From 391b8c7809754e319122d9e3309765e104e57f1e Mon Sep 17 00:00:00 2001 From: Philip Gai Date: Thu, 16 Jul 2026 10:32:50 -0500 Subject: [PATCH 1/3] chore(deps): bump @actions/cache to 6.2.0 (#1584) Bump @actions/cache from ^6.1.0 to ^6.2.0 and rebuild the vendored dist bundles (dist/setup, dist/cache-save) via ncc. Update the licensed cache record for @actions/cache to 6.2.0. 6.2.0 ships two transparent client behaviors: honor ACTIONS_CACHE_MODE to skip restore/save when the effective cache-mode disallows it, and surface a core.warning (not a run failure) when the cache service denies a read/write due to token scopes. Copilot-Session: 0acd1380-0102-4f9d-b613-192a6ddef737 Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> --- .licenses/npm/@actions/cache.dep.yml | 2 +- dist/cache-save/index.js | 144 +++++++++++++++++++++------ dist/setup/index.js | 144 +++++++++++++++++++++------ package-lock.json | 8 +- package.json | 2 +- 5 files changed, 236 insertions(+), 64 deletions(-) diff --git a/.licenses/npm/@actions/cache.dep.yml b/.licenses/npm/@actions/cache.dep.yml index 1ce82e833..9433ea0f0 100644 --- a/.licenses/npm/@actions/cache.dep.yml +++ b/.licenses/npm/@actions/cache.dep.yml @@ -1,6 +1,6 @@ --- name: "@actions/cache" -version: 6.1.0 +version: 6.2.0 type: npm summary: Actions cache lib homepage: https://github.com/actions/toolkit/tree/main/packages/cache diff --git a/dist/cache-save/index.js b/dist/cache-save/index.js index 640a5499a..49820c5df 100644 --- a/dist/cache-save/index.js +++ b/dist/cache-save/index.js @@ -39020,7 +39020,7 @@ module.exports = { version: packageJson.version } /***/ 4012: /***/ ((module) => { -module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.1.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}'); +module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.2.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}'); /***/ }) @@ -43258,6 +43258,10 @@ const SystemTarPathOnWindows = `${process.env['SYSTEMDRIVE']}\\Windows\\System32 const TarFilename = 'cache.tar'; const ManifestFilename = 'manifest.txt'; const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository +// Prefix the cache backend embeds in a read-denial message (v2 twirp +// GetCacheEntryDownloadURL error or the GHES v1 `_apis/artifactcache` 403 body). +// Shared so cache.ts and cacheHttpClient.ts match the same contract value. +const constants_CacheReadDeniedMessagePrefix = 'cache read denied:'; //# sourceMappingURL=constants.js.map ;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) { @@ -87289,6 +87293,24 @@ function config_getCacheServiceVersion() { return 'v1'; return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1'; } +// The cache-mode lattice: readable = {read, write}, writable = {write, +// write-only}, none = neither. +const KNOWN_CACHE_MODES = ['none', 'read', 'write', 'write-only']; +// The effective cache-mode exported by the runner, or '' when not set. +function config_getCacheMode() { + return (process.env['ACTIONS_CACHE_MODE'] || '').trim().toLowerCase(); +} +// Unset or unrecognized modes are permissive so behavior matches today. +function config_isCacheReadable(mode) { + if (!KNOWN_CACHE_MODES.includes(mode)) + return true; + return mode === 'read' || mode === 'write'; +} +function isCacheWritable(mode) { + if (!KNOWN_CACHE_MODES.includes(mode)) + return true; + return mode === 'write' || mode === 'write-only'; +} function getCacheServiceURL() { const version = config_getCacheServiceVersion(); // Based on the version of the cache service, we will determine which @@ -87338,6 +87360,7 @@ var cacheHttpClient_awaiter = (undefined && undefined.__awaiter) || function (th + function getCacheApiUrl(resource) { const baseUrl = getCacheServiceURL(); if (!baseUrl) { @@ -87365,6 +87388,7 @@ function createHttpClient() { } function getCacheEntry(keys, paths, options) { return cacheHttpClient_awaiter(this, void 0, void 0, function* () { + var _a; const httpClient = createHttpClient(); const version = utils.getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive); const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`; @@ -87378,6 +87402,12 @@ function getCacheEntry(keys, paths, options) { return null; } if (!isSuccessStatusCode(response.statusCode)) { + // Only surface the receiver's body for a `cache read denied:` policy denial + // so callers can dispatch on it; keep the generic message otherwise. + const errorMessage = (_a = response.error) === null || _a === void 0 ? void 0 : _a.message; + if (errorMessage === null || errorMessage === void 0 ? void 0 : errorMessage.includes(CacheReadDeniedMessagePrefix)) { + throw new Error(errorMessage); + } throw new Error(`Cache service responded with ${response.statusCode}`); } const cacheResult = response.result; @@ -88638,6 +88668,7 @@ var cache_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar + class ValidationError extends Error { constructor(message) { super(message); @@ -88653,19 +88684,20 @@ class ReserveCacheError extends Error { } } /** - * Stable prefix the receiver writes into the cache reservation response when - * the issuer downgraded the cache token to read-only (for example, because + * Stable prefix the cache service writes into the cache reservation response + * when the issuer downgraded the cache token to read-only (for example, because * the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2 - * dispatch on this prefix to re-classify the failure as a - * CacheWriteDeniedError so consumers (and the outer catch arm) can - * distinguish a policy denial from other reservation failures. + * dispatch on this prefix to re-classify the failure as a CacheWriteDeniedError + * so consumers and tests can distinguish a policy denial from other reservation + * failures. Internally it is logged as a non-fatal warning like other + * best-effort save failures. */ const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:'; /** * Raised when the cache backend refuses to reserve a writable cache entry * because the JWT issued for this run was scoped read-only (for example, the * run was triggered by an event the repository administrator classified as - * untrusted). The receiver-supplied detail message always begins with + * untrusted). The service-supplied detail message always begins with * `cache write denied:` (the full error message includes additional context * like the cache key). * @@ -88681,6 +88713,19 @@ class CacheWriteDeniedError extends ReserveCacheError { Object.setPrototypeOf(this, CacheWriteDeniedError.prototype); } } +// Re-exported from constants so consumers keep referencing it here; the shared +// value also drives detection in cacheHttpClient without duplicating the string. +const CACHE_READ_DENIED_PREFIX = (/* unused pure expression or super */ null && (CacheReadDeniedMessagePrefix)); +// Raised when the cache backend denies a download URL because the run's token +// has no readable cache scopes. Caching is best-effort, so restoreCache logs a +// warning and reports a cache miss rather than rethrowing this. +class CacheReadDeniedError extends Error { + constructor(message) { + super(message); + this.name = 'CacheReadDeniedError'; + Object.setPrototypeOf(this, CacheReadDeniedError.prototype); + } +} class FinalizeCacheError extends Error { constructor(message) { super(message); @@ -88735,6 +88780,12 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) { const cacheServiceVersion = getCacheServiceVersion(); core.debug(`Cache service version: ${cacheServiceVersion}`); checkPaths(paths); + const cacheMode = getCacheMode(); + if (!isCacheReadable(cacheMode)) { + core.info(`Cache restore skipped: the effective cache-mode '${cacheMode}' does not permit reads.`); + core.debug(`Skipped restore for paths [${paths.join(', ')}] with primary key '${primaryKey}'.`); + return undefined; + } switch (cacheServiceVersion) { case 'v2': return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive); @@ -88756,6 +88807,7 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) { */ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) { return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) { + var _a; restoreKeys = restoreKeys || []; const keys = [primaryKey, ...restoreKeys]; core.debug('Resolved Keys:'); @@ -88770,10 +88822,26 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) { let archivePath = ''; try { // path are needed to compute version - const cacheEntry = yield cacheHttpClient.getCacheEntry(keys, paths, { - compressionMethod, - enableCrossOsArchive - }); + let cacheEntry; + try { + cacheEntry = yield cacheHttpClient.getCacheEntry(keys, paths, { + compressionMethod, + enableCrossOsArchive + }); + } + catch (error) { + // The v1 artifact cache service returns HTTP 403 with a + // `cache read denied:` body when the run's token has no readable cache + // scopes. getCacheEntry lives in a dependency-free internal module and + // cannot import CacheReadDeniedError without a circular dependency, so it + // only surfaces the raw denial message; we classify it into the typed + // error here so the outer catch and consumers can dispatch on it. + const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : ''; + if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) { + throw new CacheReadDeniedError(errorMessage); + } + throw error; + } if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) { // Cache not found return undefined; @@ -88802,7 +88870,9 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) { } else { // warn on cache restore failure and continue build - // Log server errors (5xx) as errors, all other errors as warnings + // Log server errors (5xx) as errors, all other errors as warnings. + // A read denied by policy (CacheReadDeniedError) is not an HttpClientError + // so it falls here and is warned, treated as a cache miss. if (typedError instanceof HttpClientError && typeof typedError.statusCode === 'number' && typedError.statusCode >= 500) { @@ -88837,6 +88907,7 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) { */ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) { return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) { + var _a; // Override UploadOptions to force the use of Azure options = Object.assign(Object.assign({}, options), { useAzureSdk: true }); restoreKeys = restoreKeys || []; @@ -88858,7 +88929,20 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) { restoreKeys, version: utils.getCacheVersion(paths, compressionMethod, enableCrossOsArchive) }; - const response = yield twirpClient.GetCacheEntryDownloadURL(request); + let response; + try { + response = yield twirpClient.GetCacheEntryDownloadURL(request); + } + catch (error) { + // The receiver returns twirp PermissionDenied (403) when the run's token + // has no readable cache scopes. The client wraps that 403, so the stable + // prefix is embedded in the message rather than leading it. + const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : ''; + if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) { + throw new CacheReadDeniedError(errorMessage); + } + throw error; + } if (!response.ok) { core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`); return undefined; @@ -88893,8 +88977,10 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) { throw error; } else { - // Supress all non-validation cache related errors because caching should be optional - // Log server errors (5xx) as errors, all other errors as warnings + // Suppress all non-validation cache related errors because caching should be optional + // Log server errors (5xx) as errors, all other errors as warnings. + // A read denied by policy (CacheReadDeniedError) is not an HttpClientError + // so it falls here and is warned, treated as a cache miss. if (typedError instanceof HttpClientError && typeof typedError.statusCode === 'number' && typedError.statusCode >= 500) { @@ -88933,6 +89019,12 @@ function cache_saveCache(paths_1, key_1, options_1) { core_debug(`Cache service version: ${cacheServiceVersion}`); checkPaths(paths); checkKey(key); + const cacheMode = config_getCacheMode(); + if (!isCacheWritable(cacheMode)) { + info(`Cache save skipped: the effective cache-mode '${cacheMode}' does not permit writes.`); + core_debug(`Skipped save for paths [${paths.join(', ')}] with key '${key}'.`); + return -1; + } switch (cacheServiceVersion) { case 'v2': return yield saveCacheV2(paths, key, options, enableCrossOsArchive); @@ -89010,17 +89102,14 @@ function saveCacheV1(paths_1, key_1, options_1) { if (typedError.name === ValidationError.name) { throw error; } - else if (typedError.name === CacheWriteDeniedError.name) { - // Cache write was denied by policy (read-only token). Surface to the - // customer at warning level so it is visible in the workflow log - // without failing the run. - warning(`Failed to save: ${typedError.message}`); - } else if (typedError.name === ReserveCacheError.name) { info(`Failed to save: ${typedError.message}`); } else { - // Log server errors (5xx) as errors, all other errors as warnings + // Log server errors (5xx) as errors, all other errors as warnings. + // A write denied by policy (CacheWriteDeniedError) is not an + // HttpClientError and its name does not match the ReserveCacheError arm, + // so it falls here and is warned without failing the run. if (typedError instanceof lib_HttpClientError && typeof typedError.statusCode === 'number' && typedError.statusCode >= 500) { @@ -89131,12 +89220,6 @@ function saveCacheV2(paths_1, key_1, options_1) { if (typedError.name === ValidationError.name) { throw error; } - else if (typedError.name === CacheWriteDeniedError.name) { - // Cache write was denied by policy (read-only token). Surface to the - // customer at warning level so it is visible in the workflow log - // without failing the run. - warning(`Failed to save: ${typedError.message}`); - } else if (typedError.name === ReserveCacheError.name) { info(`Failed to save: ${typedError.message}`); } @@ -89144,7 +89227,10 @@ function saveCacheV2(paths_1, key_1, options_1) { warning(typedError.message); } else { - // Log server errors (5xx) as errors, all other errors as warnings + // Log server errors (5xx) as errors, all other errors as warnings. + // A write denied by policy (CacheWriteDeniedError) is not an + // HttpClientError and its name does not match the ReserveCacheError arm, + // so it falls here and is warned without failing the run. if (typedError instanceof lib_HttpClientError && typeof typedError.statusCode === 'number' && typedError.statusCode >= 500) { diff --git a/dist/setup/index.js b/dist/setup/index.js index 5c53d2e5d..105c3a9cf 100644 --- a/dist/setup/index.js +++ b/dist/setup/index.js @@ -40038,7 +40038,7 @@ module.exports = { version: packageJson.version } /***/ 4012: /***/ ((module) => { -module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.1.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}'); +module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/cache","version":"6.2.0","description":"Actions cache lib","keywords":["github","actions","cache"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/cache","license":"MIT","type":"module","main":"lib/cache.js","types":"lib/cache.d.ts","exports":{".":{"types":"./lib/cache.d.ts","import":"./lib/cache.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/cache"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/shared/package-version.cjs lib/internal/shared/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^3.0.1","@actions/exec":"^3.0.0","@actions/glob":"^0.6.1","@actions/http-client":"^4.0.1","@actions/io":"^3.0.2","@azure/core-rest-pipeline":"^1.23.0","@azure/storage-blob":"^12.31.0","@protobuf-ts/runtime-rpc":"^2.11.1","semver":"^7.7.4"},"devDependencies":{"@protobuf-ts/plugin":"^2.11.1","@types/node":"^25.6.0","@types/semver":"^7.7.1","typescript":"^5.9.3"},"overrides":{"uri-js":"npm:uri-js-replace@^1.0.1","node-fetch":"^3.3.2"}}'); /***/ }) @@ -48645,6 +48645,10 @@ const SystemTarPathOnWindows = `${process.env['SYSTEMDRIVE']}\\Windows\\System32 const TarFilename = 'cache.tar'; const constants_ManifestFilename = 'manifest.txt'; const CacheFileSizeLimit = 10 * Math.pow(1024, 3); // 10GiB per repository +// Prefix the cache backend embeds in a read-denial message (v2 twirp +// GetCacheEntryDownloadURL error or the GHES v1 `_apis/artifactcache` 403 body). +// Shared so cache.ts and cacheHttpClient.ts match the same contract value. +const CacheReadDeniedMessagePrefix = 'cache read denied:'; //# sourceMappingURL=constants.js.map ;// CONCATENATED MODULE: ./node_modules/@actions/cache/lib/internal/cacheUtils.js var cacheUtils_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) { @@ -92675,6 +92679,24 @@ function config_getCacheServiceVersion() { return 'v1'; return process.env['ACTIONS_CACHE_SERVICE_V2'] ? 'v2' : 'v1'; } +// The cache-mode lattice: readable = {read, write}, writable = {write, +// write-only}, none = neither. +const KNOWN_CACHE_MODES = ['none', 'read', 'write', 'write-only']; +// The effective cache-mode exported by the runner, or '' when not set. +function config_getCacheMode() { + return (process.env['ACTIONS_CACHE_MODE'] || '').trim().toLowerCase(); +} +// Unset or unrecognized modes are permissive so behavior matches today. +function isCacheReadable(mode) { + if (!KNOWN_CACHE_MODES.includes(mode)) + return true; + return mode === 'read' || mode === 'write'; +} +function config_isCacheWritable(mode) { + if (!KNOWN_CACHE_MODES.includes(mode)) + return true; + return mode === 'write' || mode === 'write-only'; +} function getCacheServiceURL() { const version = config_getCacheServiceVersion(); // Based on the version of the cache service, we will determine which @@ -92724,6 +92746,7 @@ var cacheHttpClient_awaiter = (undefined && undefined.__awaiter) || function (th + function getCacheApiUrl(resource) { const baseUrl = getCacheServiceURL(); if (!baseUrl) { @@ -92751,6 +92774,7 @@ function createHttpClient() { } function getCacheEntry(keys, paths, options) { return cacheHttpClient_awaiter(this, void 0, void 0, function* () { + var _a; const httpClient = createHttpClient(); const version = getCacheVersion(paths, options === null || options === void 0 ? void 0 : options.compressionMethod, options === null || options === void 0 ? void 0 : options.enableCrossOsArchive); const resource = `cache?keys=${encodeURIComponent(keys.join(','))}&version=${version}`; @@ -92764,6 +92788,12 @@ function getCacheEntry(keys, paths, options) { return null; } if (!requestUtils_isSuccessStatusCode(response.statusCode)) { + // Only surface the receiver's body for a `cache read denied:` policy denial + // so callers can dispatch on it; keep the generic message otherwise. + const errorMessage = (_a = response.error) === null || _a === void 0 ? void 0 : _a.message; + if (errorMessage === null || errorMessage === void 0 ? void 0 : errorMessage.includes(CacheReadDeniedMessagePrefix)) { + throw new Error(errorMessage); + } throw new Error(`Cache service responded with ${response.statusCode}`); } const cacheResult = response.result; @@ -94025,6 +94055,7 @@ var cache_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar + class ValidationError extends Error { constructor(message) { super(message); @@ -94040,19 +94071,20 @@ class ReserveCacheError extends Error { } } /** - * Stable prefix the receiver writes into the cache reservation response when - * the issuer downgraded the cache token to read-only (for example, because + * Stable prefix the cache service writes into the cache reservation response + * when the issuer downgraded the cache token to read-only (for example, because * the run was triggered by an untrusted event). saveCacheV1 / saveCacheV2 - * dispatch on this prefix to re-classify the failure as a - * CacheWriteDeniedError so consumers (and the outer catch arm) can - * distinguish a policy denial from other reservation failures. + * dispatch on this prefix to re-classify the failure as a CacheWriteDeniedError + * so consumers and tests can distinguish a policy denial from other reservation + * failures. Internally it is logged as a non-fatal warning like other + * best-effort save failures. */ const CACHE_WRITE_DENIED_PREFIX = 'cache write denied:'; /** * Raised when the cache backend refuses to reserve a writable cache entry * because the JWT issued for this run was scoped read-only (for example, the * run was triggered by an event the repository administrator classified as - * untrusted). The receiver-supplied detail message always begins with + * untrusted). The service-supplied detail message always begins with * `cache write denied:` (the full error message includes additional context * like the cache key). * @@ -94068,6 +94100,19 @@ class CacheWriteDeniedError extends ReserveCacheError { Object.setPrototypeOf(this, CacheWriteDeniedError.prototype); } } +// Re-exported from constants so consumers keep referencing it here; the shared +// value also drives detection in cacheHttpClient without duplicating the string. +const CACHE_READ_DENIED_PREFIX = CacheReadDeniedMessagePrefix; +// Raised when the cache backend denies a download URL because the run's token +// has no readable cache scopes. Caching is best-effort, so restoreCache logs a +// warning and reports a cache miss rather than rethrowing this. +class CacheReadDeniedError extends Error { + constructor(message) { + super(message); + this.name = 'CacheReadDeniedError'; + Object.setPrototypeOf(this, CacheReadDeniedError.prototype); + } +} class FinalizeCacheError extends Error { constructor(message) { super(message); @@ -94122,6 +94167,12 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) { const cacheServiceVersion = config_getCacheServiceVersion(); core_debug(`Cache service version: ${cacheServiceVersion}`); checkPaths(paths); + const cacheMode = config_getCacheMode(); + if (!isCacheReadable(cacheMode)) { + core_info(`Cache restore skipped: the effective cache-mode '${cacheMode}' does not permit reads.`); + core_debug(`Skipped restore for paths [${paths.join(', ')}] with primary key '${primaryKey}'.`); + return undefined; + } switch (cacheServiceVersion) { case 'v2': return yield restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsArchive); @@ -94143,6 +94194,7 @@ function restoreCache(paths_1, primaryKey_1, restoreKeys_1, options_1) { */ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) { return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) { + var _a; restoreKeys = restoreKeys || []; const keys = [primaryKey, ...restoreKeys]; core_debug('Resolved Keys:'); @@ -94157,10 +94209,26 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) { let archivePath = ''; try { // path are needed to compute version - const cacheEntry = yield getCacheEntry(keys, paths, { - compressionMethod, - enableCrossOsArchive - }); + let cacheEntry; + try { + cacheEntry = yield getCacheEntry(keys, paths, { + compressionMethod, + enableCrossOsArchive + }); + } + catch (error) { + // The v1 artifact cache service returns HTTP 403 with a + // `cache read denied:` body when the run's token has no readable cache + // scopes. getCacheEntry lives in a dependency-free internal module and + // cannot import CacheReadDeniedError without a circular dependency, so it + // only surfaces the raw denial message; we classify it into the typed + // error here so the outer catch and consumers can dispatch on it. + const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : ''; + if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) { + throw new CacheReadDeniedError(errorMessage); + } + throw error; + } if (!(cacheEntry === null || cacheEntry === void 0 ? void 0 : cacheEntry.archiveLocation)) { // Cache not found return undefined; @@ -94189,7 +94257,9 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) { } else { // warn on cache restore failure and continue build - // Log server errors (5xx) as errors, all other errors as warnings + // Log server errors (5xx) as errors, all other errors as warnings. + // A read denied by policy (CacheReadDeniedError) is not an HttpClientError + // so it falls here and is warned, treated as a cache miss. if (typedError instanceof lib_HttpClientError && typeof typedError.statusCode === 'number' && typedError.statusCode >= 500) { @@ -94224,6 +94294,7 @@ function restoreCacheV1(paths_1, primaryKey_1, restoreKeys_1, options_1) { */ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) { return cache_awaiter(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) { + var _a; // Override UploadOptions to force the use of Azure options = Object.assign(Object.assign({}, options), { useAzureSdk: true }); restoreKeys = restoreKeys || []; @@ -94245,7 +94316,20 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) { restoreKeys, version: getCacheVersion(paths, compressionMethod, enableCrossOsArchive) }; - const response = yield twirpClient.GetCacheEntryDownloadURL(request); + let response; + try { + response = yield twirpClient.GetCacheEntryDownloadURL(request); + } + catch (error) { + // The receiver returns twirp PermissionDenied (403) when the run's token + // has no readable cache scopes. The client wraps that 403, so the stable + // prefix is embedded in the message rather than leading it. + const errorMessage = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : ''; + if (errorMessage.includes(CACHE_READ_DENIED_PREFIX)) { + throw new CacheReadDeniedError(errorMessage); + } + throw error; + } if (!response.ok) { core_debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`); return undefined; @@ -94280,8 +94364,10 @@ function restoreCacheV2(paths_1, primaryKey_1, restoreKeys_1, options_1) { throw error; } else { - // Supress all non-validation cache related errors because caching should be optional - // Log server errors (5xx) as errors, all other errors as warnings + // Suppress all non-validation cache related errors because caching should be optional + // Log server errors (5xx) as errors, all other errors as warnings. + // A read denied by policy (CacheReadDeniedError) is not an HttpClientError + // so it falls here and is warned, treated as a cache miss. if (typedError instanceof lib_HttpClientError && typeof typedError.statusCode === 'number' && typedError.statusCode >= 500) { @@ -94320,6 +94406,12 @@ function cache_saveCache(paths_1, key_1, options_1) { core.debug(`Cache service version: ${cacheServiceVersion}`); checkPaths(paths); checkKey(key); + const cacheMode = getCacheMode(); + if (!isCacheWritable(cacheMode)) { + core.info(`Cache save skipped: the effective cache-mode '${cacheMode}' does not permit writes.`); + core.debug(`Skipped save for paths [${paths.join(', ')}] with key '${key}'.`); + return -1; + } switch (cacheServiceVersion) { case 'v2': return yield saveCacheV2(paths, key, options, enableCrossOsArchive); @@ -94397,17 +94489,14 @@ function saveCacheV1(paths_1, key_1, options_1) { if (typedError.name === ValidationError.name) { throw error; } - else if (typedError.name === CacheWriteDeniedError.name) { - // Cache write was denied by policy (read-only token). Surface to the - // customer at warning level so it is visible in the workflow log - // without failing the run. - core.warning(`Failed to save: ${typedError.message}`); - } else if (typedError.name === ReserveCacheError.name) { core.info(`Failed to save: ${typedError.message}`); } else { - // Log server errors (5xx) as errors, all other errors as warnings + // Log server errors (5xx) as errors, all other errors as warnings. + // A write denied by policy (CacheWriteDeniedError) is not an + // HttpClientError and its name does not match the ReserveCacheError arm, + // so it falls here and is warned without failing the run. if (typedError instanceof HttpClientError && typeof typedError.statusCode === 'number' && typedError.statusCode >= 500) { @@ -94518,12 +94607,6 @@ function saveCacheV2(paths_1, key_1, options_1) { if (typedError.name === ValidationError.name) { throw error; } - else if (typedError.name === CacheWriteDeniedError.name) { - // Cache write was denied by policy (read-only token). Surface to the - // customer at warning level so it is visible in the workflow log - // without failing the run. - core.warning(`Failed to save: ${typedError.message}`); - } else if (typedError.name === ReserveCacheError.name) { core.info(`Failed to save: ${typedError.message}`); } @@ -94531,7 +94614,10 @@ function saveCacheV2(paths_1, key_1, options_1) { core.warning(typedError.message); } else { - // Log server errors (5xx) as errors, all other errors as warnings + // Log server errors (5xx) as errors, all other errors as warnings. + // A write denied by policy (CacheWriteDeniedError) is not an + // HttpClientError and its name does not match the ReserveCacheError arm, + // so it falls here and is warned without failing the run. if (typedError instanceof HttpClientError && typeof typedError.statusCode === 'number' && typedError.statusCode >= 500) { diff --git a/package-lock.json b/package-lock.json index 207d64905..d7f724cb7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "7.0.0", "license": "MIT", "dependencies": { - "@actions/cache": "^6.1.0", + "@actions/cache": "^6.2.0", "@actions/core": "^3.0.1", "@actions/exec": "^3.0.0", "@actions/github": "^9.1.1", @@ -43,9 +43,9 @@ } }, "node_modules/@actions/cache": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-6.1.0.tgz", - "integrity": "sha512-LVqybSbzhBp2uAETOQ3HnVjXA4AcjavgMH+LCr+cjgO+PZfciv/1QAgoW+esXBaAhvDid+vXeV70GGJpAh4V5Q==", + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-6.2.0.tgz", + "integrity": "sha512-Nv0xWRmbxfDbAn/70flO/F6tj2Nv4XTYMAsQHiDFSojCDfso/Zni+fRKa14ToI9hnmOW/rQcY1WYb6wsM7Pgwg==", "license": "MIT", "dependencies": { "@actions/core": "^3.0.1", diff --git a/package.json b/package.json index 06b082cab..a386402be 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "author": "GitHub", "license": "MIT", "dependencies": { - "@actions/cache": "^6.1.0", + "@actions/cache": "^6.2.0", "@actions/core": "^3.0.1", "@actions/exec": "^3.0.0", "@actions/github": "^9.1.1", From 05e62e6009aefa8533aa9e97147a82580e36b7f4 Mon Sep 17 00:00:00 2001 From: Priya Gupta <147705955+priyagupta108@users.noreply.github.com> Date: Thu, 16 Jul 2026 21:03:23 +0530 Subject: [PATCH 2/3] pin @types/node to v24 (#1585) --- package-lock.json | 192 ++-------------------------------------------- package.json | 2 +- 2 files changed, 9 insertions(+), 185 deletions(-) diff --git a/package-lock.json b/package-lock.json index d7f724cb7..1beedf691 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,7 +22,7 @@ "devDependencies": { "@eslint/js": "^10.0.1", "@jest/globals": "^30.4.1", - "@types/node": "^26.0.0", + "@types/node": "^24.1.0", "@types/semver": "^7.7.0", "@typescript-eslint/eslint-plugin": "^8.62.0", "@typescript-eslint/parser": "^8.62.0", @@ -906,34 +906,6 @@ "dev": true, "license": "MIT" }, - "node_modules/@cspotcode/source-map-support": { - "version": "0.8.1", - "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", - "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true, - "dependencies": { - "@jridgewell/trace-mapping": "0.3.9" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping": { - "version": "0.3.9", - "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", - "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true, - "dependencies": { - "@jridgewell/resolve-uri": "^3.0.3", - "@jridgewell/sourcemap-codec": "^1.4.10" - } - }, "node_modules/@emnapi/core": { "version": "1.10.0", "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.10.0.tgz", @@ -1905,42 +1877,6 @@ "@sinonjs/commons": "^3.0.1" } }, - "node_modules/@tsconfig/node10": { - "version": "1.0.12", - "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.12.tgz", - "integrity": "sha512-UCYBaeFvM11aU2y3YPZ//O5Rhj+xKyzy7mvcIoAjASbigy8mHMryP5cK7dgjlz2hWxh1g5pLw084E0a/wlUSFQ==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true - }, - "node_modules/@tsconfig/node12": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", - "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true - }, - "node_modules/@tsconfig/node14": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", - "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true - }, - "node_modules/@tsconfig/node16": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", - "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true - }, "node_modules/@tybys/wasm-util": { "version": "0.10.3", "resolved": "https://registry.npmjs.org/@tybys/wasm-util/-/wasm-util-0.10.3.tgz", @@ -2046,13 +1982,13 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "26.0.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-26.0.0.tgz", - "integrity": "sha512-vf2YFi1iY9lHGwNJMs01biZFbKJkrZR1T6/MlzjhJLPdntOHLhTrDSnSVcdtvjihi4VQNlrFRIxLsDBlQpAipA==", + "version": "24.13.3", + "resolved": "https://registry.npmjs.org/@types/node/-/node-24.13.3.tgz", + "integrity": "sha512-Dh8vAsV36ig5wa9OX4pXvMc9D3Veibfw2wix0CUwYODLD8nkj9UsLjASr49nPg+2eKzxhBV+v7L8pXvT4e639Q==", "dev": true, "license": "MIT", "dependencies": { - "undici-types": "~8.3.0" + "undici-types": "~7.18.0" } }, "node_modules/@types/semver": { @@ -2735,21 +2671,6 @@ "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" } }, - "node_modules/acorn-walk": { - "version": "8.3.5", - "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.5.tgz", - "integrity": "sha512-HEHNfbars9v4pgpW6SO1KSPkfoS0xVOM/9UzkJltjlsHZmJasxg8aXkuZa7SMf8vKGIBhpUsPluQSqhJFCqebw==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true, - "dependencies": { - "acorn": "^8.11.0" - }, - "engines": { - "node": ">=0.4.0" - } - }, "node_modules/agent-base": { "version": "7.1.4", "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz", @@ -2835,15 +2756,6 @@ "node": ">= 8" } }, - "node_modules/arg": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", - "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true - }, "node_modules/argparse": { "version": "1.0.10", "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", @@ -3272,15 +3184,6 @@ "dev": true, "license": "MIT" }, - "node_modules/create-require": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", - "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true - }, "node_modules/cross-spawn": { "version": "7.0.6", "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", @@ -3355,18 +3258,6 @@ "node": ">=8" } }, - "node_modules/diff": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.4.tgz", - "integrity": "sha512-X07nttJQkwkfKfvTPG/KSnE2OMdcUCao6+eXF3wmnIQRn2aPAHH3VxDbDOdegkd6JbPsXqShpvEOHfAT+nCNwQ==", - "dev": true, - "license": "BSD-3-Clause", - "optional": true, - "peer": true, - "engines": { - "node": ">=0.3.1" - } - }, "node_modules/eastasianwidth": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", @@ -6354,52 +6245,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/ts-node": { - "version": "10.9.2", - "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", - "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true, - "dependencies": { - "@cspotcode/source-map-support": "^0.8.0", - "@tsconfig/node10": "^1.0.7", - "@tsconfig/node12": "^1.0.7", - "@tsconfig/node14": "^1.0.0", - "@tsconfig/node16": "^1.0.2", - "acorn": "^8.4.1", - "acorn-walk": "^8.1.1", - "arg": "^4.1.0", - "create-require": "^1.1.0", - "diff": "^4.0.1", - "make-error": "^1.1.1", - "v8-compile-cache-lib": "^3.0.1", - "yn": "3.1.1" - }, - "bin": { - "ts-node": "dist/bin.js", - "ts-node-cwd": "dist/bin-cwd.js", - "ts-node-esm": "dist/bin-esm.js", - "ts-node-script": "dist/bin-script.js", - "ts-node-transpile-only": "dist/bin-transpile.js", - "ts-script": "dist/bin-script-deprecated.js" - }, - "peerDependencies": { - "@swc/core": ">=1.2.50", - "@swc/wasm": ">=1.2.50", - "@types/node": "*", - "typescript": ">=2.7" - }, - "peerDependenciesMeta": { - "@swc/core": { - "optional": true - }, - "@swc/wasm": { - "optional": true - } - } - }, "node_modules/tslib": { "version": "2.8.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", @@ -6489,9 +6334,9 @@ } }, "node_modules/undici-types": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-8.3.0.tgz", - "integrity": "sha512-j375ScV60dom+YkPFIfTLcOiPxkN/buHz5GobjLhixFuANaNs3C9l4GmrWqejgXWJ7BbJcFYpTEUkS1Ge8bpZQ==", + "version": "7.18.2", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz", + "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==", "dev": true, "license": "MIT" }, @@ -6580,15 +6425,6 @@ "punycode": "^2.1.0" } }, - "node_modules/v8-compile-cache-lib": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", - "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true - }, "node_modules/v8-to-istanbul": { "version": "9.3.0", "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.3.0.tgz", @@ -6869,18 +6705,6 @@ "node": ">=8" } }, - "node_modules/yn": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", - "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==", - "dev": true, - "license": "MIT", - "optional": true, - "peer": true, - "engines": { - "node": ">=6" - } - }, "node_modules/yocto-queue": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", diff --git a/package.json b/package.json index a386402be..f192ce3da 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ "devDependencies": { "@eslint/js": "^10.0.1", "@jest/globals": "^30.4.1", - "@types/node": "^26.0.0", + "@types/node": "^24.1.0", "@types/semver": "^7.7.0", "@typescript-eslint/eslint-plugin": "^8.62.0", "@typescript-eslint/parser": "^8.62.0", From 1b7c3664663df781e1fcd594dea72dd2d5aefb66 Mon Sep 17 00:00:00 2001 From: Haritha <73516759+HarithaVattikuti@users.noreply.github.com> Date: Thu, 16 Jul 2026 10:33:56 -0500 Subject: [PATCH 3/3] Update workflow pins and migrate Node matrices to modern versions (#1583) * Update workflow action pins and move Node 20 to 26 * fix: correct node version in v8-canary and update setup for node 22 x86 * chore: update setup-node action version from v6 to v7 in documentation * fix: update pnpm/action-setup version to v6 in advanced usage documentation --- .github/workflows/e2e-cache.yml | 56 ++++++------- .github/workflows/proxy.yml | 4 +- .../workflows/publish-immutable-actions.yml | 4 +- .github/workflows/versions.yml | 80 +++++++++---------- README.md | 14 ++-- __tests__/data/package-dev-engines.json | 2 +- docs/advanced-usage.md | 54 ++++++------- 7 files changed, 107 insertions(+), 107 deletions(-) diff --git a/.github/workflows/e2e-cache.yml b/.github/workflows/e2e-cache.yml index 73e48d8d5..5a6ec2302 100644 --- a/.github/workflows/e2e-cache.yml +++ b/.github/workflows/e2e-cache.yml @@ -18,10 +18,10 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] - node-version: [20, 22, 24] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] + node-version: [22, 24, 26] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Clean global cache run: npm cache clean --force - name: Setup Node @@ -41,14 +41,14 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] - node-version: [20, 22, 24] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] + node-version: [22, 24, 26] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9 with: - version: 6.10.0 + version: 10 - name: Generate pnpm file run: pnpm install - name: Remove dependencies @@ -74,10 +74,10 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] - node-version: [20, 22, 24] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] + node-version: [22, 24, 26] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Yarn version run: yarn --version - name: Generate yarn file @@ -106,10 +106,10 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] - node-version: [20, 22, 24] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] + node-version: [22, 24, 26] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Update yarn run: yarn set version 3.6.4 - name: Yarn version @@ -139,11 +139,11 @@ jobs: name: Test yarn subprojects strategy: matrix: - node-version: [20, 22, 24] + node-version: [22, 24, 26] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: prepare sub-projects run: __tests__/prepare-yarn-subprojects.sh yarn1 @@ -166,11 +166,11 @@ jobs: name: Test yarn subprojects all locally managed strategy: matrix: - node-version: [20, 22, 24] + node-version: [22, 24, 26] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: prepare sub-projects run: __tests__/prepare-yarn-subprojects.sh keepcache keepcache @@ -193,11 +193,11 @@ jobs: name: Test yarn subprojects some locally managed strategy: matrix: - node-version: [20, 22, 24] + node-version: [22, 24, 26] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: prepare sub-projects run: __tests__/prepare-yarn-subprojects.sh global @@ -220,11 +220,11 @@ jobs: name: Test yarn subprojects managed by git strategy: matrix: - node-version: [20, 22, 24] + node-version: [22, 24, 26] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: prepare sub-projects run: /bin/bash __tests__/prepare-yarn-subprojects.sh keepcache @@ -250,10 +250,10 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] - node-version: [20, 22, 24] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] + node-version: [22, 24, 26] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Create package.json with packageManager field run: | echo '{ "name": "test-project", "version": "1.0.0", "packageManager": "npm@8.0.0" }' > package.json @@ -275,10 +275,10 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] - node-version: [20, 22, 24] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] + node-version: [22, 24, 26] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Create package.json with devEngines field run: | echo '{ diff --git a/.github/workflows/proxy.yml b/.github/workflows/proxy.yml index e1112314a..eec53ebc7 100644 --- a/.github/workflows/proxy.yml +++ b/.github/workflows/proxy.yml @@ -25,7 +25,7 @@ jobs: env: https_proxy: http://squid-proxy:3128 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Clear tool cache run: rm -rf $RUNNER_TOOL_CACHE/* - name: Setup node 24 @@ -41,7 +41,7 @@ jobs: https_proxy: http://no-such-proxy:3128 no_proxy: api.github.com,github.com,nodejs.org,registry.npmjs.org,*.s3.amazonaws.com,s3.amazonaws.com steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Clear tool cache run: rm -rf $RUNNER_TOOL_CACHE/* - name: Setup node 24 diff --git a/.github/workflows/publish-immutable-actions.yml b/.github/workflows/publish-immutable-actions.yml index 7f49c641c..a4bd83f48 100644 --- a/.github/workflows/publish-immutable-actions.yml +++ b/.github/workflows/publish-immutable-actions.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checking out - uses: actions/checkout@v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Publish id: publish - uses: actions/publish-immutable-action@v0.0.4 + uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4 diff --git a/.github/workflows/versions.yml b/.github/workflows/versions.yml index b0d50491f..e44d3c9e4 100644 --- a/.github/workflows/versions.yml +++ b/.github/workflows/versions.yml @@ -17,10 +17,10 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] - node-version: [20, 22, 24] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] + node-version: [22, 24, 26] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Node uses: ./ with: @@ -34,10 +34,10 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest-large] - node-version: [lts/dubnium, lts/erbium, lts/fermium, lts/*, lts/-1] + os: [ubuntu-latest, windows-latest, macos-15-intel] + node-version: [lts/*, lts/-1] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Node uses: ./ with: @@ -56,15 +56,15 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] node-version: [ - '20-v8-canary', - '20.0.0-v8-canary', - '20.0.0-v8-canary20221101e50e45c9f8' + '26-v8-canary', + '26.0.0-v8-canary', + '26.0.0-v8-canary20251016054584e5cf' ] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Node uses: ./ with: @@ -81,10 +81,10 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] - node-version: [20-nightly, 25-nightly, 24.0.0-nightly] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] + node-version: [26-nightly, 25-nightly, 24.0.0-nightly] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Node uses: ./ with: @@ -101,10 +101,10 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] - node-version: [20.0.0-rc.1, 22.14.0-rc.1, 24.0.0-rc.4] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] + node-version: [26.0.0-rc.1, 22.14.0-rc.1, 24.0.0-rc.4] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Node uses: ./ with: @@ -121,10 +121,10 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] - node-version: [20.10.0, 22.0.0, 24.9.0] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] + node-version: [26.5.0, 22.0.0, 24.9.0] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Node uses: ./ with: @@ -138,10 +138,10 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] - node-version: [20, 22, 24] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] + node-version: [22, 24, 26] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Node and check latest uses: ./ with: @@ -156,11 +156,11 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] node-version-file: [.nvmrc, .tool-versions, .tool-versions-node, package.json] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup node from node version file uses: ./ with: @@ -175,22 +175,22 @@ jobs: matrix: os: [ubuntu-latest, windows-latest, macos-latest] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup node from node version file uses: ./ with: node-version-file: '__tests__/data/package-dev-engines.json' - name: Verify node - run: __tests__/verify-node.sh 20 + run: __tests__/verify-node.sh 26 version-file-volta: runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup node from node version file uses: ./ with: @@ -203,9 +203,9 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup node from node version file uses: ./ with: @@ -218,10 +218,10 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] node-version: [21, 23] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Node from dist uses: ./ with: @@ -235,9 +235,9 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest-large] + os: [ubuntu-latest, windows-latest, macos-15-intel] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # test old versions which didn't have npm and layout different - name: Setup node 0.12.18 from dist uses: ./ @@ -250,11 +250,11 @@ jobs: arch: runs-on: windows-latest steps: - - uses: actions/checkout@v6 - - name: Setup node 20 x86 from dist + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - name: Setup node 22 x86 from dist uses: ./ with: - node-version: '20' + node-version: '22' architecture: 'x86' - name: Verify node run: __tests__/verify-arch.sh "ia32" @@ -265,7 +265,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large] + os: [ubuntu-latest, windows-latest, macos-latest, macos-15-intel] node-version: [current, latest, node] steps: - name: Get node version @@ -274,7 +274,7 @@ jobs: echo "LATEST_NODE_VERSION=$latestNodeVersion" >> $GITHUB_OUTPUT id: version shell: bash - - uses: actions/checkout@v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Node uses: ./ with: diff --git a/README.md b/README.md index f1e715c3a..87c271f73 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ See [action.yml](action.yml) ```yaml -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: # Version Spec of the version to use in SemVer notation. # It also admits such aliases as lts/*, latest, nightly and canary builds @@ -120,7 +120,7 @@ See [action.yml](action.yml) ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: 24 package-manager-cache: false # Disable automatic npm caching if not required @@ -170,7 +170,7 @@ See the examples of using cache for `yarn`/`pnpm` and `cache-dependency-path` in ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: 24 cache: 'npm' @@ -183,7 +183,7 @@ steps: ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: 24 cache: 'npm' @@ -199,7 +199,7 @@ This behavior is controlled by the `package-manager-cache` input, which defaults ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: package-manager-cache: false - run: npm ci @@ -219,7 +219,7 @@ jobs: steps: - uses: actions/checkout@v6 - name: Setup node - uses: actions/setup-node@v6 + uses: actions/setup-node@v7 with: node-version: ${{ matrix.node }} package-manager-cache: false # Disable automatic npm caching if not required @@ -234,7 +234,7 @@ jobs: To get a higher rate limit, you can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token` input for the action: ```yaml -uses: actions/setup-node@v6 +uses: actions/setup-node@v7 with: token: ${{ secrets.GH_DOTCOM_TOKEN }} node-version: 24 diff --git a/__tests__/data/package-dev-engines.json b/__tests__/data/package-dev-engines.json index fd4bb55f1..87ad2ee09 100644 --- a/__tests__/data/package-dev-engines.json +++ b/__tests__/data/package-dev-engines.json @@ -5,7 +5,7 @@ "devEngines": { "runtime": { "name": "node", - "version": "^20" + "version": "^26" } } } diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index 3b4417f13..1f07f1365 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -46,7 +46,7 @@ To run without a lockfile: ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: '24' package-manager-cache: false # Explicitly disable caching if you don't have a lockfile @@ -65,7 +65,7 @@ If `check-latest` is set to `true`, the action first checks if the cached versio ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: '24' check-latest: true @@ -84,7 +84,7 @@ See [supported version syntax](https://github.com/actions/setup-node#supported-v ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version-file: '.nvmrc' package-manager-cache: false # Disable automatic npm caching if not required @@ -129,7 +129,7 @@ jobs: name: Node sample steps: - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: actions/setup-node@v7 with: node-version: '24' architecture: 'x64' # optional, x64 or x86. If not specified, x64 will be used by default @@ -151,7 +151,7 @@ jobs: name: Node sample steps: - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: actions/setup-node@v7 with: node-version: '24.0.0-v8-canary' # it will install the latest v8 canary release for node 24.0.0 package-manager-cache: false # Disable automatic npm caching if not required @@ -167,7 +167,7 @@ jobs: name: Node sample steps: - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: actions/setup-node@v7 with: node-version: '24-v8-canary' # it will install the latest v8 canary release for node 24 package-manager-cache: false # Disable automatic npm caching if not required @@ -184,7 +184,7 @@ jobs: name: Node sample steps: - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: actions/setup-node@v7 with: node-version: 'v24.0.0-v8-canary2025030537242e55ac' package-manager-cache: false # Disable automatic npm caching if not required @@ -205,7 +205,7 @@ jobs: name: Node sample steps: - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: actions/setup-node@v7 with: node-version: '24-nightly' # it will install the latest nightly release for node 24 package-manager-cache: false # Disable automatic npm caching if not required @@ -222,7 +222,7 @@ jobs: name: Node sample steps: - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: actions/setup-node@v7 with: node-version: '24.0.0-nightly' # it will install the latest nightly release for node 24.0.0 package-manager-cache: false # Disable automatic npm caching if not required @@ -239,7 +239,7 @@ jobs: name: Node sample steps: - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: actions/setup-node@v7 with: node-version: '24.0.0-nightly202505066102159fa1' package-manager-cache: false # Disable automatic npm caching if not required @@ -258,7 +258,7 @@ jobs: name: Node sample steps: - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: actions/setup-node@v7 with: node-version: '24.0.0-rc.4' package-manager-cache: false # Disable automatic npm caching if not required @@ -277,7 +277,7 @@ Yarn caching handles both Yarn Classic (v1) and Yarn Berry (v2, v3, v4+). ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: '24' cache: 'yarn' @@ -296,10 +296,10 @@ steps: steps: - uses: actions/checkout@v6 -- uses: pnpm/action-setup@v4 +- uses: pnpm/action-setup@v6 with: version: 10 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: '24' cache: 'pnpm' @@ -315,7 +315,7 @@ steps: ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: '24' cache: 'npm' @@ -328,7 +328,7 @@ steps: ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: '24' cache: 'npm' @@ -351,7 +351,7 @@ steps: # version: 10 - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@v7 with: node-version: '24' package-manager-cache: false # Disable automatic npm caching if not required @@ -397,9 +397,9 @@ jobs: - macos-latest - windows-latest node_version: - - 20 - 22 - 24 + - 26 architecture: - x64 # an extra windows-x86 run: @@ -411,7 +411,7 @@ jobs: steps: - uses: actions/checkout@v6 - name: Setup node - uses: actions/setup-node@v6 + uses: actions/setup-node@v7 with: node-version: ${{ matrix.node_version }} architecture: ${{ matrix.architecture }} @@ -424,7 +424,7 @@ jobs: ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: '24.x' registry-url: 'https://registry.npmjs.org' @@ -433,7 +433,7 @@ steps: - run: npm publish env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: registry-url: 'https://npm.pkg.github.com' package-manager-cache: false # Disable automatic npm dependency caching to reduce cache poisoning risk @@ -446,7 +446,7 @@ steps: ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: '24.x' registry-url: @@ -455,7 +455,7 @@ steps: - run: yarn publish env: NODE_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }} -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: registry-url: 'https://npm.pkg.github.com' package-manager-cache: false # Disable automatic npm dependency caching to reduce cache poisoning risk @@ -468,7 +468,7 @@ steps: ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: '24.x' registry-url: 'https://registry.npmjs.org' @@ -489,7 +489,7 @@ Below you can find a sample "Setup .yarnrc.yml" step, that is going to allow you ```yaml steps: - uses: actions/checkout@v6 -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: '24.x' package-manager-cache: false # Disable automatic npm dependency caching to reduce cache poisoning risk @@ -535,7 +535,7 @@ You must also configure a **Trusted Publisher** in npm for your package/scope th steps: - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: actions/setup-node@v7 with: node-version: '24' registry-url: 'https://registry.npmjs.org' @@ -558,7 +558,7 @@ It is possible to specify a token to authenticate with the mirror using the `mir The token will be passed in the `Authorization` header. ```yaml -- uses: actions/setup-node@v6 +- uses: actions/setup-node@v7 with: node-version: '24.x' mirror: 'https://nodejs.org/dist'