+      - name: 'Extract commit metadata'
+        id: extract-metadata
+        uses: stdlib-js/metadata-action@v2
+
+      # Check commit metadata:
+      - name: 'Check commit metadata'
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          COMMIT_METADATA: ${{ steps.extract-metadata.outputs.metadata }}
+          GITHUB_TOKEN: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }}
+        run: |
+          . "$GITHUB_WORKSPACE/.github/workflows/scripts/check_commit_metadata" $PR_NUMBER $COMMIT_METADATA

.github/workflows/check_licenses.yml

@@ -128,7 +128,7 @@ jobs:
       # Upload the log file:
       - name: 'Upload log file'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           # Define a name for the uploaded artifact:

.github/workflows/label_good_first_prs.yml

@@ -0,0 +1,99 @@
+#/
+# @license Apache-2.0
+#
+# Copyright (c) 2025 The Stdlib Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#/
+
+# Workflow name:
+name: label_good_first_prs
+
+# Workflow triggers:
+on:
+  pull_request_target:
+    types:
+      - opened
+      - closed
+      - synchronize
+      - reopened
+      - edited
+
+# Workflow jobs:
+jobs:
+
+  # Define a job which automatically labels pull requests based on whether they reference good first issues
+  labeler:
+
+    # Define job name:
+    name: 'Label PRs for issues with label "Good First Issue" as "Good First PR"s'
+
+    # Only run this job if the pull request did not have label `automated-pr`:
+    if: contains(github.event.pull_request.labels.*.name, 'automated-pr') == false
+
+    # Define job permissions:
+    permissions:
+      contents: read
+      pull-requests: write
+
+    # Define the type of virtual host machine:
+    runs-on: ubuntu-latest
+
+    # Define the sequence of job steps:
+    steps:
+      # Checkout the repository:
+      - name: 'Checkout repository'
+        # Pin action to full length commit SHA
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          # Specify whether to remove untracked files before checking out the repository:
+          clean: true
+
+          # Limit clone depth to the most recent commit:
+          fetch-depth: 1
+
+          # Specify whether to download Git-LFS files:
+          lfs: false
+        timeout-minutes: 10
+
+      # Check whether any of the referenced issues is a "Good First Issue":
+      - name: 'Check whether any of the referenced issues is a "Good First Issue"'
+        id: 'check-pr'
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          bool=$(. "$GITHUB_WORKSPACE/.github/workflows/scripts/references_good_first_issue" $PR_NUMBER)
+          echo "good-first-pr=$bool" >> $GITHUB_OUTPUT
+
+      # Add "Good First PR" label if PR references a "Good First Issue"
+      - name: 'Add "Good First PR" label if PR references a "Good First Issue"'
+        if: ${{ steps.check-pr.outputs.good-first-pr == 'true' }}
+        # Pin action to full-length commit SHA
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ secrets.STDLIB_BOT_PAT_REPO_WRITE }}
+          script: |
+            const { data: pr } = await github.rest.pulls.get({
+              'owner': context.repo.owner,
+              'repo': context.repo.repo,
+              'pull_number': context.payload.pull_request.number
+            });
+            const labels = context.payload.pull_request.labels.map( label => label.name );
+            if ( !labels.includes( 'Good First PR' ) ) {
+              await github.rest.issues.addLabels({
+                'owner': context.repo.owner,
+                'repo': context.repo.repo,
+                'issue_number': context.payload.pull_request.number,
+                'labels': [ 'Good First PR' ]
+              });
+            }

.github/workflows/lint_changed_files.yml

@@ -75,7 +75,7 @@ jobs:
       # Cache dependencies:
       - name: 'Cache dependencies'
         # Pin action to full length commit SHA
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         id: cache
         with:
           path: |
@@ -264,7 +264,7 @@ jobs:
       - name: 'Setup R'
         if: ( success() || failure() ) && steps.check-r-files.outputs.files != ''
         # Pin action to full length commit SHA
-        uses: r-lib/actions/setup-r@473c68190595b311a74f208fba61a8d8c0d4c247 # v2.11.1
+        uses: r-lib/actions/setup-r@14a7e741c1cb130261263aa1593718ba42cf443b # v2.11.2
         with:
           r-version: '3.5.3'
 

.github/workflows/lint_random_files.yml

@@ -411,7 +411,7 @@ jobs:
       - name: 'Setup R'
         if: ( github.event.inputs.r != 'false' ) && ( success() || failure() )
         # Pin action to full length commit SHA
-        uses: r-lib/actions/setup-r@473c68190595b311a74f208fba61a8d8c0d4c247 # v2.11.1
+        uses: r-lib/actions/setup-r@14a7e741c1cb130261263aa1593718ba42cf443b # v2.11.2
         with:
           r-version: '4.3.3'
 

.github/workflows/linux_benchmark.yml

@@ -251,7 +251,7 @@ jobs:
       # Upload the log file:
       - name: 'Upload log file'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           # Define a name for the uploaded artifact (ensuring a unique name for each job):

.github/workflows/linux_examples.yml

@@ -251,7 +251,7 @@ jobs:
       # Upload the log file:
       - name: 'Upload log file'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           # Define a name for the uploaded artifact (ensuring a unique name for each job):

.github/workflows/linux_test.yml

@@ -250,7 +250,7 @@ jobs:
       # Upload the log file:
       - name: 'Upload log file'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           # Define a name for the uploaded artifact (ensuring a unique name for each job):

.github/workflows/linux_test_cov.yml

@@ -251,7 +251,7 @@ jobs:
       # Upload the log file:
       - name: 'Upload log file'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           # Define a name for the uploaded artifact (ensuring a unique name for each job):

.github/workflows/linux_test_install.yml

@@ -274,7 +274,7 @@ jobs:
       # Upload the log file:
       - name: 'Upload log file'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           # Define a name for the uploaded artifact (ensuring a unique name for each job):

.github/workflows/macos_benchmark.yml

@@ -237,7 +237,7 @@ jobs:
       # Upload the log file:
       - name: 'Upload log file'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           # Define a name for the uploaded artifact (ensuring a unique name for each job):

.github/workflows/macos_test.yml

@@ -236,7 +236,7 @@ jobs:
       # Upload the log file:
       - name: 'Upload log file'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           # Define a name for the uploaded artifact (ensuring a unique name for each job):

.github/workflows/macos_test_cov.yml

@@ -237,7 +237,7 @@ jobs:
       # Upload the log file:
       - name: 'Upload log file'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           # Define a name for the uploaded artifact (ensuring a unique name for each job):

.github/workflows/macos_test_npm_install.yml

@@ -233,7 +233,7 @@ jobs:
       # Upload the log file:
       - name: 'Upload log file'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           # Define a name for the uploaded artifact (ensuring a unique name for each job):

.github/workflows/markdown_links.yml

@@ -164,7 +164,7 @@ jobs:
       # Upload the log files:
       - name: 'Upload log files'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           # Define a name for the uploaded artifact:

.github/workflows/markdown_src_attributes.yml

@@ -119,7 +119,7 @@ jobs:
       # Upload the log files:
       - name: 'Upload log files'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           # Define a name for the uploaded artifact:

.github/workflows/npm_downloads.yml

@@ -88,7 +88,7 @@ jobs:
       # Upload the download data:
       - name: 'Upload data'
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           # Define a name for the uploaded artifact (ensuring a unique name for each job):
           name: npm_downloads

.github/workflows/ossf_scorecard.yml

@@ -69,7 +69,7 @@ jobs:
 
       - name: "Run analysis"
         # Pin action to full length commit SHA
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -87,7 +87,7 @@ jobs:
       # Upload the results as artifacts:
       - name: "Upload artifact"
         # Pin action to full length commit SHA
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: SARIF file
           path: results.sarif

.github/workflows/run_affected_benchmarks.yml

@@ -89,7 +89,7 @@ jobs:
       # Cache dependencies:
       - name: 'Cache dependencies'
         # Pin action to full length commit SHA
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         id: cache
         with:
           path: |

.github/workflows/run_affected_examples.yml

@@ -85,7 +85,7 @@ jobs:
       # Cache dependencies:
       - name: 'Cache dependencies'
         # Pin action to full length commit SHA
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         id: cache
         with:
           path: |

.github/workflows/run_affected_tests.yml

@@ -120,7 +120,7 @@ jobs:
       # Cache dependencies:
       - name: 'Cache dependencies'
         # Pin action to full length commit SHA
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         id: cache
         with:
           path: |

.github/workflows/run_tests_coverage.yml

@@ -123,7 +123,7 @@ jobs:
       # Cache dependencies:
       - name: 'Cache dependencies'
         # Pin action to full length commit SHA
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         id: cache
         with:
           path: |