Merge pull request #2176 from actions/prepare-exec-2.0.0-release

Prepare @actions/exec 2.0.0 release

.github/dependabot.yml

@@ -0,0 +1,27 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/packages/artifact"
+    schedule:
+      interval: "daily"
+    groups:
+      # Group minor and patch updates together but keep major separate
+      artifact-minor-patch:
+        update-types:
+          - "minor"
+          - "patch"
+  - package-ecosystem: "npm"
+    directory: "/packages/cache"
+    schedule:
+      interval: "daily"
+    groups:
+      # Group minor and patch updates together but keep major separate
+      cache-minor-patch:
+        update-types:
+          - "minor"
+          - "patch"

.github/workflows/artifact-tests.yml

@@ -22,12 +22,12 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
-    - name: Set Node.js 20.x
-      uses: actions/setup-node@v4
+    - name: Set Node.js 24.x
+      uses: actions/setup-node@v5
       with:
-        node-version: 20.x
+        node-version: 24.x
 
     # Need root node_modules because certain npm packages like jest are configured for the entire repository and it won't be possible
     # without these to just compile the artifacts package
@@ -47,7 +47,7 @@ jobs:
         echo -n 'hello from file 2' > artifact-path/second.txt
 
     - name: Upload Artifacts
-      uses: actions/github-script@v7
+      uses: actions/github-script@v8
       with:
         script: |
           const {default: artifact} = require('./packages/artifact/lib/artifact')
@@ -77,12 +77,12 @@ jobs:
     needs: [upload]
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
-    - name: Set Node.js 20.x
-      uses: actions/setup-node@v4
+    - name: Set Node.js 24.x
+      uses: actions/setup-node@v5
       with:
-        node-version: 20.x
+        node-version: 24.x
 
     # Need root node_modules because certain npm packages like jest are configured for the entire repository and it won't be possible
     # without these to just compile the artifacts package
@@ -96,7 +96,7 @@ jobs:
       working-directory: packages/artifact
 
     - name: List and Download Artifacts
-      uses: actions/github-script@v7
+      uses: actions/github-script@v8
       with:
         script: |
           const {default: artifactClient} = require('./packages/artifact/lib/artifact')
@@ -165,7 +165,7 @@ jobs:
             }
           }
     - name: Delete Artifacts
-      uses: actions/github-script@v7
+      uses: actions/github-script@v8
       with:
         script: |
           const {default: artifactClient} = require('./packages/artifact/lib/artifact')

.github/workflows/audit.yml

@@ -18,12 +18,12 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
-    - name: Set Node.js 20.x
-      uses: actions/setup-node@v4
+    - name: Set Node.js 24.x
+      uses: actions/setup-node@v5
       with:
-        node-version: 20.x
+        node-version: 24.x
 
     - name: npm install
       run: npm install

.github/workflows/cache-tests.yml

@@ -22,12 +22,12 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
-    - name: Set Node.js 20.x
-      uses: actions/setup-node@v4
+    - name: Set Node.js 24.x
+      uses: actions/setup-node@v5
       with:
-        node-version: 20.x
+        node-version: 24.x
 
     # In order to save & restore cache from a shell script, certain env variables need to be set that are only available in the
     # node context. This runs a local action that gets and sets the necessary env variables that are needed
@@ -39,9 +39,11 @@ jobs:
     - name: Install root npm packages
       run: npm ci
 
+    # We need to install only runtime dependencies (omit dev dependencies) to verify that what we're shipping is all
+    # that is needed
     - name: Compile cache package
       run: |
-        npm ci
+        npm ci --omit=dev
         npm run tsc
       working-directory: packages/cache
     

.github/workflows/cache-windows-test.yml

@@ -17,16 +17,16 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v5
 
     - shell: bash
       run: |
         rm "C:\Program Files\Git\usr\bin\tar.exe"
 
-    - name: Set Node.js 20.x
-      uses: actions/setup-node@v1
+    - name: Set Node.js 24.x
+      uses: actions/setup-node@v5
       with:
-        node-version: 20.x
+        node-version: 24.x
 
     # In order to save & restore cache from a shell script, certain env variables need to be set that are only available in the
     # node context. This runs a local action that gets and sets the necessary env variables that are needed

.github/workflows/codeql.yml

@@ -20,7 +20,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/releases.yml

@@ -28,15 +28,15 @@ jobs:
 
     steps:
       - name: setup repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: verify package exists
         run: ls packages/${{ github.event.inputs.package }}
 
-      - name: Set Node.js 20.x
-        uses: actions/setup-node@v4
+      - name: Set Node.js 24.x
+        uses: actions/setup-node@v5
         with:
-          node-version: 20.x
+          node-version: 24.x
 
       - name: npm install
         run: npm install

.github/workflows/unit-tests.yml

@@ -18,19 +18,19 @@ jobs:
       matrix:
         runs-on: [ubuntu-latest, macos-latest-large, windows-latest]
 
-        # Node 18 is the current default Node version in hosted runners, so users may still use the toolkit with it when running tests (see https://github.com/actions/toolkit/issues/1841)
-        # Node 20 is the currently support Node version for actions - https://docs.github.com/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions#runsusing-for-javascript-actions
-        node-version: [18.x, 20.x]
+        # Node 20 is the currently supported stable Node version for actions - https://docs.github.com/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions#runsusing-for-javascript-actions
+        # Node 24 is the new version being added with support in actions runners
+        node-version: [20.x, 24.x]
       fail-fast: false
 
     runs-on: ${{ matrix.runs-on }}
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     - name: Set up Node ${{ matrix.node-version }}
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@v5
       with:
         node-version: ${{ matrix.node-version }}
 

.github/workflows/update-github.yaml

@@ -9,7 +9,7 @@ jobs:
     if: ${{ github.repository_owner == 'actions' }}
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Update Octokit
       working-directory: packages/github 
       run: |

README.md

@@ -227,9 +227,23 @@ console.log(`We can even get context data, like the repo: ${context.repo.repo}`)
 ```
 <br/>
 
-## Contributing
+## Note
 
-We welcome contributions.  See [how to contribute](.github/CONTRIBUTING.md).
+Thank you for your interest in this GitHub repo, however, right now we are not taking contributions. 
+
+We continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time. The GitHub public roadmap is the best place to follow along for any updates on features we’re working on and what stage they’re in.
+
+We are taking the following steps to better direct requests related to GitHub Actions, including:
+
+1. We will be directing questions and support requests to our [Community Discussions area](https://github.com/orgs/community/discussions/categories/actions)
+
+2. High Priority bugs can be reported through Community Discussions or you can report these to our support team https://support.github.com/contact/bug-report.
+
+3. Security Issues should be handled as per our [security.md](SECURITY.md).
+
+We will still provide security updates for this project and fix major breaking changes during this time.
+
+You are welcome to still raise bugs in this repo.
 
 ## Code of Conduct
 

docs/action-types.md

@@ -32,7 +32,7 @@ jobs:
         os: [ubuntu-16.04, windows-2019]
     runs-on: ${{matrix.os}}
     actions:
-    - uses: actions/setup-node@v4
+    - uses: actions/setup-node@v5
       with:
         version: ${{matrix.node}}
     - run: | 

docs/container-action.md

@@ -18,7 +18,7 @@ e.g. To use https://github.com/actions/setup-node, users will author:
 
 ```yaml
 steps:
-    using: actions/setup-node@v4
+    using: actions/setup-node@v5
 ```
 
 # Define Metadata

package.json

@@ -1,6 +1,6 @@
 {
   "name": "root",
-  "private": true,
+  "private": true, 
   "scripts": {
     "audit-all": "lerna run audit-moderate",
     "bootstrap": "lerna exec -- npm install",
@@ -17,7 +17,7 @@
   },
   "devDependencies": {
     "@types/jest": "^29.5.4",
-    "@types/node": "^20.5.7",
+    "@types/node": "^24.1.0",
     "@types/signale": "^1.4.1",
     "concurrently": "^6.1.0",
     "eslint": "^8.0.1",
@@ -32,5 +32,19 @@
     "prettier": "^3.0.0",
     "ts-jest": "^29.1.1",
     "typescript": "^5.2.2"
+  },
+  "overrides": {
+    "semver": "^7.6.0",
+    "tar": "^6.2.1",
+    "@octokit/plugin-paginate-rest": "^9.2.2",
+    "@octokit/request": "^8.4.1",
+    "@octokit/request-error": "^5.1.1",
+    "@octokit/core": "^5.0.3",
+    "tmp": "^0.2.4",
+    "@types/node": "^24.1.0",
+    "brace-expansion": "^2.0.2",
+    "form-data": "^4.0.4",
+    "uri-js": "npm:uri-js-replace@^1.0.1",
+    "node-fetch": "^3.3.2"
   }
 }

packages/artifact/RELEASES.md

@@ -1,5 +1,12 @@
 # @actions/artifact Releases
 
+### 4.0.0
+
+- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
+- Fix: artifact pagination bugs and configurable artifact count limits [#2165](https://github.com/actions/toolkit/pull/2165)
+- Fix: reject the promise on timeout [#2124](https://github.com/actions/toolkit/pull/2124)
+- Update dependency versions
+
 ### 2.3.3
 
 - Dependency updates [#2049](https://github.com/actions/toolkit/pull/2049)

packages/artifact/__tests__/config.test.ts

@@ -1,10 +1,14 @@
 import * as config from '../src/internal/shared/config'
 import os from 'os'
 
-// Mock the 'os' module
-jest.mock('os', () => ({
-  cpus: jest.fn()
-}))
+// Mock the `cpus()` function in the `os` module
+jest.mock('os', () => {
+  const osActual = jest.requireActual('os')
+  return {
+    ...osActual,
+    cpus: jest.fn()
+  }
+})
 
 beforeEach(() => {
   jest.resetModules()
@@ -101,3 +105,45 @@ describe('uploadConcurrencyEnv', () => {
     }).toThrow()
   })
 })
+
+describe('getMaxArtifactListCount', () => {
+  beforeEach(() => {
+    delete process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT
+  })
+
+  it('should return default 1000 when no env set', () => {
+    expect(config.getMaxArtifactListCount()).toBe(1000)
+  })
+
+  it('should return value set in ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT', () => {
+    process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT = '2000'
+    expect(config.getMaxArtifactListCount()).toBe(2000)
+  })
+
+  it('should throw if value set in ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT is invalid', () => {
+    process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT = 'abc'
+    expect(() => {
+      config.getMaxArtifactListCount()
+    }).toThrow(
+      'Invalid value set for ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT env variable'
+    )
+  })
+
+  it('should throw if ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT is < 1', () => {
+    process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT = '0'
+    expect(() => {
+      config.getMaxArtifactListCount()
+    }).toThrow(
+      'Invalid value set for ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT env variable'
+    )
+  })
+
+  it('should throw if ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT is negative', () => {
+    process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT = '-100'
+    expect(() => {
+      config.getMaxArtifactListCount()
+    }).toThrow(
+      'Invalid value set for ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT env variable'
+    )
+  })
+})

packages/artifact/__tests__/download-artifact.test.ts

@@ -111,6 +111,16 @@ const mockGetArtifactSuccess = jest.fn(() => {
   }
 })
 
+const mockGetArtifactHung = jest.fn(() => {
+  const message = new http.IncomingMessage(new net.Socket())
+  message.statusCode = 200
+  // Don't push any data or call push(null) to end the stream
+  // This creates a stream that hangs and never completes
+  return {
+    message
+  }
+})
+
 const mockGetArtifactFailure = jest.fn(() => {
   const message = new http.IncomingMessage(new net.Socket())
   message.statusCode = 500
@@ -611,4 +621,32 @@ describe('download-artifact', () => {
       })
     })
   })
+
+  describe('streamExtractExternal', () => {
+    it('should fail if the timeout is exceeded', async () => {
+      const mockSlowGetArtifact = jest.fn(mockGetArtifactHung)
+
+      const mockHttpClient = (HttpClient as jest.Mock).mockImplementation(
+        () => {
+          return {
+            get: mockSlowGetArtifact
+          }
+        }
+      )
+
+      try {
+        await streamExtractExternal(
+          fixtures.blobStorageUrl,
+          fixtures.workspaceDir,
+          {timeout: 2}
+        )
+        expect(true).toBe(false) // should not be called
+      } catch (e) {
+        expect(e).toBeInstanceOf(Error)
+        expect(e.message).toContain('did not respond in 2ms')
+        expect(mockHttpClient).toHaveBeenCalledWith(getUserAgentString())
+        expect(mockSlowGetArtifact).toHaveBeenCalledTimes(1)
+      }
+    })
+  })
 })

packages/artifact/__tests__/list-artifacts.test.ts

@@ -170,6 +170,126 @@ describe('list-artifact', () => {
         )
       ).rejects.toThrow('boom')
     })
+
+    it('should handle pagination correctly when fetching multiple pages', async () => {
+      const mockRequest = github.getOctokit(fixtures.token)
+        .request as MockedRequest
+
+      const manyArtifacts = Array.from({length: 150}, (_, i) => ({
+        id: i + 1,
+        name: `artifact-${i + 1}`,
+        size: 100,
+        createdAt: new Date('2023-12-01')
+      }))
+
+      mockRequest
+        .mockResolvedValueOnce({
+          status: 200,
+          headers: {},
+          url: '',
+          data: {
+            ...artifactsToListResponse(manyArtifacts.slice(0, 100)),
+            total_count: 150
+          }
+        })
+        .mockResolvedValueOnce({
+          status: 200,
+          headers: {},
+          url: '',
+          data: {
+            ...artifactsToListResponse(manyArtifacts.slice(100, 150)),
+            total_count: 150
+          }
+        })
+
+      const response = await listArtifactsPublic(
+        fixtures.runId,
+        fixtures.owner,
+        fixtures.repo,
+        fixtures.token,
+        false
+      )
+
+      // Verify that both API calls were made
+      expect(mockRequest).toHaveBeenCalledTimes(2)
+
+      // Should return all 150 artifacts across both pages
+      expect(response.artifacts).toHaveLength(150)
+
+      // Verify we got artifacts from both pages
+      expect(response.artifacts[0].name).toBe('artifact-1')
+      expect(response.artifacts[99].name).toBe('artifact-100')
+      expect(response.artifacts[100].name).toBe('artifact-101')
+      expect(response.artifacts[149].name).toBe('artifact-150')
+    })
+
+    it('should respect ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT environment variable', async () => {
+      const originalEnv = process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT
+      process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT = '150'
+
+      jest.resetModules()
+
+      try {
+        const {listArtifactsPublic: listArtifactsPublicReloaded} = await import(
+          '../src/internal/find/list-artifacts'
+        )
+        const githubReloaded = await import('@actions/github')
+
+        const mockRequest = (githubReloaded.getOctokit as jest.Mock)(
+          fixtures.token
+        ).request as MockedRequest
+
+        const manyArtifacts = Array.from({length: 200}, (_, i) => ({
+          id: i + 1,
+          name: `artifact-${i + 1}`,
+          size: 100,
+          createdAt: new Date('2023-12-01')
+        }))
+
+        mockRequest
+          .mockResolvedValueOnce({
+            status: 200,
+            headers: {},
+            url: '',
+            data: {
+              ...artifactsToListResponse(manyArtifacts.slice(0, 100)),
+              total_count: 200
+            }
+          })
+          .mockResolvedValueOnce({
+            status: 200,
+            headers: {},
+            url: '',
+            data: {
+              ...artifactsToListResponse(manyArtifacts.slice(100, 150)),
+              total_count: 200
+            }
+          })
+
+        const response = await listArtifactsPublicReloaded(
+          fixtures.runId,
+          fixtures.owner,
+          fixtures.repo,
+          fixtures.token,
+          false
+        )
+
+        // Should only return 150 artifacts due to the limit
+        expect(response.artifacts).toHaveLength(150)
+        expect(response.artifacts[0].name).toBe('artifact-1')
+        expect(response.artifacts[149].name).toBe('artifact-150')
+      } finally {
+        // Restore original environment variable
+        if (originalEnv !== undefined) {
+          process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT = originalEnv
+        } else {
+          delete process.env.ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT
+        }
+
+        // Reset modules again to restore original state
+        jest.resetModules()
+      }
+    })
   })
 
   describe('internal', () => {

packages/artifact/__tests__/upload-artifact.test.ts

@@ -108,7 +108,7 @@ describe('upload-artifact', () => {
         fixtures.files.map(file => ({
           sourcePath: path.join(fixtures.uploadDirectory, file.name),
           destinationPath: file.name,
-          stats: new fs.Stats()
+          stats: fs.statSync(path.join(fixtures.uploadDirectory, file.name))
         }))
       )
     jest.spyOn(config, 'getRuntimeToken').mockReturnValue(fixtures.runtimeToken)

packages/artifact/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@actions/artifact",
-  "version": "2.3.3",
+  "version": "4.0.0",
   "preview": true,
   "description": "Actions artifact lib",
   "keywords": [
@@ -43,6 +43,7 @@
     "@actions/core": "^1.10.0",
     "@actions/github": "^6.0.1",
     "@actions/http-client": "^2.1.0",
+    "@azure/core-http": "^3.0.5",
     "@azure/storage-blob": "^12.15.0",
     "@octokit/core": "^5.2.1",
     "@octokit/plugin-request-log": "^1.0.4",
@@ -57,8 +58,12 @@
   "devDependencies": {
     "@types/archiver": "^5.3.2",
     "@types/unzip-stream": "^0.3.4",
-    "typedoc": "^0.25.4",
+    "typedoc": "^0.28.13",
     "typedoc-plugin-markdown": "^3.17.1",
     "typescript": "^5.2.2"
+  },
+  "overrides": {
+    "uri-js": "npm:uri-js-replace@^1.0.1",
+    "node-fetch": "^3.3.2"
   }
 }

packages/artifact/src/internal/download/download-artifact.ts

@@ -64,7 +64,8 @@ async function streamExtract(
 
 export async function streamExtractExternal(
   url: string,
-  directory: string
+  directory: string,
+  opts: {timeout: number} = {timeout: 30 * 1000}
 ): Promise<StreamExtractResponse> {
   const client = new httpClient.HttpClient(getUserAgentString())
   const response = await client.get(url)
@@ -74,16 +75,17 @@ export async function streamExtractExternal(
     )
   }
 
-  const timeout = 30 * 1000 // 30 seconds
   let sha256Digest: string | undefined = undefined
 
   return new Promise((resolve, reject) => {
     const timerFn = (): void => {
-      response.message.destroy(
-        new Error(`Blob storage chunk did not respond in ${timeout}ms`)
+      const timeoutError = new Error(
+        `Blob storage chunk did not respond in ${opts.timeout}ms`
       )
+      response.message.destroy(timeoutError)
+      reject(timeoutError)
     }
-    const timer = setTimeout(timerFn, timeout)
+    const timer = setTimeout(timerFn, opts.timeout)
 
     const hashStream = crypto.createHash('sha256').setEncoding('hex')
     const passThrough = new stream.PassThrough()

packages/artifact/src/internal/find/list-artifacts.ts

@@ -9,12 +9,12 @@ import {retry} from '@octokit/plugin-retry'
 import {OctokitOptions} from '@octokit/core/dist-types/types'
 import {internalArtifactTwirpClient} from '../shared/artifact-twirp-client'
 import {getBackendIdsFromToken} from '../shared/util'
+import {getMaxArtifactListCount} from '../shared/config'
 import {ListArtifactsRequest, Timestamp} from '../../generated'
 
-// Limiting to 1000 for perf reasons
-const maximumArtifactCount = 1000
+const maximumArtifactCount = getMaxArtifactListCount()
 const paginationCount = 100
-const maxNumberOfPages = maximumArtifactCount / paginationCount
+const maxNumberOfPages = Math.ceil(maximumArtifactCount / paginationCount)
 
 export async function listArtifactsPublic(
   workflowRunId: number,
@@ -59,7 +59,7 @@ export async function listArtifactsPublic(
   const totalArtifactCount = listArtifactResponse.total_count
   if (totalArtifactCount > maximumArtifactCount) {
     warning(
-      `Workflow run ${workflowRunId} has more than 1000 artifacts. Results will be incomplete as only the first ${maximumArtifactCount} artifacts will be returned`
+      `Workflow run ${workflowRunId} has ${totalArtifactCount} artifacts, exceeding the limit of ${maximumArtifactCount}. Results will be incomplete as only the first ${maximumArtifactCount} artifacts will be returned`
     )
     numberOfPages = maxNumberOfPages
   }
@@ -81,7 +81,7 @@ export async function listArtifactsPublic(
   // Iterate over any remaining pages
   for (
     currentPageNumber;
-    currentPageNumber < numberOfPages;
+    currentPageNumber <= numberOfPages;
     currentPageNumber++
   ) {
     debug(`Fetching page ${currentPageNumber} of artifact list`)

packages/artifact/src/internal/shared/config.ts

@@ -97,3 +97,19 @@ export function getUploadChunkTimeout(): number {
 
   return timeout
 }
+
+// This value can be changed with ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT variable.
+// Defaults to 1000 as a safeguard for rate limiting.
+export function getMaxArtifactListCount(): number {
+  const maxCountVar =
+    process.env['ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT'] || '1000'
+
+  const maxCount = parseInt(maxCountVar)
+  if (isNaN(maxCount) || maxCount < 1) {
+    throw new Error(
+      'Invalid value set for ACTIONS_ARTIFACT_MAX_ARTIFACT_COUNT env variable'
+    )
+  }
+
+  return maxCount
+}

packages/artifact/src/internal/upload/blob-upload.ts

@@ -1,5 +1,5 @@
 import {BlobClient, BlockBlobUploadStreamOptions} from '@azure/storage-blob'
-import {TransferProgressEvent} from '@azure/core-http'
+import {TransferProgressEvent} from '@azure/core-http-compat'
 import {ZipUploadStream} from './zip'
 import {
   getUploadChunkSize,

packages/attest/RELEASES.md

@@ -1,5 +1,12 @@
 # @actions/attest Releases
 
+### 2.0.0
+
+- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
+- Bump @sigstore/bundle from 3.0.0 to 3.1.0
+- Bump @sigstore/sign from 3.0.0 to 3.1.0
+- Bump jose from 5.2.3 to 5.10.0
+
 ### 1.6.0
 
 - Update `buildSLSAProvenancePredicate` to populate `workflow.ref` field from the `ref` claim in the OIDC token [#1969](https://github.com/actions/toolkit/pull/1969)

packages/attest/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@actions/attest",
-  "version": "1.6.0",
+  "version": "2.0.0",
   "description": "Actions attestation lib",
   "keywords": [
     "github",
@@ -35,24 +35,24 @@
     "url": "https://github.com/actions/toolkit/issues"
   },
   "devDependencies": {
-    "@sigstore/mock": "^0.8.0",
+    "@sigstore/mock": "^0.10.0",
     "@sigstore/rekor-types": "^3.0.0",
     "@types/jsonwebtoken": "^9.0.6",
     "nock": "^13.5.1",
-    "undici": "^5.28.5"
+    "undici": "^6.20.0"
   },
   "dependencies": {
     "@actions/core": "^1.11.1",
     "@actions/github": "^6.0.0",
     "@actions/http-client": "^2.2.3",
     "@octokit/plugin-retry": "^6.0.1",
-    "@sigstore/bundle": "^3.0.0",
-    "@sigstore/sign": "^3.0.0",
-    "jose": "^5.2.3"
+    "@sigstore/bundle": "^3.1.0",
+    "@sigstore/sign": "^3.1.0",
+    "jose": "^5.10.0"
   },
   "overrides": {
     "@octokit/plugin-retry": {
       "@octokit/core": "^5.2.0"
     }
   }
-}
+}

packages/attest/src/store.ts

@@ -29,7 +29,11 @@ export const writeAttestation = async (
       owner: github.context.repo.owner,
       repo: github.context.repo.repo,
       headers: options.headers,
-      data: {bundle: attestation}
+      bundle: attestation as {
+        mediaType?: string
+        verificationMaterial?: {[key: string]: unknown}
+        dsseEnvelope?: {[key: string]: unknown}
+      }
     })
 
     const data =

packages/cache/RELEASES.md

@@ -1,5 +1,22 @@
 # @actions/cache Releases
 
+### 4.1.0
+
+- Remove client side 10GiB cache size limit check & update twirp client [#2118](https://github.com/actions/toolkit/pull/2118)
+
+### 4.0.5
+
+- Reintroduce @protobuf-ts/runtime-rpc as a runtime dependency [#2113](https://github.com/actions/toolkit/pull/2113)
+
+### 4.0.4
+
+⚠️ Faulty patch release. Upgrade to 4.0.5 instead.
+
+- Optimized cache dependencies by moving `@protobuf-ts/plugin` to dev dependencies [#2106](https://github.com/actions/toolkit/pull/2106)
+- Improved cache service availability determination for different cache service versions (v1 and v2) [#2100](https://github.com/actions/toolkit/pull/2100)
+- Enhanced server error handling: 5xx HTTP errors are now logged as errors instead of warnings [#2099](https://github.com/actions/toolkit/pull/2099)
+- Fixed cache hit logging to properly distinguish between exact key matches and restore key matches [#2101](https://github.com/actions/toolkit/pull/2101)
+
 ### 4.0.3
 
 - Added masking for Shared Access Signature (SAS) cache entry URLs [#1982](https://github.com/actions/toolkit/pull/1982)

packages/cache/__tests__/cache.test.ts

@@ -1,14 +1,69 @@
 import * as cache from '../src/cache'
 
-test('isFeatureAvailable returns true if server url is set', () => {
-  try {
+describe('isFeatureAvailable', () => {
+  const originalEnv = process.env
+
+  beforeEach(() => {
+    jest.resetModules()
+    process.env = {...originalEnv}
+    // Clean cache-related environment variables
+    delete process.env['ACTIONS_CACHE_URL']
+    delete process.env['ACTIONS_RESULTS_URL']
+    delete process.env['ACTIONS_CACHE_SERVICE_V2']
+    delete process.env['GITHUB_SERVER_URL']
+  })
+
+  afterAll(() => {
+    process.env = originalEnv
+  })
+
+  test('returns true for cache service v1 when ACTIONS_CACHE_URL is set', () => {
     process.env['ACTIONS_CACHE_URL'] = 'http://cache.com'
     expect(cache.isFeatureAvailable()).toBe(true)
-  } finally {
-    delete process.env['ACTIONS_CACHE_URL']
-  }
-})
+  })
 
-test('isFeatureAvailable returns false if server url is not set', () => {
-  expect(cache.isFeatureAvailable()).toBe(false)
+  test('returns false for cache service v1 when only ACTIONS_RESULTS_URL is set', () => {
+    process.env['ACTIONS_RESULTS_URL'] = 'http://results.com'
+    expect(cache.isFeatureAvailable()).toBe(false)
+  })
+
+  test('returns true for cache service v1 when both URLs are set', () => {
+    process.env['ACTIONS_CACHE_URL'] = 'http://cache.com'
+    process.env['ACTIONS_RESULTS_URL'] = 'http://results.com'
+    expect(cache.isFeatureAvailable()).toBe(true)
+  })
+
+  test('returns true for cache service v2 when ACTIONS_RESULTS_URL is set', () => {
+    process.env['ACTIONS_CACHE_SERVICE_V2'] = 'true'
+    process.env['ACTIONS_RESULTS_URL'] = 'http://results.com'
+    expect(cache.isFeatureAvailable()).toBe(true)
+  })
+
+  test('returns false for cache service v2 when only ACTIONS_CACHE_URL is set', () => {
+    process.env['ACTIONS_CACHE_SERVICE_V2'] = 'true'
+    process.env['ACTIONS_CACHE_URL'] = 'http://cache.com'
+    expect(cache.isFeatureAvailable()).toBe(false)
+  })
+
+  test('returns false when no cache URLs are set', () => {
+    expect(cache.isFeatureAvailable()).toBe(false)
+  })
+
+  test('returns false for cache service v2 when no URLs are set', () => {
+    process.env['ACTIONS_CACHE_SERVICE_V2'] = 'true'
+    expect(cache.isFeatureAvailable()).toBe(false)
+  })
+
+  test('returns true for GHES with v1 even when v2 flag is set', () => {
+    process.env['GITHUB_SERVER_URL'] = 'https://my-enterprise.github.com'
+    process.env['ACTIONS_CACHE_SERVICE_V2'] = 'true'
+    process.env['ACTIONS_CACHE_URL'] = 'http://cache.com'
+    expect(cache.isFeatureAvailable()).toBe(true)
+  })
+
+  test('returns false for GHES with only ACTIONS_RESULTS_URL', () => {
+    process.env['GITHUB_SERVER_URL'] = 'https://my-enterprise.github.com'
+    process.env['ACTIONS_RESULTS_URL'] = 'http://results.com'
+    expect(cache.isFeatureAvailable()).toBe(false)
+  })
 })

packages/cache/__tests__/restoreCache.test.ts

@@ -6,6 +6,8 @@ import * as cacheUtils from '../src/internal/cacheUtils'
 import {CacheFilename, CompressionMethod} from '../src/internal/constants'
 import {ArtifactCacheEntry} from '../src/internal/contracts'
 import * as tar from '../src/internal/tar'
+import {HttpClientError} from '@actions/http-client'
+import {CacheServiceClientJSON} from '../src/generated/results/api/v1/cache.twirp-client'
 
 jest.mock('../src/internal/cacheHttpClient')
 jest.mock('../src/internal/cacheUtils')
@@ -73,18 +75,28 @@ test('restore with no cache found', async () => {
 test('restore with server error should fail', async () => {
   const paths = ['node_modules']
   const key = 'node-test'
-  const logWarningMock = jest.spyOn(core, 'warning')
+  const logErrorMock = jest.spyOn(core, 'error')
 
-  jest.spyOn(cacheHttpClient, 'getCacheEntry').mockImplementation(() => {
-    throw new Error('HTTP Error Occurred')
-  })
+  // Set cache service to V2 to test error logging for server errors
+  process.env['ACTIONS_CACHE_SERVICE_V2'] = 'true'
+  process.env['ACTIONS_RESULTS_URL'] = 'https://results.local/'
+
+  jest
+    .spyOn(CacheServiceClientJSON.prototype, 'GetCacheEntryDownloadURL')
+    .mockImplementation(() => {
+      throw new HttpClientError('HTTP Error Occurred', 500)
+    })
 
   const cacheKey = await restoreCache(paths, key)
   expect(cacheKey).toBe(undefined)
-  expect(logWarningMock).toHaveBeenCalledTimes(1)
-  expect(logWarningMock).toHaveBeenCalledWith(
+  expect(logErrorMock).toHaveBeenCalledTimes(1)
+  expect(logErrorMock).toHaveBeenCalledWith(
     'Failed to restore: HTTP Error Occurred'
   )
+
+  // Clean up environment
+  delete process.env['ACTIONS_CACHE_SERVICE_V2']
+  delete process.env['ACTIONS_RESULTS_URL']
 })
 
 test('restore with restore keys and no cache found', async () => {

packages/cache/__tests__/restoreCacheV2.test.ts

@@ -8,6 +8,7 @@ import {restoreCache} from '../src/cache'
 import {CacheFilename, CompressionMethod} from '../src/internal/constants'
 import {CacheServiceClientJSON} from '../src/generated/results/api/v1/cache.twirp-client'
 import {DownloadOptions} from '../src/options'
+import {HttpClientError} from '@actions/http-client'
 
 jest.mock('../src/internal/cacheHttpClient')
 jest.mock('../src/internal/cacheUtils')
@@ -95,18 +96,18 @@ test('restore with no cache found', async () => {
 test('restore with server error should fail', async () => {
   const paths = ['node_modules']
   const key = 'node-test'
-  const logWarningMock = jest.spyOn(core, 'warning')
+  const logErrorMock = jest.spyOn(core, 'error')
 
   jest
     .spyOn(CacheServiceClientJSON.prototype, 'GetCacheEntryDownloadURL')
     .mockImplementation(() => {
-      throw new Error('HTTP Error Occurred')
+      throw new HttpClientError('HTTP Error Occurred', 500)
     })
 
   const cacheKey = await restoreCache(paths, key)
   expect(cacheKey).toBe(undefined)
-  expect(logWarningMock).toHaveBeenCalledTimes(1)
-  expect(logWarningMock).toHaveBeenCalledWith(
+  expect(logErrorMock).toHaveBeenCalledTimes(1)
+  expect(logErrorMock).toHaveBeenCalledWith(
     'Failed to restore: HTTP Error Occurred'
   )
 })
@@ -265,6 +266,7 @@ test('restore with zstd compressed cache found', async () => {
   const cacheKey = await restoreCache(paths, key, [], options)
 
   expect(cacheKey).toBe(key)
+  expect(logInfoMock).toHaveBeenCalledWith(`Cache hit for: ${key}`)
   expect(getCacheVersionMock).toHaveBeenCalledWith(
     paths,
     compressionMethod,
@@ -342,6 +344,9 @@ test('restore with cache found for restore key', async () => {
   const cacheKey = await restoreCache(paths, key, restoreKeys, options)
 
   expect(cacheKey).toBe(restoreKeys[0])
+  expect(logInfoMock).toHaveBeenCalledWith(
+    `Cache hit for restore-key: ${restoreKeys[0]}`
+  )
   expect(getCacheVersionMock).toHaveBeenCalledWith(
     paths,
     compressionMethod,

packages/cache/__tests__/saveCache.test.ts

@@ -7,11 +7,12 @@ import * as config from '../src/internal/config'
 import {CacheFilename, CompressionMethod} from '../src/internal/constants'
 import * as tar from '../src/internal/tar'
 import {TypedResponse} from '@actions/http-client/lib/interfaces'
+import {HttpClientError} from '@actions/http-client'
 import {
   ReserveCacheResponse,
   ITypedResponseWithError
 } from '../src/internal/contracts'
-import {HttpClientError} from '@actions/http-client'
+import {CacheServiceClientJSON} from '../src/generated/results/api/v1/cache.twirp-client'
 
 jest.mock('../src/internal/cacheHttpClient')
 jest.mock('../src/internal/cacheUtils')
@@ -223,46 +224,55 @@ test('save with reserve cache failure should fail', async () => {
 test('save with server error should fail', async () => {
   const filePath = 'node_modules'
   const primaryKey = 'Linux-node-bb828da54c148048dd17899ba9fda624811cfb43'
-  const cachePaths = [path.resolve(filePath)]
-  const logWarningMock = jest.spyOn(core, 'warning')
-  const cacheId = 4
-  const reserveCacheMock = jest
-    .spyOn(cacheHttpClient, 'reserveCache')
-    .mockImplementation(async () => {
-      const response: TypedResponse<ReserveCacheResponse> = {
-        statusCode: 500,
-        result: {cacheId},
-        headers: {}
-      }
-      return response
-    })
+  const logErrorMock = jest.spyOn(core, 'error')
+
+  // Mock cache service version to V2
+  const getCacheServiceVersionMock = jest
+    .spyOn(config, 'getCacheServiceVersion')
+    .mockReturnValue('v2')
+
+  // Mock V2 CreateCacheEntry to succeed
+  const createCacheEntryMock = jest
+    .spyOn(CacheServiceClientJSON.prototype, 'CreateCacheEntry')
+    .mockReturnValue(
+      Promise.resolve({
+        ok: true,
+        signedUploadUrl: 'https://blob-storage.local?signed=true',
+        message: ''
+      })
+    )
+
+  // Mock the FinalizeCacheEntryUpload to succeed (since the error should happen in saveCache)
+  jest
+    .spyOn(CacheServiceClientJSON.prototype, 'FinalizeCacheEntryUpload')
+    .mockReturnValue(
+      Promise.resolve({ok: true, entryId: '4', message: 'Success'})
+    )
 
   const createTarMock = jest.spyOn(tar, 'createTar')
 
+  // Mock the saveCache call to throw a server error
   const saveCacheMock = jest
     .spyOn(cacheHttpClient, 'saveCache')
     .mockImplementationOnce(() => {
-      throw new Error('HTTP Error Occurred')
+      throw new HttpClientError('HTTP Error Occurred', 500)
     })
+
   const compression = CompressionMethod.Zstd
   const getCompressionMock = jest
     .spyOn(cacheUtils, 'getCompressionMethod')
     .mockReturnValueOnce(Promise.resolve(compression))
 
   await saveCache([filePath], primaryKey)
-  expect(logWarningMock).toHaveBeenCalledTimes(1)
-  expect(logWarningMock).toHaveBeenCalledWith(
+
+  expect(logErrorMock).toHaveBeenCalledTimes(1)
+  expect(logErrorMock).toHaveBeenCalledWith(
     'Failed to save: HTTP Error Occurred'
   )
 
-  expect(reserveCacheMock).toHaveBeenCalledTimes(1)
-  expect(reserveCacheMock).toHaveBeenCalledWith(primaryKey, [filePath], {
-    cacheSize: undefined,
-    compressionMethod: compression,
-    enableCrossOsArchive: false
-  })
+  expect(createCacheEntryMock).toHaveBeenCalledTimes(1)
   const archiveFolder = '/foo/bar'
-  const archiveFile = path.join(archiveFolder, CacheFilename.Zstd)
+  const cachePaths = [path.resolve(filePath)]
   expect(createTarMock).toHaveBeenCalledTimes(1)
   expect(createTarMock).toHaveBeenCalledWith(
     archiveFolder,
@@ -270,13 +280,10 @@ test('save with server error should fail', async () => {
     compression
   )
   expect(saveCacheMock).toHaveBeenCalledTimes(1)
-  expect(saveCacheMock).toHaveBeenCalledWith(
-    cacheId,
-    archiveFile,
-    '',
-    undefined
-  )
   expect(getCompressionMock).toHaveBeenCalledTimes(1)
+
+  // Restore the getCacheServiceVersion mock to its original state
+  getCacheServiceVersionMock.mockRestore()
 })
 
 test('save with valid inputs uploads a cache', async () => {

packages/cache/__tests__/saveCacheV2.test.ts

@@ -59,39 +59,6 @@ test('save with missing input should fail', async () => {
   )
 })
 
-test('save with large cache outputs should fail using', async () => {
-  const paths = 'node_modules'
-  const key = 'Linux-node-bb828da54c148048dd17899ba9fda624811cfb43'
-  const cachePaths = [path.resolve(paths)]
-
-  const createTarMock = jest.spyOn(tar, 'createTar')
-  const logWarningMock = jest.spyOn(core, 'warning')
-
-  const cacheSize = 11 * 1024 * 1024 * 1024 //~11GB, over the 10GB limit
-  jest
-    .spyOn(cacheUtils, 'getArchiveFileSizeInBytes')
-    .mockReturnValueOnce(cacheSize)
-  const compression = CompressionMethod.Gzip
-  const getCompressionMock = jest
-    .spyOn(cacheUtils, 'getCompressionMethod')
-    .mockReturnValueOnce(Promise.resolve(compression))
-
-  const cacheId = await saveCache([paths], key)
-  expect(cacheId).toBe(-1)
-  expect(logWarningMock).toHaveBeenCalledWith(
-    'Failed to save: Cache size of ~11264 MB (11811160064 B) is over the 10GB limit, not saving cache.'
-  )
-
-  const archiveFolder = '/foo/bar'
-
-  expect(createTarMock).toHaveBeenCalledWith(
-    archiveFolder,
-    cachePaths,
-    compression
-  )
-  expect(getCompressionMock).toHaveBeenCalledTimes(1)
-})
-
 test('create cache entry failure on non-ok response', async () => {
   const paths = ['node_modules']
   const key = 'Linux-node-bb828da54c148048dd17899ba9fda624811cfb43'
@@ -99,7 +66,7 @@ test('create cache entry failure on non-ok response', async () => {
 
   const createCacheEntryMock = jest
     .spyOn(CacheServiceClientJSON.prototype, 'CreateCacheEntry')
-    .mockResolvedValue({ok: false, signedUploadUrl: ''})
+    .mockResolvedValue({ok: false, signedUploadUrl: '', message: ''})
 
   const createTarMock = jest.spyOn(tar, 'createTar')
   const finalizeCacheEntryMock = jest.spyOn(
@@ -182,7 +149,7 @@ test('save cache fails if a signedUploadURL was not passed', async () => {
   const createCacheEntryMock = jest
     .spyOn(CacheServiceClientJSON.prototype, 'CreateCacheEntry')
     .mockReturnValue(
-      Promise.resolve({ok: true, signedUploadUrl: signedUploadURL})
+      Promise.resolve({ok: true, signedUploadUrl: signedUploadURL, message: ''})
     )
 
   const createTarMock = jest.spyOn(tar, 'createTar')
@@ -240,7 +207,7 @@ test('finalize save cache failure', async () => {
   const createCacheEntryMock = jest
     .spyOn(CacheServiceClientJSON.prototype, 'CreateCacheEntry')
     .mockReturnValue(
-      Promise.resolve({ok: true, signedUploadUrl: signedUploadURL})
+      Promise.resolve({ok: true, signedUploadUrl: signedUploadURL, message: ''})
     )
 
   const createTarMock = jest.spyOn(tar, 'createTar')
@@ -260,7 +227,7 @@ test('finalize save cache failure', async () => {
 
   const finalizeCacheEntryMock = jest
     .spyOn(CacheServiceClientJSON.prototype, 'FinalizeCacheEntryUpload')
-    .mockReturnValue(Promise.resolve({ok: false, entryId: ''}))
+    .mockReturnValue(Promise.resolve({ok: false, entryId: '', message: ''}))
 
   const cacheId = await saveCache([paths], key, options)
 
@@ -319,7 +286,7 @@ test('save with valid inputs uploads a cache', async () => {
   jest
     .spyOn(CacheServiceClientJSON.prototype, 'CreateCacheEntry')
     .mockReturnValue(
-      Promise.resolve({ok: true, signedUploadUrl: signedUploadURL})
+      Promise.resolve({ok: true, signedUploadUrl: signedUploadURL, message: ''})
     )
 
   const saveCacheMock = jest.spyOn(cacheHttpClient, 'saveCache')
@@ -332,7 +299,9 @@ test('save with valid inputs uploads a cache', async () => {
 
   const finalizeCacheEntryMock = jest
     .spyOn(CacheServiceClientJSON.prototype, 'FinalizeCacheEntryUpload')
-    .mockReturnValue(Promise.resolve({ok: true, entryId: cacheId.toString()}))
+    .mockReturnValue(
+      Promise.resolve({ok: true, entryId: cacheId.toString(), message: ''})
+    )
 
   const expectedCacheId = await saveCache([paths], key)
 
@@ -360,6 +329,252 @@ test('save with valid inputs uploads a cache', async () => {
   expect(expectedCacheId).toBe(cacheId)
 })
 
+test('save with extremely large cache should succeed in v2 (no size limit)', async () => {
+  const paths = 'node_modules'
+  const key = 'Linux-node-bb828da54c148048dd17899ba9fda624811cfb43'
+  const cachePaths = [path.resolve(paths)]
+  const signedUploadURL = 'https://blob-storage.local?signed=true'
+  const createTarMock = jest.spyOn(tar, 'createTar')
+  // Simulate a very large cache (20GB)
+  const archiveFileSize = 20 * 1024 * 1024 * 1024 // 20GB
+  const options: UploadOptions = {
+    archiveSizeBytes: archiveFileSize,
+    useAzureSdk: true,
+    uploadChunkSize: 64 * 1024 * 1024,
+    uploadConcurrency: 8
+  }
+
+  jest
+    .spyOn(cacheUtils, 'getArchiveFileSizeInBytes')
+    .mockReturnValueOnce(archiveFileSize)
+
+  const cacheId = 4
+  jest
+    .spyOn(CacheServiceClientJSON.prototype, 'CreateCacheEntry')
+    .mockReturnValue(
+      Promise.resolve({ok: true, signedUploadUrl: signedUploadURL, message: ''})
+    )
+
+  const saveCacheMock = jest.spyOn(cacheHttpClient, 'saveCache')
+
+  const compression = CompressionMethod.Zstd
+  const getCompressionMock = jest
+    .spyOn(cacheUtils, 'getCompressionMethod')
+    .mockReturnValue(Promise.resolve(compression))
+  const cacheVersion = cacheUtils.getCacheVersion([paths], compression)
+
+  const finalizeCacheEntryMock = jest
+    .spyOn(CacheServiceClientJSON.prototype, 'FinalizeCacheEntryUpload')
+    .mockReturnValue(
+      Promise.resolve({ok: true, entryId: cacheId.toString(), message: ''})
+    )
+
+  const expectedCacheId = await saveCache([paths], key)
+
+  const archiveFolder = '/foo/bar'
+  const archiveFile = path.join(archiveFolder, CacheFilename.Zstd)
+  expect(saveCacheMock).toHaveBeenCalledWith(
+    -1,
+    archiveFile,
+    signedUploadURL,
+    options
+  )
+  expect(createTarMock).toHaveBeenCalledWith(
+    archiveFolder,
+    cachePaths,
+    compression
+  )
+
+  expect(finalizeCacheEntryMock).toHaveBeenCalledWith({
+    key,
+    version: cacheVersion,
+    sizeBytes: archiveFileSize.toString()
+  })
+
+  expect(getCompressionMock).toHaveBeenCalledTimes(1)
+  expect(expectedCacheId).toBe(cacheId)
+})
+
+test('save with create cache entry failure and specific error message', async () => {
+  const paths = ['node_modules']
+  const key = 'Linux-node-bb828da54c148048dd17899ba9fda624811cfb43'
+  const infoLogMock = jest.spyOn(core, 'info')
+  const warningLogMock = jest.spyOn(core, 'warning')
+  const errorMessage = 'Cache storage quota exceeded for repository'
+
+  const createCacheEntryMock = jest
+    .spyOn(CacheServiceClientJSON.prototype, 'CreateCacheEntry')
+    .mockResolvedValue({ok: false, signedUploadUrl: '', message: errorMessage})
+
+  const createTarMock = jest.spyOn(tar, 'createTar')
+  const compression = CompressionMethod.Zstd
+  const getCompressionMock = jest
+    .spyOn(cacheUtils, 'getCompressionMethod')
+    .mockResolvedValueOnce(compression)
+  const archiveFileSize = 1024
+  jest
+    .spyOn(cacheUtils, 'getArchiveFileSizeInBytes')
+    .mockReturnValueOnce(archiveFileSize)
+
+  const cacheId = await saveCache(paths, key)
+  expect(cacheId).toBe(-1)
+  expect(warningLogMock).toHaveBeenCalledWith(
+    `Cache reservation failed: ${errorMessage}`
+  )
+  expect(infoLogMock).toHaveBeenCalledWith(
+    `Failed to save: Unable to reserve cache with key ${key}, another job may be creating this cache.`
+  )
+
+  expect(createCacheEntryMock).toHaveBeenCalledWith({
+    key,
+    version: cacheUtils.getCacheVersion(paths, compression)
+  })
+  expect(createTarMock).toHaveBeenCalledTimes(1)
+  expect(getCompressionMock).toHaveBeenCalledTimes(1)
+})
+
+test('save with finalize cache entry failure and specific error message', async () => {
+  const paths = 'node_modules'
+  const key = 'Linux-node-bb828da54c148048dd17899ba9fda624811cfb43'
+  const cachePaths = [path.resolve(paths)]
+  const logWarningMock = jest.spyOn(core, 'warning')
+  const signedUploadURL = 'https://blob-storage.local?signed=true'
+  const archiveFileSize = 1024
+  const errorMessage =
+    'Cache entry finalization failed due to concurrent access'
+  const options: UploadOptions = {
+    archiveSizeBytes: archiveFileSize,
+    useAzureSdk: true,
+    uploadChunkSize: 64 * 1024 * 1024,
+    uploadConcurrency: 8
+  }
+
+  const createCacheEntryMock = jest
+    .spyOn(CacheServiceClientJSON.prototype, 'CreateCacheEntry')
+    .mockReturnValue(
+      Promise.resolve({ok: true, signedUploadUrl: signedUploadURL, message: ''})
+    )
+
+  const createTarMock = jest.spyOn(tar, 'createTar')
+  const saveCacheMock = jest
+    .spyOn(cacheHttpClient, 'saveCache')
+    .mockResolvedValue()
+
+  const compression = CompressionMethod.Zstd
+  const getCompressionMock = jest
+    .spyOn(cacheUtils, 'getCompressionMethod')
+    .mockReturnValueOnce(Promise.resolve(compression))
+
+  const cacheVersion = cacheUtils.getCacheVersion([paths], compression)
+  jest
+    .spyOn(cacheUtils, 'getArchiveFileSizeInBytes')
+    .mockReturnValueOnce(archiveFileSize)
+
+  const finalizeCacheEntryMock = jest
+    .spyOn(CacheServiceClientJSON.prototype, 'FinalizeCacheEntryUpload')
+    .mockReturnValue(
+      Promise.resolve({ok: false, entryId: '', message: errorMessage})
+    )
+
+  const cacheId = await saveCache([paths], key, options)
+
+  expect(createCacheEntryMock).toHaveBeenCalledWith({
+    key,
+    version: cacheVersion
+  })
+
+  const archiveFolder = '/foo/bar'
+  const archiveFile = path.join(archiveFolder, CacheFilename.Zstd)
+  expect(createTarMock).toHaveBeenCalledWith(
+    archiveFolder,
+    cachePaths,
+    compression
+  )
+
+  expect(saveCacheMock).toHaveBeenCalledWith(
+    -1,
+    archiveFile,
+    signedUploadURL,
+    options
+  )
+  expect(getCompressionMock).toHaveBeenCalledTimes(1)
+
+  expect(finalizeCacheEntryMock).toHaveBeenCalledWith({
+    key,
+    version: cacheVersion,
+    sizeBytes: archiveFileSize.toString()
+  })
+
+  expect(cacheId).toBe(-1)
+  expect(logWarningMock).toHaveBeenCalledWith(errorMessage)
+})
+
+test('save with multiple large caches should succeed in v2 (testing 50GB)', async () => {
+  const paths = ['large-dataset', 'node_modules', 'build-artifacts']
+  const key = 'Linux-node-bb828da54c148048dd17899ba9fda624811cfb43'
+  const cachePaths = paths.map(p => path.resolve(p))
+  const signedUploadURL = 'https://blob-storage.local?signed=true'
+  const createTarMock = jest.spyOn(tar, 'createTar')
+  // Simulate an extremely large cache (50GB)
+  const archiveFileSize = 50 * 1024 * 1024 * 1024 // 50GB
+  const options: UploadOptions = {
+    archiveSizeBytes: archiveFileSize,
+    useAzureSdk: true,
+    uploadChunkSize: 64 * 1024 * 1024,
+    uploadConcurrency: 8
+  }
+
+  jest
+    .spyOn(cacheUtils, 'getArchiveFileSizeInBytes')
+    .mockReturnValueOnce(archiveFileSize)
+
+  const cacheId = 7
+  jest
+    .spyOn(CacheServiceClientJSON.prototype, 'CreateCacheEntry')
+    .mockReturnValue(
+      Promise.resolve({ok: true, signedUploadUrl: signedUploadURL, message: ''})
+    )
+
+  const saveCacheMock = jest.spyOn(cacheHttpClient, 'saveCache')
+
+  const compression = CompressionMethod.Zstd
+  const getCompressionMock = jest
+    .spyOn(cacheUtils, 'getCompressionMethod')
+    .mockReturnValue(Promise.resolve(compression))
+  const cacheVersion = cacheUtils.getCacheVersion(paths, compression)
+
+  const finalizeCacheEntryMock = jest
+    .spyOn(CacheServiceClientJSON.prototype, 'FinalizeCacheEntryUpload')
+    .mockReturnValue(
+      Promise.resolve({ok: true, entryId: cacheId.toString(), message: ''})
+    )
+
+  const expectedCacheId = await saveCache(paths, key)
+
+  const archiveFolder = '/foo/bar'
+  const archiveFile = path.join(archiveFolder, CacheFilename.Zstd)
+  expect(saveCacheMock).toHaveBeenCalledWith(
+    -1,
+    archiveFile,
+    signedUploadURL,
+    options
+  )
+  expect(createTarMock).toHaveBeenCalledWith(
+    archiveFolder,
+    cachePaths,
+    compression
+  )
+
+  expect(finalizeCacheEntryMock).toHaveBeenCalledWith({
+    key,
+    version: cacheVersion,
+    sizeBytes: archiveFileSize.toString()
+  })
+
+  expect(getCompressionMock).toHaveBeenCalledTimes(1)
+  expect(expectedCacheId).toBe(cacheId)
+})
+
 test('save with non existing path should not save cache using v2 saveCache', async () => {
   const path = 'node_modules'
   const key = 'Linux-node-bb828da54c148048dd17899ba9fda624811cfb43'

packages/cache/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@actions/cache",
-  "version": "4.0.3",
+  "version": "5.0.0",
   "preview": true,
   "description": "Actions cache lib",
   "keywords": [
@@ -40,17 +40,22 @@
     "@actions/core": "^1.11.1",
     "@actions/exec": "^1.0.1",
     "@actions/glob": "^0.1.0",
+    "@protobuf-ts/runtime-rpc": "^2.11.1",
     "@actions/http-client": "^2.1.1",
     "@actions/io": "^1.0.1",
     "@azure/abort-controller": "^1.1.0",
     "@azure/ms-rest-js": "^2.6.0",
     "@azure/storage-blob": "^12.13.0",
-    "@protobuf-ts/plugin": "^2.9.4",
     "semver": "^6.3.1"
   },
   "devDependencies": {
-    "@types/node": "^22.13.9",
+    "@types/node": "^24.1.0",
     "@types/semver": "^6.0.0",
+    "@protobuf-ts/plugin": "^2.9.4",
     "typescript": "^5.2.2"
+  },
+  "overrides": {
+    "uri-js": "npm:uri-js-replace@^1.0.1",
+    "node-fetch": "^3.3.2"
   }
-}
+}

packages/cache/src/cache.ts

@@ -12,7 +12,7 @@ import {
   FinalizeCacheEntryUploadResponse,
   GetCacheEntryDownloadURLRequest
 } from './generated/results/api/v1/cache'
-import {CacheFileSizeLimit} from './internal/constants'
+import {HttpClientError} from '@actions/http-client'
 export class ValidationError extends Error {
   constructor(message: string) {
     super(message)
@@ -29,6 +29,14 @@ export class ReserveCacheError extends Error {
   }
 }
 
+export class FinalizeCacheError extends Error {
+  constructor(message: string) {
+    super(message)
+    this.name = 'FinalizeCacheError'
+    Object.setPrototypeOf(this, FinalizeCacheError.prototype)
+  }
+}
+
 function checkPaths(paths: string[]): void {
   if (!paths || paths.length === 0) {
     throw new ValidationError(
@@ -57,7 +65,18 @@ function checkKey(key: string): void {
  * @returns boolean return true if Actions cache service feature is available, otherwise false
  */
 export function isFeatureAvailable(): boolean {
-  return !!process.env['ACTIONS_CACHE_URL']
+  const cacheServiceVersion = getCacheServiceVersion()
+
+  // Check availability based on cache service version
+  switch (cacheServiceVersion) {
+    case 'v2':
+      // For v2, we need ACTIONS_RESULTS_URL
+      return !!process.env['ACTIONS_RESULTS_URL']
+    case 'v1':
+    default:
+      // For v1, we only need ACTIONS_CACHE_URL
+      return !!process.env['ACTIONS_CACHE_URL']
+  }
 }
 
 /**
@@ -186,8 +205,17 @@ async function restoreCacheV1(
     if (typedError.name === ValidationError.name) {
       throw error
     } else {
-      // Supress all non-validation cache related errors because caching should be optional
-      core.warning(`Failed to restore: ${(error as Error).message}`)
+      // warn on cache restore failure and continue build
+      // Log server errors (5xx) as errors, all other errors as warnings
+      if (
+        typedError instanceof HttpClientError &&
+        typeof typedError.statusCode === 'number' &&
+        typedError.statusCode >= 500
+      ) {
+        core.error(`Failed to restore: ${(error as Error).message}`)
+      } else {
+        core.warning(`Failed to restore: ${(error as Error).message}`)
+      }
     }
   } finally {
     // Try to delete the archive to save space
@@ -264,7 +292,12 @@ async function restoreCacheV2(
       return undefined
     }
 
-    core.info(`Cache hit for: ${request.key}`)
+    const isRestoreKeyMatch = request.key !== response.matchedKey
+    if (isRestoreKeyMatch) {
+      core.info(`Cache hit for restore-key: ${response.matchedKey}`)
+    } else {
+      core.info(`Cache hit for: ${response.matchedKey}`)
+    }
 
     if (options?.lookupOnly) {
       core.info('Lookup only - skipping download')
@@ -305,7 +338,16 @@ async function restoreCacheV2(
       throw error
     } else {
       // Supress all non-validation cache related errors because caching should be optional
-      core.warning(`Failed to restore: ${(error as Error).message}`)
+      // Log server errors (5xx) as errors, all other errors as warnings
+      if (
+        typedError instanceof HttpClientError &&
+        typeof typedError.statusCode === 'number' &&
+        typedError.statusCode >= 500
+      ) {
+        core.error(`Failed to restore: ${(error as Error).message}`)
+      } else {
+        core.warning(`Failed to restore: ${(error as Error).message}`)
+      }
     }
   } finally {
     try {
@@ -437,7 +479,16 @@ async function saveCacheV1(
     } else if (typedError.name === ReserveCacheError.name) {
       core.info(`Failed to save: ${typedError.message}`)
     } else {
-      core.warning(`Failed to save: ${typedError.message}`)
+      // Log server errors (5xx) as errors, all other errors as warnings
+      if (
+        typedError instanceof HttpClientError &&
+        typeof typedError.statusCode === 'number' &&
+        typedError.statusCode >= 500
+      ) {
+        core.error(`Failed to save: ${typedError.message}`)
+      } else {
+        core.warning(`Failed to save: ${typedError.message}`)
+      }
     }
   } finally {
     // Try to delete the archive to save space
@@ -506,15 +557,6 @@ async function saveCacheV2(
     const archiveFileSize = utils.getArchiveFileSizeInBytes(archivePath)
     core.debug(`File Size: ${archiveFileSize}`)
 
-    // For GHES, this check will take place in ReserveCache API with enterprise file size limit
-    if (archiveFileSize > CacheFileSizeLimit && !isGhes()) {
-      throw new Error(
-        `Cache size of ~${Math.round(
-          archiveFileSize / (1024 * 1024)
-        )} MB (${archiveFileSize} B) is over the 10GB limit, not saving cache.`
-      )
-    }
-
     // Set the archive size in the options, will be used to display the upload progress
     options.archiveSizeBytes = archiveFileSize
 
@@ -534,7 +576,10 @@ async function saveCacheV2(
     try {
       const response = await twirpClient.CreateCacheEntry(request)
       if (!response.ok) {
-        throw new Error('Response was not ok')
+        if (response.message) {
+          core.warning(`Cache reservation failed: ${response.message}`)
+        }
+        throw new Error(response.message || 'Response was not ok')
       }
       signedUploadUrl = response.signedUploadUrl
     } catch (error) {
@@ -563,6 +608,9 @@ async function saveCacheV2(
     core.debug(`FinalizeCacheEntryUploadResponse: ${finalizeResponse.ok}`)
 
     if (!finalizeResponse.ok) {
+      if (finalizeResponse.message) {
+        throw new FinalizeCacheError(finalizeResponse.message)
+      }
       throw new Error(
         `Unable to finalize cache with key ${key}, another job may be finalizing this cache.`
       )
@@ -575,8 +623,19 @@ async function saveCacheV2(
       throw error
     } else if (typedError.name === ReserveCacheError.name) {
       core.info(`Failed to save: ${typedError.message}`)
+    } else if (typedError.name === FinalizeCacheError.name) {
+      core.warning(typedError.message)
     } else {
-      core.warning(`Failed to save: ${typedError.message}`)
+      // Log server errors (5xx) as errors, all other errors as warnings
+      if (
+        typedError instanceof HttpClientError &&
+        typeof typedError.statusCode === 'number' &&
+        typedError.statusCode >= 500
+      ) {
+        core.error(`Failed to save: ${typedError.message}`)
+      } else {
+        core.warning(`Failed to save: ${typedError.message}`)
+      }
     }
   } finally {
     // Try to delete the archive to save space

packages/cache/src/generated/results/api/v1/cache.ts

@@ -50,6 +50,12 @@ export interface CreateCacheEntryResponse {
      * @generated from protobuf field: string signed_upload_url = 2;
      */
     signedUploadUrl: string;
+    /**
+     * When !ok, this field may contain a human-readable error message used to create an annotation
+     *
+     * @generated from protobuf field: string message = 3;
+     */
+    message: string;
 }
 /**
  * @generated from protobuf message github.actions.results.api.v1.FinalizeCacheEntryUploadRequest
@@ -94,6 +100,12 @@ export interface FinalizeCacheEntryUploadResponse {
      * @generated from protobuf field: int64 entry_id = 2;
      */
     entryId: string;
+    /**
+     * When !ok, this field may contain a human-readable error message used to create an annotation
+     *
+     * @generated from protobuf field: string message = 3;
+     */
+    message: string;
 }
 /**
  * @generated from protobuf message github.actions.results.api.v1.GetCacheEntryDownloadURLRequest
@@ -211,11 +223,12 @@ class CreateCacheEntryResponse$Type extends MessageType<CreateCacheEntryResponse
     constructor() {
         super("github.actions.results.api.v1.CreateCacheEntryResponse", [
             { no: 1, name: "ok", kind: "scalar", T: 8 /*ScalarType.BOOL*/ },
-            { no: 2, name: "signed_upload_url", kind: "scalar", T: 9 /*ScalarType.STRING*/ }
+            { no: 2, name: "signed_upload_url", kind: "scalar", T: 9 /*ScalarType.STRING*/ },
+            { no: 3, name: "message", kind: "scalar", T: 9 /*ScalarType.STRING*/ }
         ]);
     }
     create(value?: PartialMessage<CreateCacheEntryResponse>): CreateCacheEntryResponse {
-        const message = { ok: false, signedUploadUrl: "" };
+        const message = { ok: false, signedUploadUrl: "", message: "" };
         globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this });
         if (value !== undefined)
             reflectionMergePartial<CreateCacheEntryResponse>(this, message, value);
@@ -232,6 +245,9 @@ class CreateCacheEntryResponse$Type extends MessageType<CreateCacheEntryResponse
                 case /* string signed_upload_url */ 2:
                     message.signedUploadUrl = reader.string();
                     break;
+                case /* string message */ 3:
+                    message.message = reader.string();
+                    break;
                 default:
                     let u = options.readUnknownField;
                     if (u === "throw")
@@ -250,6 +266,9 @@ class CreateCacheEntryResponse$Type extends MessageType<CreateCacheEntryResponse
         /* string signed_upload_url = 2; */
         if (message.signedUploadUrl !== "")
             writer.tag(2, WireType.LengthDelimited).string(message.signedUploadUrl);
+        /* string message = 3; */
+        if (message.message !== "")
+            writer.tag(3, WireType.LengthDelimited).string(message.message);
         let u = options.writeUnknownFields;
         if (u !== false)
             (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer);
@@ -333,11 +352,12 @@ class FinalizeCacheEntryUploadResponse$Type extends MessageType<FinalizeCacheEnt
     constructor() {
         super("github.actions.results.api.v1.FinalizeCacheEntryUploadResponse", [
             { no: 1, name: "ok", kind: "scalar", T: 8 /*ScalarType.BOOL*/ },
-            { no: 2, name: "entry_id", kind: "scalar", T: 3 /*ScalarType.INT64*/ }
+            { no: 2, name: "entry_id", kind: "scalar", T: 3 /*ScalarType.INT64*/ },
+            { no: 3, name: "message", kind: "scalar", T: 9 /*ScalarType.STRING*/ }
         ]);
     }
     create(value?: PartialMessage<FinalizeCacheEntryUploadResponse>): FinalizeCacheEntryUploadResponse {
-        const message = { ok: false, entryId: "0" };
+        const message = { ok: false, entryId: "0", message: "" };
         globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this });
         if (value !== undefined)
             reflectionMergePartial<FinalizeCacheEntryUploadResponse>(this, message, value);
@@ -354,6 +374,9 @@ class FinalizeCacheEntryUploadResponse$Type extends MessageType<FinalizeCacheEnt
                 case /* int64 entry_id */ 2:
                     message.entryId = reader.int64().toString();
                     break;
+                case /* string message */ 3:
+                    message.message = reader.string();
+                    break;
                 default:
                     let u = options.readUnknownField;
                     if (u === "throw")
@@ -372,6 +395,9 @@ class FinalizeCacheEntryUploadResponse$Type extends MessageType<FinalizeCacheEnt
         /* int64 entry_id = 2; */
         if (message.entryId !== "0")
             writer.tag(2, WireType.Varint).int64(message.entryId);
+        /* string message = 3; */
+        if (message.message !== "")
+            writer.tag(3, WireType.LengthDelimited).string(message.message);
         let u = options.writeUnknownFields;
         if (u !== false)
             (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer);

packages/core/README.md

@@ -16,7 +16,7 @@ import * as core from '@actions/core';
 
 #### Inputs/Outputs
 
-Action inputs can be read with `getInput` which returns a `string` or `getBooleanInput` which parses a boolean based on the [yaml 1.2 specification](https://yaml.org/spec/1.2/spec.html#id2804923). If `required` set to be false, the input should have a default value in `action.yml`.
+Action inputs can be read with `getInput` which returns a `string` or `getBooleanInput` which parses a boolean based on the [yaml 1.2 specification](https://yaml.org/spec/1.2/spec.html#id2804923). If `required` is set to be false, the input should have a default value in `action.yml`.
 
 Outputs can be set with `setOutput` which makes them available to be mapped into inputs of other actions to ensure they are decoupled.
 

packages/core/src/platform.ts

@@ -76,8 +76,8 @@ export async function getDetails(): Promise<{
     ...(await (isWindows
       ? getWindowsInfo()
       : isMacOS
-      ? getMacOsInfo()
-      : getLinuxInfo())),
+        ? getMacOsInfo()
+        : getLinuxInfo())),
     platform,
     arch,
     isWindows,

packages/exec/RELEASES.md

@@ -1,5 +1,9 @@
 # @actions/exec Releases
 
+### 2.0.0
+- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
+- Bump @actions/io dependency from ^1.0.1 to ^2.0.0
+
 ### 1.1.1
 - Update `lockfileVersion` to `v2` in `package-lock.json [#1024](https://github.com/actions/toolkit/pull/1024) 
 

packages/exec/package-lock.json

@@ -1,28 +1,22 @@
 {
   "name": "@actions/exec",
-  "version": "1.1.1",
-  "lockfileVersion": 2,
+  "version": "2.0.0",
+  "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@actions/exec",
-      "version": "1.1.1",
+      "version": "2.0.0",
       "license": "MIT",
       "dependencies": {
-        "@actions/io": "^1.0.1"
+        "@actions/io": "^2.0.0"
       }
     },
     "node_modules/@actions/io": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.0.1.tgz",
-      "integrity": "sha512-rhq+tfZukbtaus7xyUtwKfuiCRXd1hWSfmJNEpFgBQJ4woqPEpsBw04awicjwz9tyG2/MVhAEMfVn664Cri5zA=="
-    }
-  },
-  "dependencies": {
-    "@actions/io": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.0.1.tgz",
-      "integrity": "sha512-rhq+tfZukbtaus7xyUtwKfuiCRXd1hWSfmJNEpFgBQJ4woqPEpsBw04awicjwz9tyG2/MVhAEMfVn664Cri5zA=="
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@actions/io/-/io-2.0.0.tgz",
+      "integrity": "sha512-Jv33IN09XLO+0HS79aaODsvIRyduiF7NY/F6LYeK5oeUmrsz7aFdRphQjFoESF4jS7lMauDOttKALcpapVDIAg==",
+      "license": "MIT"
     }
   }
 }

packages/exec/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@actions/exec",
-  "version": "1.1.1",
+  "version": "2.0.0",
   "description": "Actions exec lib",
   "keywords": [
     "github",
@@ -36,6 +36,6 @@
     "url": "https://github.com/actions/toolkit/issues"
   },
   "dependencies": {
-    "@actions/io": "^1.0.1"
+    "@actions/io": "^2.0.0"
   }
 }

packages/github/package-lock.json

@@ -1,7 +1,7 @@
 {
   "name": "@actions/github",
   "version": "6.0.1",
-  "lockfileVersion": 2,
+  "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
@@ -22,18 +22,20 @@
       }
     },
     "node_modules/@actions/http-client": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.0.tgz",
-      "integrity": "sha512-q+epW0trjVUUHboliPb4UF9g2msf+w61b32tAkFEwL/IwP0DQWgbCMM0Hbe3e3WXSKz5VcUXbzJQgy8Hkra/Lg==",
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz",
+      "integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==",
+      "license": "MIT",
       "dependencies": {
         "tunnel": "^0.0.6",
         "undici": "^5.25.4"
       }
     },
     "node_modules/@fastify/busboy": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.0.0.tgz",
-      "integrity": "sha512-JUFJad5lv7jxj926GPgymrWQxxjPYuJNiNjNMzqT+HiuP6Vl3dk5xzG+8sTX96np0ZAluvaMzPsjhHZ5rNuNQQ==",
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
+      "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
+      "license": "MIT",
       "engines": {
         "node": ">=14"
       }
@@ -42,20 +44,22 @@
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-4.0.0.tgz",
       "integrity": "sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA==",
+      "license": "MIT",
       "engines": {
         "node": ">= 18"
       }
     },
     "node_modules/@octokit/core": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.0.1.tgz",
-      "integrity": "sha512-lyeeeZyESFo+ffI801SaBKmCfsvarO+dgV8/0gD8u1d87clbEdWsP5yC+dSj3zLhb2eIf5SJrn6vDz9AheETHw==",
+      "version": "5.2.2",
+      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.2.2.tgz",
+      "integrity": "sha512-/g2d4sW9nUDJOMz3mabVQvOGhVa4e/BN/Um7yca9Bb2XTzPPnfTWHWQg+IsEYO7M3Vx+EXvaM/I2pJWIMun1bg==",
+      "license": "MIT",
       "dependencies": {
         "@octokit/auth-token": "^4.0.0",
-        "@octokit/graphql": "^7.0.0",
-        "@octokit/request": "^8.0.2",
-        "@octokit/request-error": "^5.0.0",
-        "@octokit/types": "^12.0.0",
+        "@octokit/graphql": "^7.1.0",
+        "@octokit/request": "^8.4.1",
+        "@octokit/request-error": "^5.1.1",
+        "@octokit/types": "^13.0.0",
         "before-after-hook": "^2.2.0",
         "universal-user-agent": "^6.0.0"
       },
@@ -76,28 +80,14 @@
         "node": ">= 18"
       }
     },
-    "node_modules/@octokit/endpoint/node_modules/@octokit/openapi-types": {
-      "version": "24.2.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
-      "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
-      "license": "MIT"
-    },
-    "node_modules/@octokit/endpoint/node_modules/@octokit/types": {
-      "version": "13.10.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
-      "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
+    "node_modules/@octokit/graphql": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-7.1.1.tgz",
+      "integrity": "sha512-3mkDltSfcDUoa176nlGoA32RGjeWjl3K7F/BwHwRMJUW/IteSa4bnSV8p2ThNkcIcZU2umkZWxwETSSCJf2Q7g==",
       "license": "MIT",
       "dependencies": {
-        "@octokit/openapi-types": "^24.2.0"
-      }
-    },
-    "node_modules/@octokit/graphql": {
-      "version": "7.0.2",
-      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-7.0.2.tgz",
-      "integrity": "sha512-OJ2iGMtj5Tg3s6RaXH22cJcxXRi7Y3EBqbHTBRq+PQAqfaS8f/236fUrWhfSn8P4jovyzqucxme7/vWSSZBX2Q==",
-      "dependencies": {
-        "@octokit/request": "^8.0.1",
-        "@octokit/types": "^12.0.0",
+        "@octokit/request": "^8.4.1",
+        "@octokit/types": "^13.0.0",
         "universal-user-agent": "^6.0.0"
       },
       "engines": {
@@ -105,9 +95,9 @@
       }
     },
     "node_modules/@octokit/openapi-types": {
-      "version": "20.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-20.0.0.tgz",
-      "integrity": "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA==",
+      "version": "24.2.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
+      "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
       "license": "MIT"
     },
     "node_modules/@octokit/plugin-paginate-rest": {
@@ -125,10 +115,25 @@
         "@octokit/core": "5"
       }
     },
+    "node_modules/@octokit/plugin-paginate-rest/node_modules/@octokit/openapi-types": {
+      "version": "20.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-20.0.0.tgz",
+      "integrity": "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA==",
+      "license": "MIT"
+    },
+    "node_modules/@octokit/plugin-paginate-rest/node_modules/@octokit/types": {
+      "version": "12.6.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.6.0.tgz",
+      "integrity": "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==",
+      "license": "MIT",
+      "dependencies": {
+        "@octokit/openapi-types": "^20.0.0"
+      }
+    },
     "node_modules/@octokit/plugin-rest-endpoint-methods": {
-      "version": "10.4.0",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-10.4.0.tgz",
-      "integrity": "sha512-INw5rGXWlbv/p/VvQL63dhlXr38qYTHkQ5bANi9xofrF9OraqmjHsIGyenmjmul1JVRHpUlw5heFOj1UZLEolA==",
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-10.4.1.tgz",
+      "integrity": "sha512-xV1b+ceKV9KytQe3zCVqjg+8GTGfDYwaT1ATU5isiUyVtlVAO3HNdzpS4sr4GBx4hxQ46s7ITtZrAsxG22+rVg==",
       "license": "MIT",
       "dependencies": {
         "@octokit/types": "^12.6.0"
@@ -137,7 +142,22 @@
         "node": ">= 18"
       },
       "peerDependencies": {
-        "@octokit/core": ">=5"
+        "@octokit/core": "5"
+      }
+    },
+    "node_modules/@octokit/plugin-rest-endpoint-methods/node_modules/@octokit/openapi-types": {
+      "version": "20.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-20.0.0.tgz",
+      "integrity": "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA==",
+      "license": "MIT"
+    },
+    "node_modules/@octokit/plugin-rest-endpoint-methods/node_modules/@octokit/types": {
+      "version": "12.6.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.6.0.tgz",
+      "integrity": "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==",
+      "license": "MIT",
+      "dependencies": {
+        "@octokit/openapi-types": "^20.0.0"
       }
     },
     "node_modules/@octokit/request": {
@@ -169,43 +189,13 @@
         "node": ">= 18"
       }
     },
-    "node_modules/@octokit/request-error/node_modules/@octokit/openapi-types": {
-      "version": "24.2.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
-      "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
-      "license": "MIT"
-    },
-    "node_modules/@octokit/request-error/node_modules/@octokit/types": {
-      "version": "13.10.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
-      "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
-      "license": "MIT",
-      "dependencies": {
-        "@octokit/openapi-types": "^24.2.0"
-      }
-    },
-    "node_modules/@octokit/request/node_modules/@octokit/openapi-types": {
-      "version": "24.2.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
-      "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
-      "license": "MIT"
-    },
-    "node_modules/@octokit/request/node_modules/@octokit/types": {
-      "version": "13.10.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
-      "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
-      "license": "MIT",
-      "dependencies": {
-        "@octokit/openapi-types": "^24.2.0"
-      }
-    },
     "node_modules/@octokit/types": {
-      "version": "12.6.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.6.0.tgz",
-      "integrity": "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==",
+      "version": "13.10.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
+      "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
       "license": "MIT",
       "dependencies": {
-        "@octokit/openapi-types": "^20.0.0"
+        "@octokit/openapi-types": "^24.2.0"
       }
     },
     "node_modules/ansi-styles": {
@@ -213,6 +203,7 @@
       "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
       "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "color-convert": "^1.9.0"
       },
@@ -225,6 +216,7 @@
       "resolved": "https://registry.npmjs.org/args/-/args-5.0.3.tgz",
       "integrity": "sha512-h6k/zfFgusnv3i5TU08KQkVKuCPBtL/PWQbWkHUxvJrZ2nAyeaUupneemcrgn1xmqxPQsPIzwkUhOpoqPDRZuA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "camelcase": "5.0.0",
         "chalk": "2.4.2",
@@ -242,15 +234,17 @@
       "dev": true
     },
     "node_modules/before-after-hook": {
-      "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.1.tgz",
-      "integrity": "sha512-/6FKxSTWoJdbsLDF8tdIjaRiFXiE6UHsEHE3OPI/cwPURCVi1ukP0gmLn7XWEiFk5TcwQjjY5PWsU+j+tgXgmw=="
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz",
+      "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==",
+      "license": "Apache-2.0"
     },
     "node_modules/camelcase": {
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.0.0.tgz",
       "integrity": "sha512-faqwZqnWxbxn+F1d399ygeamQNy3lPp/H9H6rNrqYh4FSVCtcY+3cub1MxA8o9mDd55mM8Aghuu/kuyYA6VTsA==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=6"
       }
@@ -260,6 +254,7 @@
       "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
       "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "ansi-styles": "^3.2.1",
         "escape-string-regexp": "^1.0.5",
@@ -274,6 +269,7 @@
       "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
       "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "color-name": "1.1.3"
       }
@@ -282,15 +278,17 @@
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
       "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==",
-      "dev": true
+      "dev": true,
+      "license": "MIT"
     },
     "node_modules/debug": {
-      "version": "4.3.4",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
-      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
-        "ms": "2.1.2"
+        "ms": "^2.1.3"
       },
       "engines": {
         "node": ">=6.0"
@@ -304,13 +302,15 @@
     "node_modules/deprecation": {
       "version": "2.3.1",
       "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz",
-      "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="
+      "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==",
+      "license": "ISC"
     },
     "node_modules/escape-string-regexp": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
       "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=0.8.0"
       }
@@ -320,6 +320,7 @@
       "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
       "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=4"
       }
@@ -329,6 +330,7 @@
       "resolved": "https://registry.npmjs.org/leven/-/leven-2.1.0.tgz",
       "integrity": "sha512-nvVPLpIHUxCUoRLrFqTgSxXJ614d8AgQoWl7zPe/2VadE8+1dpU3LBhowRuBAcuwruWtOdD8oYC9jDNJjXDPyA==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=0.10.0"
       }
@@ -338,34 +340,41 @@
       "resolved": "https://registry.npmjs.org/mri/-/mri-1.1.4.tgz",
       "integrity": "sha512-6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=4"
       }
     },
     "node_modules/ms": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
-      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
-      "dev": true
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "dev": true,
+      "license": "MIT"
     },
     "node_modules/once": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
       "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
+      "license": "ISC",
       "dependencies": {
         "wrappy": "1"
       }
     },
     "node_modules/proxy": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/proxy/-/proxy-2.1.1.tgz",
-      "integrity": "sha512-nLgd7zdUAOpB3ZO/xCkU8gy74UER7P0aihU8DkUsDS5ZoFwVCX7u8dy+cv5tVK8UaB/yminU1GiLWE26TKPYpg==",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/proxy/-/proxy-2.2.0.tgz",
+      "integrity": "sha512-nYclNIWj9UpXbVJ3W5EXIYiGR88AKZoGt90kyh3zoOBY5QW+7bbtPvMFgKGD4VJmpS3UXQXtlGXSg3lRNLOFLg==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "args": "^5.0.3",
         "basic-auth-parser": "0.0.2-1",
         "debug": "^4.3.4"
       },
+      "bin": {
+        "proxy": "dist/bin/proxy.js"
+      },
       "engines": {
         "node": ">= 14"
       }
@@ -375,6 +384,7 @@
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
       "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "has-flag": "^3.0.0"
       },
@@ -386,14 +396,15 @@
       "version": "0.0.6",
       "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
       "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
+      "license": "MIT",
       "engines": {
         "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
       }
     },
     "node_modules/undici": {
-      "version": "5.28.5",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz",
-      "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==",
+      "version": "5.29.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
+      "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
       "license": "MIT",
       "dependencies": {
         "@fastify/busboy": "^2.0.0"
@@ -403,322 +414,16 @@
       }
     },
     "node_modules/universal-user-agent": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
-      "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.1.tgz",
+      "integrity": "sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ==",
+      "license": "ISC"
     },
     "node_modules/wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
-    }
-  },
-  "dependencies": {
-    "@actions/http-client": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.0.tgz",
-      "integrity": "sha512-q+epW0trjVUUHboliPb4UF9g2msf+w61b32tAkFEwL/IwP0DQWgbCMM0Hbe3e3WXSKz5VcUXbzJQgy8Hkra/Lg==",
-      "requires": {
-        "tunnel": "^0.0.6",
-        "undici": "^5.25.4"
-      }
-    },
-    "@fastify/busboy": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.0.0.tgz",
-      "integrity": "sha512-JUFJad5lv7jxj926GPgymrWQxxjPYuJNiNjNMzqT+HiuP6Vl3dk5xzG+8sTX96np0ZAluvaMzPsjhHZ5rNuNQQ=="
-    },
-    "@octokit/auth-token": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-4.0.0.tgz",
-      "integrity": "sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA=="
-    },
-    "@octokit/core": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.0.1.tgz",
-      "integrity": "sha512-lyeeeZyESFo+ffI801SaBKmCfsvarO+dgV8/0gD8u1d87clbEdWsP5yC+dSj3zLhb2eIf5SJrn6vDz9AheETHw==",
-      "requires": {
-        "@octokit/auth-token": "^4.0.0",
-        "@octokit/graphql": "^7.0.0",
-        "@octokit/request": "^8.0.2",
-        "@octokit/request-error": "^5.0.0",
-        "@octokit/types": "^12.0.0",
-        "before-after-hook": "^2.2.0",
-        "universal-user-agent": "^6.0.0"
-      }
-    },
-    "@octokit/endpoint": {
-      "version": "9.0.6",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-9.0.6.tgz",
-      "integrity": "sha512-H1fNTMA57HbkFESSt3Y9+FBICv+0jFceJFPWDePYlR/iMGrwM5ph+Dd4XRQs+8X+PUFURLQgX9ChPfhJ/1uNQw==",
-      "requires": {
-        "@octokit/types": "^13.1.0",
-        "universal-user-agent": "^6.0.0"
-      },
-      "dependencies": {
-        "@octokit/openapi-types": {
-          "version": "24.2.0",
-          "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
-          "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="
-        },
-        "@octokit/types": {
-          "version": "13.10.0",
-          "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
-          "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
-          "requires": {
-            "@octokit/openapi-types": "^24.2.0"
-          }
-        }
-      }
-    },
-    "@octokit/graphql": {
-      "version": "7.0.2",
-      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-7.0.2.tgz",
-      "integrity": "sha512-OJ2iGMtj5Tg3s6RaXH22cJcxXRi7Y3EBqbHTBRq+PQAqfaS8f/236fUrWhfSn8P4jovyzqucxme7/vWSSZBX2Q==",
-      "requires": {
-        "@octokit/request": "^8.0.1",
-        "@octokit/types": "^12.0.0",
-        "universal-user-agent": "^6.0.0"
-      }
-    },
-    "@octokit/openapi-types": {
-      "version": "20.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-20.0.0.tgz",
-      "integrity": "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA=="
-    },
-    "@octokit/plugin-paginate-rest": {
-      "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-9.2.2.tgz",
-      "integrity": "sha512-u3KYkGF7GcZnSD/3UP0S7K5XUFT2FkOQdcfXZGZQPGv3lm4F2Xbf71lvjldr8c1H3nNbF+33cLEkWYbokGWqiQ==",
-      "requires": {
-        "@octokit/types": "^12.6.0"
-      }
-    },
-    "@octokit/plugin-rest-endpoint-methods": {
-      "version": "10.4.0",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-10.4.0.tgz",
-      "integrity": "sha512-INw5rGXWlbv/p/VvQL63dhlXr38qYTHkQ5bANi9xofrF9OraqmjHsIGyenmjmul1JVRHpUlw5heFOj1UZLEolA==",
-      "requires": {
-        "@octokit/types": "^12.6.0"
-      }
-    },
-    "@octokit/request": {
-      "version": "8.4.1",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-8.4.1.tgz",
-      "integrity": "sha512-qnB2+SY3hkCmBxZsR/MPCybNmbJe4KAlfWErXq+rBKkQJlbjdJeS85VI9r8UqeLYLvnAenU8Q1okM/0MBsAGXw==",
-      "requires": {
-        "@octokit/endpoint": "^9.0.6",
-        "@octokit/request-error": "^5.1.1",
-        "@octokit/types": "^13.1.0",
-        "universal-user-agent": "^6.0.0"
-      },
-      "dependencies": {
-        "@octokit/openapi-types": {
-          "version": "24.2.0",
-          "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
-          "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="
-        },
-        "@octokit/types": {
-          "version": "13.10.0",
-          "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
-          "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
-          "requires": {
-            "@octokit/openapi-types": "^24.2.0"
-          }
-        }
-      }
-    },
-    "@octokit/request-error": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.1.1.tgz",
-      "integrity": "sha512-v9iyEQJH6ZntoENr9/yXxjuezh4My67CBSu9r6Ve/05Iu5gNgnisNWOsoJHTP6k0Rr0+HQIpnH+kyammu90q/g==",
-      "requires": {
-        "@octokit/types": "^13.1.0",
-        "deprecation": "^2.0.0",
-        "once": "^1.4.0"
-      },
-      "dependencies": {
-        "@octokit/openapi-types": {
-          "version": "24.2.0",
-          "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
-          "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="
-        },
-        "@octokit/types": {
-          "version": "13.10.0",
-          "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
-          "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
-          "requires": {
-            "@octokit/openapi-types": "^24.2.0"
-          }
-        }
-      }
-    },
-    "@octokit/types": {
-      "version": "12.6.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.6.0.tgz",
-      "integrity": "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==",
-      "requires": {
-        "@octokit/openapi-types": "^20.0.0"
-      }
-    },
-    "ansi-styles": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
-      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
-      "dev": true,
-      "requires": {
-        "color-convert": "^1.9.0"
-      }
-    },
-    "args": {
-      "version": "5.0.3",
-      "resolved": "https://registry.npmjs.org/args/-/args-5.0.3.tgz",
-      "integrity": "sha512-h6k/zfFgusnv3i5TU08KQkVKuCPBtL/PWQbWkHUxvJrZ2nAyeaUupneemcrgn1xmqxPQsPIzwkUhOpoqPDRZuA==",
-      "dev": true,
-      "requires": {
-        "camelcase": "5.0.0",
-        "chalk": "2.4.2",
-        "leven": "2.1.0",
-        "mri": "1.1.4"
-      }
-    },
-    "basic-auth-parser": {
-      "version": "0.0.2-1",
-      "resolved": "https://registry.npmjs.org/basic-auth-parser/-/basic-auth-parser-0.0.2-1.tgz",
-      "integrity": "sha512-GFj8iVxo9onSU6BnnQvVwqvxh60UcSHJEDnIk3z4B6iOjsKSmqe+ibW0Rsz7YO7IE1HG3D3tqCNIidP46SZVdQ==",
-      "dev": true
-    },
-    "before-after-hook": {
-      "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.1.tgz",
-      "integrity": "sha512-/6FKxSTWoJdbsLDF8tdIjaRiFXiE6UHsEHE3OPI/cwPURCVi1ukP0gmLn7XWEiFk5TcwQjjY5PWsU+j+tgXgmw=="
-    },
-    "camelcase": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.0.0.tgz",
-      "integrity": "sha512-faqwZqnWxbxn+F1d399ygeamQNy3lPp/H9H6rNrqYh4FSVCtcY+3cub1MxA8o9mDd55mM8Aghuu/kuyYA6VTsA==",
-      "dev": true
-    },
-    "chalk": {
-      "version": "2.4.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
-      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
-      "dev": true,
-      "requires": {
-        "ansi-styles": "^3.2.1",
-        "escape-string-regexp": "^1.0.5",
-        "supports-color": "^5.3.0"
-      }
-    },
-    "color-convert": {
-      "version": "1.9.3",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
-      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
-      "dev": true,
-      "requires": {
-        "color-name": "1.1.3"
-      }
-    },
-    "color-name": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-      "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==",
-      "dev": true
-    },
-    "debug": {
-      "version": "4.3.4",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
-      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
-      "dev": true,
-      "requires": {
-        "ms": "2.1.2"
-      }
-    },
-    "deprecation": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz",
-      "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="
-    },
-    "escape-string-regexp": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
-      "dev": true
-    },
-    "has-flag": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
-      "dev": true
-    },
-    "leven": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/leven/-/leven-2.1.0.tgz",
-      "integrity": "sha512-nvVPLpIHUxCUoRLrFqTgSxXJ614d8AgQoWl7zPe/2VadE8+1dpU3LBhowRuBAcuwruWtOdD8oYC9jDNJjXDPyA==",
-      "dev": true
-    },
-    "mri": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/mri/-/mri-1.1.4.tgz",
-      "integrity": "sha512-6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w==",
-      "dev": true
-    },
-    "ms": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
-      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
-      "dev": true
-    },
-    "once": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
-      "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
-      "requires": {
-        "wrappy": "1"
-      }
-    },
-    "proxy": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/proxy/-/proxy-2.1.1.tgz",
-      "integrity": "sha512-nLgd7zdUAOpB3ZO/xCkU8gy74UER7P0aihU8DkUsDS5ZoFwVCX7u8dy+cv5tVK8UaB/yminU1GiLWE26TKPYpg==",
-      "dev": true,
-      "requires": {
-        "args": "^5.0.3",
-        "basic-auth-parser": "0.0.2-1",
-        "debug": "^4.3.4"
-      }
-    },
-    "supports-color": {
-      "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
-      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
-      "dev": true,
-      "requires": {
-        "has-flag": "^3.0.0"
-      }
-    },
-    "tunnel": {
-      "version": "0.0.6",
-      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
-      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
-    },
-    "undici": {
-      "version": "5.28.5",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz",
-      "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==",
-      "requires": {
-        "@fastify/busboy": "^2.0.0"
-      }
-    },
-    "universal-user-agent": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
-      "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
-    },
-    "wrappy": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
+      "license": "ISC"
     }
   }
 }

packages/glob/package-lock.json

@@ -3,21 +3,6 @@
   "version": "0.5.0",
   "lockfileVersion": 3,
   "requires": true,
-  "description": "Actions glob lib",
-  "files": [
-    "lib",
-    "!.DS_Store"
-  ],
-  "homepage": "https://github.com/actions/toolkit/tree/main/packages/glob",
-  "keywords": [
-    "github",
-    "actions",
-    "glob"
-  ],
-  "license": "MIT",
-  "main": "lib/glob.js",
-  "preview": true,
-  "types": "lib/glob.d.ts",
   "packages": {
     "": {
       "name": "@actions/glob",
@@ -29,31 +14,60 @@
       }
     },
     "node_modules/@actions/core": {
-      "version": "1.10.0",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz",
-      "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==",
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
+      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
+      "license": "MIT",
       "dependencies": {
-        "@actions/http-client": "^2.0.1",
-        "uuid": "^8.3.2"
+        "@actions/exec": "^1.1.1",
+        "@actions/http-client": "^2.0.1"
+      }
+    },
+    "node_modules/@actions/exec": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
+      "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
+      "license": "MIT",
+      "dependencies": {
+        "@actions/io": "^1.0.1"
       }
     },
     "node_modules/@actions/http-client": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz",
-      "integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==",
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz",
+      "integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==",
+      "license": "MIT",
       "dependencies": {
-        "tunnel": "^0.0.6"
+        "tunnel": "^0.0.6",
+        "undici": "^5.25.4"
+      }
+    },
+    "node_modules/@actions/io": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
+      "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==",
+      "license": "MIT"
+    },
+    "node_modules/@fastify/busboy": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
+      "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=14"
       }
     },
     "node_modules/balanced-match": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "license": "MIT"
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.11",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "version": "1.1.12",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
@@ -62,12 +76,14 @@
     "node_modules/concat-map": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
-      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg=="
+      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
+      "license": "MIT"
     },
     "node_modules/minimatch": {
       "version": "3.1.2",
       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
       "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "license": "ISC",
       "dependencies": {
         "brace-expansion": "^1.1.7"
       },
@@ -79,37 +95,22 @@
       "version": "0.0.6",
       "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
       "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
+      "license": "MIT",
       "engines": {
         "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
       }
     },
-    "node_modules/uuid": {
-      "version": "8.3.2",
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
-      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
-      "bin": {
-        "uuid": "dist/bin/uuid"
+    "node_modules/undici": {
+      "version": "5.29.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
+      "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
+      "license": "MIT",
+      "dependencies": {
+        "@fastify/busboy": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=14.0"
       }
     }
-  },
-  "bugs": {
-    "url": "https://github.com/actions/toolkit/issues"
-  },
-  "directories": {
-    "lib": "lib",
-    "test": "__tests__"
-  },
-  "publishConfig": {
-    "access": "public"
-  },
-  "repository": {
-    "directory": "packages/glob",
-    "type": "git",
-    "url": "git+https://github.com/actions/toolkit.git"
-  },
-  "scripts": {
-    "audit-moderate": "npm install && npm audit --json --audit-level=moderate > audit.json",
-    "test": "echo \"Error: run tests from root\" && exit 1",
-    "tsc": "tsc"
   }
 }

packages/glob/src/internal-hash-files.ts

@@ -15,7 +15,7 @@ export async function hashFiles(
   let hasMatch = false
   const githubWorkspace = currentWorkspace
     ? currentWorkspace
-    : process.env['GITHUB_WORKSPACE'] ?? process.cwd()
+    : (process.env['GITHUB_WORKSPACE'] ?? process.cwd())
   const result = crypto.createHash('sha256')
   let count = 0
   for await (const file of globber.globGenerator()) {

packages/http-client/README.md

@@ -7,7 +7,7 @@ A lightweight HTTP client optimized for building actions.
   - HTTP client with TypeScript generics and async/await/Promises
   - Typings included!
   - [Proxy support](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/about-self-hosted-runners#using-a-proxy-server-with-self-hosted-runners) just works with actions and the runner
-  - Targets ES2019 (runner runs actions with node 12+).  Only supported on node 12+.
+  - Targets ES2019 (runner runs actions with node 24+).  Only supported on node 20+.
   - Basic, Bearer and PAT Support out of the box.  Extensible handlers for others.
   - Redirects supported
 
@@ -44,7 +44,7 @@ export NODE_DEBUG=http
 
 ## Node support
 
-The http-client is built using the latest LTS version of Node 12. It may work on previous node LTS versions but it's tested and officially supported on Node12+.
+The http-client is built using Node 24. It may work on previous node LTS versions but it's tested and officially supported on Node 20+.
 
 ## Support and Versioning
 

packages/http-client/RELEASES.md

@@ -1,5 +1,8 @@
 ## Releases
 
+## 3.0.0
+- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
+
 ## 2.2.3
 - Fixed an issue where proxy username and password were not handled correctly [#1799](https://github.com/actions/toolkit/pull/1799)
 

packages/http-client/__tests__/auth.test.ts

@@ -15,7 +15,7 @@ describe('auth', () => {
       bh
     ])
     const res: httpm.HttpClientResponse = await http.get(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
@@ -26,7 +26,7 @@ describe('auth', () => {
       'base64'
     ).toString()
     expect(creds).toBe('johndoe:password')
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
   })
 
   it('does basic http get request with pat token auth', async () => {
@@ -38,7 +38,7 @@ describe('auth', () => {
       ph
     ])
     const res: httpm.HttpClientResponse = await http.get(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
@@ -49,7 +49,7 @@ describe('auth', () => {
       'base64'
     ).toString()
     expect(creds).toBe(`PAT:${token}`)
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
   })
 
   it('does basic http get request with pat token auth', async () => {
@@ -60,13 +60,13 @@ describe('auth', () => {
       ph
     ])
     const res: httpm.HttpClientResponse = await http.get(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
     const auth: string = obj.headers.authorization
     expect(auth).toBe(`Bearer ${token}`)
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
   })
 })

packages/http-client/__tests__/basics.test.ts

@@ -37,41 +37,41 @@ describe('basics', () => {
   //       "user-agent": "typed-test-client-tests"
   //     },
   //     "origin": "173.95.152.44",
-  //     "url": "http://postman-echo.com/get"
+  //     "url": "https://postman-echo.com/get"
   //  }
 
   it('does basic http get request', async () => {
     const res: httpm.HttpClientResponse = await _http.get(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
     expect(obj.headers['user-agent']).toBeTruthy()
   })
 
   it('does basic http get request with no user agent', async () => {
     const http: httpm.HttpClient = new httpm.HttpClient()
     const res: httpm.HttpClientResponse = await http.get(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
     expect(obj.headers['user-agent']).toBeFalsy()
   })
 
   /* TODO write a mock rather then relying on a third party
   it('does basic https get request', async () => {
     const res: httpm.HttpClientResponse = await _http.get(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
   })
 */
   it('does basic http get request with default headers', async () => {
@@ -86,14 +86,14 @@ describe('basics', () => {
       }
     )
     const res: httpm.HttpClientResponse = await http.get(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
     expect(obj.headers.accept).toBe('application/json')
     expect(obj.headers['content-type']).toBe('application/json')
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
   })
 
   it('does basic http get request with merged headers', async () => {
@@ -108,7 +108,7 @@ describe('basics', () => {
       }
     )
     const res: httpm.HttpClientResponse = await http.get(
-      'http://postman-echo.com/get',
+      'https://postman-echo.com/get',
       {
         'content-type': 'application/x-www-form-urlencoded'
       }
@@ -120,18 +120,18 @@ describe('basics', () => {
     expect(obj.headers['content-type']).toBe(
       'application/x-www-form-urlencoded'
     )
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
   })
 
   it('pipes a get request', async () => {
     return new Promise<void>(async resolve => {
       const file = fs.createWriteStream(sampleFilePath)
-      ;(await _http.get('http://postman-echo.com/get')).message
+      ;(await _http.get('https://postman-echo.com/get')).message
         .pipe(file)
         .on('close', () => {
           const body: string = fs.readFileSync(sampleFilePath).toString()
           const obj = JSON.parse(body)
-          expect(obj.url).toBe('http://postman-echo.com/get')
+          expect(obj.url).toBe('https://postman-echo.com/get')
           resolve()
         })
     })
@@ -139,32 +139,32 @@ describe('basics', () => {
 
   it('does basic get request with redirects', async () => {
     const res: httpm.HttpClientResponse = await _http.get(
-      `http://postman-echo.com/redirect-to?url=${encodeURIComponent(
-        'http://postman-echo.com/get'
+      `https://postman-echo.com/redirect-to?url=${encodeURIComponent(
+        'https://postman-echo.com/get'
       )}`
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
   })
 
   it('does basic get request with redirects (303)', async () => {
     const res: httpm.HttpClientResponse = await _http.get(
-      `http://postman-echo.com/redirect-to?url=${encodeURIComponent(
-        'http://postman-echo.com/get'
+      `https://postman-echo.com/redirect-to?url=${encodeURIComponent(
+        'https://postman-echo.com/get'
       )}&status_code=303`
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
   })
 
   it('returns 404 for not found get request on redirect', async () => {
     const res: httpm.HttpClientResponse = await _http.get(
-      `http://postman-echo.com/redirect-to?url=${encodeURIComponent(
-        'http://postman-echo.com/status/404'
+      `https://postman-echo.com/redirect-to?url=${encodeURIComponent(
+        'https://postman-echo.com/status/404'
       )}&status_code=303`
     )
     expect(res.message.statusCode).toBe(404)
@@ -178,8 +178,8 @@ describe('basics', () => {
       {allowRedirects: false}
     )
     const res: httpm.HttpClientResponse = await http.get(
-      `http://postman-echo.com/redirect-to?url=${encodeURIComponent(
-        'http://postman-echo.com/get'
+      `https://postman-echo.com/redirect-to?url=${encodeURIComponent(
+        'https://postman-echo.com/get'
       )}`
     )
     expect(res.message.statusCode).toBe(302)
@@ -192,8 +192,8 @@ describe('basics', () => {
       authorization: 'shhh'
     }
     const res: httpm.HttpClientResponse = await _http.get(
-      `http://postman-echo.com/redirect-to?url=${encodeURIComponent(
-        'http://www.postman-echo.com/get'
+      `https://postman-echo.com/redirect-to?url=${encodeURIComponent(
+        'https://www.postman-echo.com/get'
       )}`,
       headers
     )
@@ -205,7 +205,7 @@ describe('basics', () => {
     expect(obj.headers[httpm.Headers.Accept]).toBe('application/json')
     expect(obj.headers['Authorization']).toBeUndefined()
     expect(obj.headers['authorization']).toBeUndefined()
-    expect(obj.url).toBe('http://www.postman-echo.com/get')
+    expect(obj.url).toBe('https://www.postman-echo.com/get')
   })
 
   it('does not pass Auth with diff hostname redirects', async () => {
@@ -214,8 +214,8 @@ describe('basics', () => {
       Authorization: 'shhh'
     }
     const res: httpm.HttpClientResponse = await _http.get(
-      `http://postman-echo.com/redirect-to?url=${encodeURIComponent(
-        'http://www.postman-echo.com/get'
+      `https://postman-echo.com/redirect-to?url=${encodeURIComponent(
+        'https://www.postman-echo.com/get'
       )}`,
       headers
     )
@@ -227,19 +227,19 @@ describe('basics', () => {
     expect(obj.headers[httpm.Headers.Accept]).toBe('application/json')
     expect(obj.headers['Authorization']).toBeUndefined()
     expect(obj.headers['authorization']).toBeUndefined()
-    expect(obj.url).toBe('http://www.postman-echo.com/get')
+    expect(obj.url).toBe('https://www.postman-echo.com/get')
   })
 
   it('does basic head request', async () => {
     const res: httpm.HttpClientResponse = await _http.head(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
   })
 
   it('does basic http delete request', async () => {
     const res: httpm.HttpClientResponse = await _http.del(
-      'http://postman-echo.com/delete'
+      'https://postman-echo.com/delete'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
@@ -249,32 +249,32 @@ describe('basics', () => {
   it('does basic http post request', async () => {
     const b = 'Hello World!'
     const res: httpm.HttpClientResponse = await _http.post(
-      'http://postman-echo.com/post',
+      'https://postman-echo.com/post',
       b
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
     expect(obj.data).toBe(b)
-    expect(obj.url).toBe('http://postman-echo.com/post')
+    expect(obj.url).toBe('https://postman-echo.com/post')
   })
 
   it('does basic http patch request', async () => {
     const b = 'Hello World!'
     const res: httpm.HttpClientResponse = await _http.patch(
-      'http://postman-echo.com/patch',
+      'https://postman-echo.com/patch',
       b
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
     expect(obj.data).toBe(b)
-    expect(obj.url).toBe('http://postman-echo.com/patch')
+    expect(obj.url).toBe('https://postman-echo.com/patch')
   })
 
   it('does basic http options request', async () => {
     const res: httpm.HttpClientResponse = await _http.options(
-      'http://postman-echo.com'
+      'https://postman-echo.com'
     )
     expect(res.message.statusCode).toBe(200)
     await res.readBody()
@@ -282,7 +282,7 @@ describe('basics', () => {
 
   it('returns 404 for not found get request', async () => {
     const res: httpm.HttpClientResponse = await _http.get(
-      'http://postman-echo.com/status/404'
+      'https://postman-echo.com/status/404'
     )
     expect(res.message.statusCode).toBe(404)
     await res.readBody()
@@ -290,11 +290,11 @@ describe('basics', () => {
 
   it('gets a json object', async () => {
     const jsonObj = await _http.getJson<HttpBinData>(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(jsonObj.statusCode).toBe(200)
     expect(jsonObj.result).toBeDefined()
-    expect(jsonObj.result?.url).toBe('http://postman-echo.com/get')
+    expect(jsonObj.result?.url).toBe('https://postman-echo.com/get')
     expect(jsonObj.result?.headers[httpm.Headers.Accept]).toBe(
       httpm.MediaTypes.ApplicationJson
     )
@@ -305,7 +305,7 @@ describe('basics', () => {
 
   it('getting a non existent json object returns null', async () => {
     const jsonObj = await _http.getJson<HttpBinData>(
-      'http://postman-echo.com/status/404'
+      'https://postman-echo.com/status/404'
     )
     expect(jsonObj.statusCode).toBe(404)
     expect(jsonObj.result).toBeNull()
@@ -314,12 +314,12 @@ describe('basics', () => {
   it('posts a json object', async () => {
     const res = {name: 'foo'}
     const restRes = await _http.postJson<HttpBinData>(
-      'http://postman-echo.com/post',
+      'https://postman-echo.com/post',
       res
     )
     expect(restRes.statusCode).toBe(200)
     expect(restRes.result).toBeDefined()
-    expect(restRes.result?.url).toBe('http://postman-echo.com/post')
+    expect(restRes.result?.url).toBe('https://postman-echo.com/post')
     expect(restRes.result?.json.name).toBe('foo')
     expect(restRes.result?.headers[httpm.Headers.Accept]).toBe(
       httpm.MediaTypes.ApplicationJson
@@ -335,12 +335,12 @@ describe('basics', () => {
   it('puts a json object', async () => {
     const res = {name: 'foo'}
     const restRes = await _http.putJson<HttpBinData>(
-      'http://postman-echo.com/put',
+      'https://postman-echo.com/put',
       res
     )
     expect(restRes.statusCode).toBe(200)
     expect(restRes.result).toBeDefined()
-    expect(restRes.result?.url).toBe('http://postman-echo.com/put')
+    expect(restRes.result?.url).toBe('https://postman-echo.com/put')
     expect(restRes.result?.json.name).toBe('foo')
 
     expect(restRes.result?.headers[httpm.Headers.Accept]).toBe(
@@ -357,12 +357,12 @@ describe('basics', () => {
   it('patch a json object', async () => {
     const res = {name: 'foo'}
     const restRes = await _http.patchJson<HttpBinData>(
-      'http://postman-echo.com/patch',
+      'https://postman-echo.com/patch',
       res
     )
     expect(restRes.statusCode).toBe(200)
     expect(restRes.result).toBeDefined()
-    expect(restRes.result?.url).toBe('http://postman-echo.com/patch')
+    expect(restRes.result?.url).toBe('https://postman-echo.com/patch')
     expect(restRes.result?.json.name).toBe('foo')
     expect(restRes.result?.headers[httpm.Headers.Accept]).toBe(
       httpm.MediaTypes.ApplicationJson

packages/http-client/__tests__/headers.test.ts

@@ -12,7 +12,7 @@ describe('headers', () => {
   it('preserves existing headers on getJson', async () => {
     const additionalHeaders = {[httpm.Headers.Accept]: 'foo'}
     let jsonObj = await _http.getJson<any>(
-      'http://postman-echo.com/get',
+      'https://postman-echo.com/get',
       additionalHeaders
     )
     expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('foo')
@@ -26,7 +26,7 @@ describe('headers', () => {
         [httpm.Headers.Accept]: 'baz'
       }
     }
-    jsonObj = await httpWithHeaders.getJson<any>('http://postman-echo.com/get')
+    jsonObj = await httpWithHeaders.getJson<any>('https://postman-echo.com/get')
     expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('baz')
     expect(jsonObj.headers[httpm.Headers.ContentType]).toContain(
       httpm.MediaTypes.ApplicationJson
@@ -36,7 +36,7 @@ describe('headers', () => {
   it('preserves existing headers on postJson', async () => {
     const additionalHeaders = {[httpm.Headers.Accept]: 'foo'}
     let jsonObj = await _http.postJson<any>(
-      'http://postman-echo.com/post',
+      'https://postman-echo.com/post',
       {},
       additionalHeaders
     )
@@ -52,7 +52,7 @@ describe('headers', () => {
       }
     }
     jsonObj = await httpWithHeaders.postJson<any>(
-      'http://postman-echo.com/post',
+      'https://postman-echo.com/post',
       {}
     )
     expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('baz')
@@ -64,7 +64,7 @@ describe('headers', () => {
   it('preserves existing headers on putJson', async () => {
     const additionalHeaders = {[httpm.Headers.Accept]: 'foo'}
     let jsonObj = await _http.putJson<any>(
-      'http://postman-echo.com/put',
+      'https://postman-echo.com/put',
       {},
       additionalHeaders
     )
@@ -80,7 +80,7 @@ describe('headers', () => {
       }
     }
     jsonObj = await httpWithHeaders.putJson<any>(
-      'http://postman-echo.com/put',
+      'https://postman-echo.com/put',
       {}
     )
     expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('baz')
@@ -92,7 +92,7 @@ describe('headers', () => {
   it('preserves existing headers on patchJson', async () => {
     const additionalHeaders = {[httpm.Headers.Accept]: 'foo'}
     let jsonObj = await _http.patchJson<any>(
-      'http://postman-echo.com/patch',
+      'https://postman-echo.com/patch',
       {},
       additionalHeaders
     )
@@ -108,7 +108,7 @@ describe('headers', () => {
       }
     }
     jsonObj = await httpWithHeaders.patchJson<any>(
-      'http://postman-echo.com/patch',
+      'https://postman-echo.com/patch',
       {}
     )
     expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('baz')

packages/http-client/__tests__/keepalive.test.ts

@@ -13,30 +13,30 @@ describe('basics', () => {
 
   it.each([true, false])('creates Agent with keepAlive %s', keepAlive => {
     const http = new httpm.HttpClient('http-client-tests', [], {keepAlive})
-    const agent = http.getAgent('http://postman-echo.com')
+    const agent = http.getAgent('https://postman-echo.com')
     expect(agent).toHaveProperty('keepAlive', keepAlive)
   })
 
   it('does basic http get request with keepAlive true', async () => {
     const res: httpm.HttpClientResponse = await _http.get(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
   })
 
   it('does basic head request with keepAlive true', async () => {
     const res: httpm.HttpClientResponse = await _http.head(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
   })
 
   it('does basic http delete request with keepAlive true', async () => {
     const res: httpm.HttpClientResponse = await _http.del(
-      'http://postman-echo.com/delete'
+      'https://postman-echo.com/delete'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
@@ -46,32 +46,32 @@ describe('basics', () => {
   it('does basic http post request with keepAlive true', async () => {
     const b = 'Hello World!'
     const res: httpm.HttpClientResponse = await _http.post(
-      'http://postman-echo.com/post',
+      'https://postman-echo.com/post',
       b
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
     expect(obj.data).toBe(b)
-    expect(obj.url).toBe('http://postman-echo.com/post')
+    expect(obj.url).toBe('https://postman-echo.com/post')
   })
 
   it('does basic http patch request with keepAlive true', async () => {
     const b = 'Hello World!'
     const res: httpm.HttpClientResponse = await _http.patch(
-      'http://postman-echo.com/patch',
+      'https://postman-echo.com/patch',
       b
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
     expect(obj.data).toBe(b)
-    expect(obj.url).toBe('http://postman-echo.com/patch')
+    expect(obj.url).toBe('https://postman-echo.com/patch')
   })
 
   it('does basic http options request with keepAlive true', async () => {
     const res: httpm.HttpClientResponse = await _http.options(
-      'http://postman-echo.com'
+      'https://postman-echo.com'
     )
     expect(res.message.statusCode).toBe(200)
     await res.readBody()

packages/http-client/__tests__/proxy.test.ts

@@ -196,16 +196,16 @@ describe('proxy', () => {
   })
 
   it('HttpClient does basic http get request through proxy', async () => {
-    process.env['http_proxy'] = _proxyUrl
+    process.env['https_proxy'] = _proxyUrl
     const httpClient = new httpm.HttpClient()
     const res: httpm.HttpClientResponse = await httpClient.get(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
-    expect(obj.url).toBe('http://postman-echo.com/get')
-    expect(_proxyConnects).toEqual(['postman-echo.com:80'])
+    expect(obj.url).toBe('https://postman-echo.com/get')
+    expect(_proxyConnects).toEqual(['postman-echo.com:443'])
   })
 
   it('HttpClient does basic http get request when bypass proxy', async () => {
@@ -213,12 +213,12 @@ describe('proxy', () => {
     process.env['no_proxy'] = 'postman-echo.com'
     const httpClient = new httpm.HttpClient()
     const res: httpm.HttpClientResponse = await httpClient.get(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
     expect(_proxyConnects).toHaveLength(0)
   })
 
@@ -228,12 +228,12 @@ describe('proxy', () => {
     process.env['https_proxy'] = _proxyUrl
     const httpClient = new httpm.HttpClient()
     const res: httpm.HttpClientResponse = await httpClient.get(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
     expect(_proxyConnects).toEqual(['postman-echo.com:443'])
   })
   */
@@ -243,12 +243,12 @@ describe('proxy', () => {
     process.env['no_proxy'] = 'postman-echo.com'
     const httpClient = new httpm.HttpClient()
     const res: httpm.HttpClientResponse = await httpClient.get(
-      'http://postman-echo.com/get'
+      'https://postman-echo.com/get'
     )
     expect(res.message.statusCode).toBe(200)
     const body: string = await res.readBody()
     const obj = JSON.parse(body)
-    expect(obj.url).toBe('http://postman-echo.com/get')
+    expect(obj.url).toBe('https://postman-echo.com/get')
     expect(_proxyConnects).toHaveLength(0)
   })
 

packages/http-client/package-lock.json

@@ -1,43 +1,49 @@
 {
   "name": "@actions/http-client",
-  "version": "2.2.3",
-  "lockfileVersion": 2,
+  "version": "3.0.0",
+  "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@actions/http-client",
-      "version": "2.2.3",
+      "version": "3.0.0",
       "license": "MIT",
       "dependencies": {
         "tunnel": "^0.0.6",
         "undici": "^5.28.5"
       },
       "devDependencies": {
-        "@types/node": "20.7.1",
+        "@types/node": "24.1.0",
         "@types/proxy": "^1.0.1",
         "@types/tunnel": "0.0.3",
         "proxy": "^2.1.1"
       }
     },
     "node_modules/@fastify/busboy": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.0.0.tgz",
-      "integrity": "sha512-JUFJad5lv7jxj926GPgymrWQxxjPYuJNiNjNMzqT+HiuP6Vl3dk5xzG+8sTX96np0ZAluvaMzPsjhHZ5rNuNQQ==",
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
+      "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
+      "license": "MIT",
       "engines": {
         "node": ">=14"
       }
     },
     "node_modules/@types/node": {
-      "version": "20.7.1",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.7.1.tgz",
-      "integrity": "sha512-LT+OIXpp2kj4E2S/p91BMe+VgGX2+lfO+XTpfXhh+bCk2LkQtHZSub8ewFBMGP5ClysPjTDFa4sMI8Q3n4T0wg==",
-      "dev": true
+      "version": "24.1.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.1.0.tgz",
+      "integrity": "sha512-ut5FthK5moxFKH2T1CUOC6ctR67rQRvvHdFLCD2Ql6KXmMuCrjsSsRI9UsLCm9M18BMwClv4pn327UvB7eeO1w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~7.8.0"
+      }
     },
     "node_modules/@types/proxy": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/@types/proxy/-/proxy-1.0.2.tgz",
-      "integrity": "sha512-NDNsg7YuClVzEenn9SUButu43blypWvljGsIkDV7HI4N9apjrS0aeeMTUG0PYa71lD1AvIgvjkBagqHDiomDjA==",
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@types/proxy/-/proxy-1.0.4.tgz",
+      "integrity": "sha512-KnYy7hpp3wXQ2U0ExvCMF9BvWZ6h2aI0XWb8g705mn26Zmn2HO/eLRi6UuhHELA6MNJtYtiZYWv38gobJN0xXQ==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "@types/node": "*"
       }
@@ -47,6 +53,7 @@
       "resolved": "https://registry.npmjs.org/@types/tunnel/-/tunnel-0.0.3.tgz",
       "integrity": "sha512-sOUTGn6h1SfQ+gbgqC364jLFBw2lnFqkgF3q0WovEHRLMrVD1sd5aufqi/aJObLekJO+Aq5z646U4Oxy6shXMA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "@types/node": "*"
       }
@@ -56,6 +63,7 @@
       "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
       "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "color-convert": "^1.9.0"
       },
@@ -68,6 +76,7 @@
       "resolved": "https://registry.npmjs.org/args/-/args-5.0.3.tgz",
       "integrity": "sha512-h6k/zfFgusnv3i5TU08KQkVKuCPBtL/PWQbWkHUxvJrZ2nAyeaUupneemcrgn1xmqxPQsPIzwkUhOpoqPDRZuA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "camelcase": "5.0.0",
         "chalk": "2.4.2",
@@ -89,6 +98,7 @@
       "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.0.0.tgz",
       "integrity": "sha512-faqwZqnWxbxn+F1d399ygeamQNy3lPp/H9H6rNrqYh4FSVCtcY+3cub1MxA8o9mDd55mM8Aghuu/kuyYA6VTsA==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=6"
       }
@@ -98,6 +108,7 @@
       "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
       "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "ansi-styles": "^3.2.1",
         "escape-string-regexp": "^1.0.5",
@@ -112,6 +123,7 @@
       "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
       "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "color-name": "1.1.3"
       }
@@ -120,15 +132,17 @@
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
       "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==",
-      "dev": true
+      "dev": true,
+      "license": "MIT"
     },
     "node_modules/debug": {
-      "version": "4.3.4",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
-      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
-        "ms": "2.1.2"
+        "ms": "^2.1.3"
       },
       "engines": {
         "node": ">=6.0"
@@ -144,6 +158,7 @@
       "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
       "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=0.8.0"
       }
@@ -153,6 +168,7 @@
       "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
       "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=4"
       }
@@ -162,6 +178,7 @@
       "resolved": "https://registry.npmjs.org/leven/-/leven-2.1.0.tgz",
       "integrity": "sha512-nvVPLpIHUxCUoRLrFqTgSxXJ614d8AgQoWl7zPe/2VadE8+1dpU3LBhowRuBAcuwruWtOdD8oYC9jDNJjXDPyA==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=0.10.0"
       }
@@ -171,26 +188,32 @@
       "resolved": "https://registry.npmjs.org/mri/-/mri-1.1.4.tgz",
       "integrity": "sha512-6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=4"
       }
     },
     "node_modules/ms": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
-      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
-      "dev": true
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "dev": true,
+      "license": "MIT"
     },
     "node_modules/proxy": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/proxy/-/proxy-2.1.1.tgz",
-      "integrity": "sha512-nLgd7zdUAOpB3ZO/xCkU8gy74UER7P0aihU8DkUsDS5ZoFwVCX7u8dy+cv5tVK8UaB/yminU1GiLWE26TKPYpg==",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/proxy/-/proxy-2.2.0.tgz",
+      "integrity": "sha512-nYclNIWj9UpXbVJ3W5EXIYiGR88AKZoGt90kyh3zoOBY5QW+7bbtPvMFgKGD4VJmpS3UXQXtlGXSg3lRNLOFLg==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "args": "^5.0.3",
         "basic-auth-parser": "0.0.2-1",
         "debug": "^4.3.4"
       },
+      "bin": {
+        "proxy": "dist/bin/proxy.js"
+      },
       "engines": {
         "node": ">= 14"
       }
@@ -200,6 +223,7 @@
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
       "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "has-flag": "^3.0.0"
       },
@@ -211,14 +235,15 @@
       "version": "0.0.6",
       "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
       "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
+      "license": "MIT",
       "engines": {
         "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
       }
     },
     "node_modules/undici": {
-      "version": "5.28.5",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz",
-      "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==",
+      "version": "5.29.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
+      "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
       "license": "MIT",
       "dependencies": {
         "@fastify/busboy": "^2.0.0"
@@ -226,168 +251,13 @@
       "engines": {
         "node": ">=14.0"
       }
-    }
-  },
-  "dependencies": {
-    "@fastify/busboy": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.0.0.tgz",
-      "integrity": "sha512-JUFJad5lv7jxj926GPgymrWQxxjPYuJNiNjNMzqT+HiuP6Vl3dk5xzG+8sTX96np0ZAluvaMzPsjhHZ5rNuNQQ=="
     },
-    "@types/node": {
-      "version": "20.7.1",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.7.1.tgz",
-      "integrity": "sha512-LT+OIXpp2kj4E2S/p91BMe+VgGX2+lfO+XTpfXhh+bCk2LkQtHZSub8ewFBMGP5ClysPjTDFa4sMI8Q3n4T0wg==",
-      "dev": true
-    },
-    "@types/proxy": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/@types/proxy/-/proxy-1.0.2.tgz",
-      "integrity": "sha512-NDNsg7YuClVzEenn9SUButu43blypWvljGsIkDV7HI4N9apjrS0aeeMTUG0PYa71lD1AvIgvjkBagqHDiomDjA==",
+    "node_modules/undici-types": {
+      "version": "7.8.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.8.0.tgz",
+      "integrity": "sha512-9UJ2xGDvQ43tYyVMpuHlsgApydB8ZKfVYTsLDhXkFL/6gfkp+U8xTGdh8pMJv1SpZna0zxG1DwsKZsreLbXBxw==",
       "dev": true,
-      "requires": {
-        "@types/node": "*"
-      }
-    },
-    "@types/tunnel": {
-      "version": "0.0.3",
-      "resolved": "https://registry.npmjs.org/@types/tunnel/-/tunnel-0.0.3.tgz",
-      "integrity": "sha512-sOUTGn6h1SfQ+gbgqC364jLFBw2lnFqkgF3q0WovEHRLMrVD1sd5aufqi/aJObLekJO+Aq5z646U4Oxy6shXMA==",
-      "dev": true,
-      "requires": {
-        "@types/node": "*"
-      }
-    },
-    "ansi-styles": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
-      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
-      "dev": true,
-      "requires": {
-        "color-convert": "^1.9.0"
-      }
-    },
-    "args": {
-      "version": "5.0.3",
-      "resolved": "https://registry.npmjs.org/args/-/args-5.0.3.tgz",
-      "integrity": "sha512-h6k/zfFgusnv3i5TU08KQkVKuCPBtL/PWQbWkHUxvJrZ2nAyeaUupneemcrgn1xmqxPQsPIzwkUhOpoqPDRZuA==",
-      "dev": true,
-      "requires": {
-        "camelcase": "5.0.0",
-        "chalk": "2.4.2",
-        "leven": "2.1.0",
-        "mri": "1.1.4"
-      }
-    },
-    "basic-auth-parser": {
-      "version": "0.0.2-1",
-      "resolved": "https://registry.npmjs.org/basic-auth-parser/-/basic-auth-parser-0.0.2-1.tgz",
-      "integrity": "sha512-GFj8iVxo9onSU6BnnQvVwqvxh60UcSHJEDnIk3z4B6iOjsKSmqe+ibW0Rsz7YO7IE1HG3D3tqCNIidP46SZVdQ==",
-      "dev": true
-    },
-    "camelcase": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.0.0.tgz",
-      "integrity": "sha512-faqwZqnWxbxn+F1d399ygeamQNy3lPp/H9H6rNrqYh4FSVCtcY+3cub1MxA8o9mDd55mM8Aghuu/kuyYA6VTsA==",
-      "dev": true
-    },
-    "chalk": {
-      "version": "2.4.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
-      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
-      "dev": true,
-      "requires": {
-        "ansi-styles": "^3.2.1",
-        "escape-string-regexp": "^1.0.5",
-        "supports-color": "^5.3.0"
-      }
-    },
-    "color-convert": {
-      "version": "1.9.3",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
-      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
-      "dev": true,
-      "requires": {
-        "color-name": "1.1.3"
-      }
-    },
-    "color-name": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-      "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==",
-      "dev": true
-    },
-    "debug": {
-      "version": "4.3.4",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
-      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
-      "dev": true,
-      "requires": {
-        "ms": "2.1.2"
-      }
-    },
-    "escape-string-regexp": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
-      "dev": true
-    },
-    "has-flag": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
-      "dev": true
-    },
-    "leven": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/leven/-/leven-2.1.0.tgz",
-      "integrity": "sha512-nvVPLpIHUxCUoRLrFqTgSxXJ614d8AgQoWl7zPe/2VadE8+1dpU3LBhowRuBAcuwruWtOdD8oYC9jDNJjXDPyA==",
-      "dev": true
-    },
-    "mri": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/mri/-/mri-1.1.4.tgz",
-      "integrity": "sha512-6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w==",
-      "dev": true
-    },
-    "ms": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
-      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
-      "dev": true
-    },
-    "proxy": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/proxy/-/proxy-2.1.1.tgz",
-      "integrity": "sha512-nLgd7zdUAOpB3ZO/xCkU8gy74UER7P0aihU8DkUsDS5ZoFwVCX7u8dy+cv5tVK8UaB/yminU1GiLWE26TKPYpg==",
-      "dev": true,
-      "requires": {
-        "args": "^5.0.3",
-        "basic-auth-parser": "0.0.2-1",
-        "debug": "^4.3.4"
-      }
-    },
-    "supports-color": {
-      "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
-      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
-      "dev": true,
-      "requires": {
-        "has-flag": "^3.0.0"
-      }
-    },
-    "tunnel": {
-      "version": "0.0.6",
-      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
-      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
-    },
-    "undici": {
-      "version": "5.28.5",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz",
-      "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==",
-      "requires": {
-        "@fastify/busboy": "^2.0.0"
-      }
+      "license": "MIT"
     }
   }
 }

packages/http-client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@actions/http-client",
-  "version": "2.2.3",
+  "version": "3.0.0",
   "description": "Actions Http Client",
   "keywords": [
     "github",
@@ -39,7 +39,7 @@
     "url": "https://github.com/actions/toolkit/issues"
   },
   "devDependencies": {
-    "@types/node": "20.7.1",
+    "@types/node": "24.1.0",
     "@types/tunnel": "0.0.3",
     "proxy": "^2.1.1",
     "@types/proxy": "^1.0.1"
@@ -47,5 +47,8 @@
   "dependencies": {
     "tunnel": "^0.0.6",
     "undici": "^5.28.5"
+  },
+  "overrides": {
+    "uri-js": "npm:uri-js-replace@^1.0.1"
   }
 }

packages/http-client/src/index.ts

@@ -275,11 +275,11 @@ export class HttpClient {
       Headers.Accept,
       MediaTypes.ApplicationJson
     )
-    additionalHeaders[Headers.ContentType] = this._getExistingOrDefaultHeader(
-      additionalHeaders,
-      Headers.ContentType,
-      MediaTypes.ApplicationJson
-    )
+    additionalHeaders[Headers.ContentType] =
+      this._getExistingOrDefaultContentTypeHeader(
+        additionalHeaders,
+        MediaTypes.ApplicationJson
+      )
     const res: HttpClientResponse = await this.post(
       requestUrl,
       data,
@@ -299,11 +299,11 @@ export class HttpClient {
       Headers.Accept,
       MediaTypes.ApplicationJson
     )
-    additionalHeaders[Headers.ContentType] = this._getExistingOrDefaultHeader(
-      additionalHeaders,
-      Headers.ContentType,
-      MediaTypes.ApplicationJson
-    )
+    additionalHeaders[Headers.ContentType] =
+      this._getExistingOrDefaultContentTypeHeader(
+        additionalHeaders,
+        MediaTypes.ApplicationJson
+      )
     const res: HttpClientResponse = await this.put(
       requestUrl,
       data,
@@ -323,11 +323,11 @@ export class HttpClient {
       Headers.Accept,
       MediaTypes.ApplicationJson
     )
-    additionalHeaders[Headers.ContentType] = this._getExistingOrDefaultHeader(
-      additionalHeaders,
-      Headers.ContentType,
-      MediaTypes.ApplicationJson
-    )
+    additionalHeaders[Headers.ContentType] =
+      this._getExistingOrDefaultContentTypeHeader(
+        additionalHeaders,
+        MediaTypes.ApplicationJson
+      )
     const res: HttpClientResponse = await this.patch(
       requestUrl,
       data,
@@ -628,16 +628,87 @@ export class HttpClient {
     return lowercaseKeys(headers || {})
   }
 
+  /**
+   * Gets an existing header value or returns a default.
+   * Handles converting number header values to strings since HTTP headers must be strings.
+   * Note: This returns string | string[] since some headers can have multiple values.
+   * For headers that must always be a single string (like Content-Type), use the
+   * specialized _getExistingOrDefaultContentTypeHeader method instead.
+   */
   private _getExistingOrDefaultHeader(
     additionalHeaders: http.OutgoingHttpHeaders,
     header: string,
     _default: string
-  ): string | number | string[] {
+  ): string | string[] {
+    let clientHeader: string | string[] | undefined
+    if (this.requestOptions && this.requestOptions.headers) {
+      const headerValue = lowercaseKeys(this.requestOptions.headers)[header]
+      if (headerValue) {
+        clientHeader =
+          typeof headerValue === 'number' ? headerValue.toString() : headerValue
+      }
+    }
+
+    const additionalValue = additionalHeaders[header]
+
+    if (additionalValue !== undefined) {
+      return typeof additionalValue === 'number'
+        ? additionalValue.toString()
+        : additionalValue
+    }
+
+    if (clientHeader !== undefined) {
+      return clientHeader
+    }
+
+    return _default
+  }
+
+  /**
+   * Specialized version of _getExistingOrDefaultHeader for Content-Type header.
+   * Always returns a single string (not an array) since Content-Type should be a single value.
+   * Converts arrays to comma-separated strings and numbers to strings to ensure type safety.
+   * This was split from _getExistingOrDefaultHeader to provide stricter typing for callers
+   * that assign the result to places expecting a string (e.g., additionalHeaders[Headers.ContentType]).
+   */
+  private _getExistingOrDefaultContentTypeHeader(
+    additionalHeaders: http.OutgoingHttpHeaders,
+    _default: string
+  ): string {
     let clientHeader: string | undefined
     if (this.requestOptions && this.requestOptions.headers) {
-      clientHeader = lowercaseKeys(this.requestOptions.headers)[header]
+      const headerValue = lowercaseKeys(this.requestOptions.headers)[
+        Headers.ContentType
+      ]
+      if (headerValue) {
+        if (typeof headerValue === 'number') {
+          clientHeader = String(headerValue)
+        } else if (Array.isArray(headerValue)) {
+          clientHeader = headerValue.join(', ')
+        } else {
+          clientHeader = headerValue
+        }
+      }
     }
-    return additionalHeaders[header] || clientHeader || _default
+
+    const additionalValue = additionalHeaders[Headers.ContentType]
+
+    // Return the first non-undefined value, converting numbers or arrays to strings if necessary
+    if (additionalValue !== undefined) {
+      if (typeof additionalValue === 'number') {
+        return String(additionalValue)
+      } else if (Array.isArray(additionalValue)) {
+        return additionalValue.join(', ')
+      } else {
+        return additionalValue
+      }
+    }
+
+    if (clientHeader !== undefined) {
+      return clientHeader
+    }
+
+    return _default
   }
 
   private _getAgent(parsedUrl: URL): http.Agent {

packages/io/RELEASES.md

@@ -1,5 +1,9 @@
 # @actions/io Releases
 
+### 2.0.0
+- Add support for Node 24 [#2110](https://github.com/actions/toolkit/pull/2110)
+- Ensures consistent behavior for paths on Node 24 with Windows
+
 ### 1.1.3
 - Replace `child_process.exec` with `fs.rm` in `rmRF` for all OS implementations [#1373](https://github.com/actions/toolkit/pull/1373)
 

packages/io/__tests__/io.test.ts

@@ -643,8 +643,11 @@ describe('rmRF', () => {
       })
     ).toBe('test file content')
     if (os.platform() === 'win32') {
-      expect(await fs.readlink(symlinkLevel2Directory)).toBe(
-        `${symlinkDirectory}\\`
+      // Node.js 24 changed behavior - fs.readlink no longer includes trailing backslash
+      // Accept both formats for compatibility
+      const linkPath = await fs.readlink(symlinkLevel2Directory)
+      expect(linkPath.replace(/\\+$/, '')).toBe(
+        symlinkDirectory.replace(/\\+$/, '')
       )
     } else {
       expect(await fs.readlink(symlinkLevel2Directory)).toBe(symlinkDirectory)
@@ -1201,9 +1204,8 @@ describe('which', () => {
       const originalPath = process.env['PATH']
       try {
         // modify PATH
-        process.env[
-          'PATH'
-        ] = `${process.env['PATH']}${path.delimiter}${testPath}`
+        process.env['PATH'] =
+          `${process.env['PATH']}${path.delimiter}${testPath}`
 
         // find each file
         for (const fileName of Object.keys(files)) {
@@ -1274,9 +1276,8 @@ describe('which', () => {
       await fs.writeFile(notExpectedFilePath, '')
       const originalPath = process.env['PATH']
       try {
-        process.env[
-          'PATH'
-        ] = `${process.env['PATH']}${path.delimiter}${testPath}`
+        process.env['PATH'] =
+          `${process.env['PATH']}${path.delimiter}${testPath}`
         expect(await io.which(fileName)).toBe(expectedFilePath)
       } finally {
         process.env['PATH'] = originalPath
@@ -1438,9 +1439,8 @@ describe('findInPath', () => {
     try {
       // update the PATH
       for (const testPath of testPaths) {
-        process.env[
-          'PATH'
-        ] = `${process.env['PATH']}${path.delimiter}${testPath}`
+        process.env['PATH'] =
+          `${process.env['PATH']}${path.delimiter}${testPath}`
       }
       // exact file names
       expect(await io.findInPath(fileName)).toEqual(filePaths)

packages/io/package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "@actions/io",
-  "version": "1.1.3",
-  "lockfileVersion": 2,
+  "version": "2.0.0",
+  "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@actions/io",
-      "version": "1.1.3",
+      "version": "2.0.0",
       "license": "MIT"
     }
   }

packages/io/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@actions/io",
-  "version": "1.1.3",
+  "version": "2.0.0",
   "description": "Actions io lib",
   "keywords": [
     "github",

packages/io/src/io-util.ts

@@ -8,7 +8,6 @@ export const {
   mkdir,
   open,
   readdir,
-  readlink,
   rename,
   rm,
   rmdir,
@@ -18,6 +17,30 @@ export const {
 } = fs.promises
 // export const {open} = 'fs'
 export const IS_WINDOWS = process.platform === 'win32'
+
+/**
+ * Custom implementation of readlink to ensure Windows junctions
+ * maintain trailing backslash for backward compatibility with Node.js < 24
+ *
+ * In Node.js 20, Windows junctions (directory symlinks) always returned paths
+ * with trailing backslashes. Node.js 24 removed this behavior, which breaks
+ * code that relied on this format for path operations.
+ *
+ * This implementation restores the Node 20 behavior by adding a trailing
+ * backslash to all junction results on Windows.
+ */
+export async function readlink(fsPath: string): Promise<string> {
+  const result = await fs.promises.readlink(fsPath)
+
+  // On Windows, restore Node 20 behavior: add trailing backslash to all results
+  // since junctions on Windows are always directory links
+  if (IS_WINDOWS && !result.endsWith('\\')) {
+    return `${result}\\`
+  }
+
+  return result
+}
+
 // See https://github.com/nodejs/node/blob/d0153aee367422d0858105abec186da4dff0a0c5/deps/uv/include/uv/win.h#L691
 export const UV_FS_O_EXLOCK = 0x10000000
 export const READONLY = fs.constants.O_RDONLY

packages/tool-cache/package-lock.json

@@ -1,7 +1,7 @@
 {
   "name": "@actions/tool-cache",
   "version": "2.0.2",
-  "lockfileVersion": 2,
+  "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
@@ -25,6 +25,7 @@
       "version": "1.11.1",
       "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
       "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
+      "license": "MIT",
       "dependencies": {
         "@actions/exec": "^1.1.1",
         "@actions/http-client": "^2.0.1"
@@ -34,22 +35,35 @@
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
       "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
+      "license": "MIT",
       "dependencies": {
         "@actions/io": "^1.0.1"
       }
     },
     "node_modules/@actions/http-client": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz",
-      "integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==",
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz",
+      "integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==",
+      "license": "MIT",
       "dependencies": {
-        "tunnel": "^0.0.6"
+        "tunnel": "^0.0.6",
+        "undici": "^5.25.4"
       }
     },
     "node_modules/@actions/io": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
-      "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
+      "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==",
+      "license": "MIT"
+    },
+    "node_modules/@fastify/busboy": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
+      "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=14"
+      }
     },
     "node_modules/@types/nock": {
       "version": "11.1.0",
@@ -57,23 +71,26 @@
       "integrity": "sha512-jI/ewavBQ7X5178262JQR0ewicPAcJhXS/iFaNJl0VHLfyosZ/kwSrsa6VNQNSO8i9d8SqdRgOtZSOKJ/+iNMw==",
       "deprecated": "This is a stub types definition. nock provides its own type definitions, so you do not need this installed.",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "nock": "*"
       }
     },
     "node_modules/@types/semver": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/@types/semver/-/semver-6.0.1.tgz",
-      "integrity": "sha512-ffCdcrEE5h8DqVxinQjo+2d1q+FV5z7iNtPofw3JsrltSoSVlOGaW0rY8XxtO9XukdTn8TaCGWmk2VFGhI70mg==",
-      "dev": true
+      "version": "6.2.7",
+      "resolved": "https://registry.npmjs.org/@types/semver/-/semver-6.2.7.tgz",
+      "integrity": "sha512-blctEWbzUFzQx799RZjzzIdBJOXmE37YYEyDtKkx5Dg+V7o/zyyAxLPiI98A2jdTtDgxZleMdfV+7p8WbRJ1OQ==",
+      "dev": true,
+      "license": "MIT"
     },
     "node_modules/debug": {
-      "version": "4.3.4",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
-      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
-        "ms": "2.1.2"
+        "ms": "^2.1.3"
       },
       "engines": {
         "node": ">=6.0"
@@ -87,30 +104,26 @@
     "node_modules/json-stringify-safe": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
-      "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=",
-      "dev": true
-    },
-    "node_modules/lodash": {
-      "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
-      "dev": true
+      "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==",
+      "dev": true,
+      "license": "ISC"
     },
     "node_modules/ms": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
-      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
-      "dev": true
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "dev": true,
+      "license": "MIT"
     },
     "node_modules/nock": {
-      "version": "13.2.9",
-      "resolved": "https://registry.npmjs.org/nock/-/nock-13.2.9.tgz",
-      "integrity": "sha512-1+XfJNYF1cjGB+TKMWi29eZ0b82QOvQs2YoLNzbpWGqFMtRQHTa57osqdGj4FrFPgkO4D4AZinzUJR9VvW3QUA==",
+      "version": "13.5.6",
+      "resolved": "https://registry.npmjs.org/nock/-/nock-13.5.6.tgz",
+      "integrity": "sha512-o2zOYiCpzRqSzPj0Zt/dQ/DqZeYoaQ7TUonc/xUPjCGl9WeHpNbxgVvOquXYAaJzI0M9BXV3HTzG0p8IUAbBTQ==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "debug": "^4.1.0",
         "json-stringify-safe": "^5.0.1",
-        "lodash": "^4.17.21",
         "propagate": "^2.0.0"
       },
       "engines": {
@@ -122,6 +135,7 @@
       "resolved": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz",
       "integrity": "sha512-vGrhOavPSTz4QVNuBNdcNXePNdNMaO1xj9yBeH1ScQPjk/rhg9sSlCXPhMkFuaNNW/syTvYqsnbIJxMBfRbbag==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">= 8"
       }
@@ -130,6 +144,7 @@
       "version": "6.3.1",
       "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
       "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
+      "license": "ISC",
       "bin": {
         "semver": "bin/semver.js"
       }
@@ -138,111 +153,22 @@
       "version": "0.0.6",
       "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
       "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
+      "license": "MIT",
       "engines": {
         "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
       }
-    }
-  },
-  "dependencies": {
-    "@actions/core": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
-      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
-      "requires": {
-        "@actions/exec": "^1.1.1",
-        "@actions/http-client": "^2.0.1"
+    },
+    "node_modules/undici": {
+      "version": "5.29.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
+      "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
+      "license": "MIT",
+      "dependencies": {
+        "@fastify/busboy": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=14.0"
       }
-    },
-    "@actions/exec": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
-      "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
-      "requires": {
-        "@actions/io": "^1.0.1"
-      }
-    },
-    "@actions/http-client": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz",
-      "integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==",
-      "requires": {
-        "tunnel": "^0.0.6"
-      }
-    },
-    "@actions/io": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
-      "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
-    },
-    "@types/nock": {
-      "version": "11.1.0",
-      "resolved": "https://registry.npmjs.org/@types/nock/-/nock-11.1.0.tgz",
-      "integrity": "sha512-jI/ewavBQ7X5178262JQR0ewicPAcJhXS/iFaNJl0VHLfyosZ/kwSrsa6VNQNSO8i9d8SqdRgOtZSOKJ/+iNMw==",
-      "dev": true,
-      "requires": {
-        "nock": "*"
-      }
-    },
-    "@types/semver": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/@types/semver/-/semver-6.0.1.tgz",
-      "integrity": "sha512-ffCdcrEE5h8DqVxinQjo+2d1q+FV5z7iNtPofw3JsrltSoSVlOGaW0rY8XxtO9XukdTn8TaCGWmk2VFGhI70mg==",
-      "dev": true
-    },
-    "debug": {
-      "version": "4.3.4",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
-      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
-      "dev": true,
-      "requires": {
-        "ms": "2.1.2"
-      }
-    },
-    "json-stringify-safe": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
-      "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=",
-      "dev": true
-    },
-    "lodash": {
-      "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
-      "dev": true
-    },
-    "ms": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
-      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
-      "dev": true
-    },
-    "nock": {
-      "version": "13.2.9",
-      "resolved": "https://registry.npmjs.org/nock/-/nock-13.2.9.tgz",
-      "integrity": "sha512-1+XfJNYF1cjGB+TKMWi29eZ0b82QOvQs2YoLNzbpWGqFMtRQHTa57osqdGj4FrFPgkO4D4AZinzUJR9VvW3QUA==",
-      "dev": true,
-      "requires": {
-        "debug": "^4.1.0",
-        "json-stringify-safe": "^5.0.1",
-        "lodash": "^4.17.21",
-        "propagate": "^2.0.0"
-      }
-    },
-    "propagate": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz",
-      "integrity": "sha512-vGrhOavPSTz4QVNuBNdcNXePNdNMaO1xj9yBeH1ScQPjk/rhg9sSlCXPhMkFuaNNW/syTvYqsnbIJxMBfRbbag==",
-      "dev": true
-    },
-    "semver": {
-      "version": "6.3.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
-      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="
-    },
-    "tunnel": {
-      "version": "0.0.6",
-      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
-      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
     }
   }
 }