Combines the two installation requests (org and user) into one because
`/org/{org}` can also be accessed at `/users/{org}`.
---------
Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>
Resolves https://github.com/actions/create-github-app-token/issues/106
- Fixes the parsing to cope with whitespace in the input string.
- Allows the input to be comma or newline-separated. (I've done this for
all array-type inputs in my own actions, but I'm happy to remove this if
you only want to support comma-separated.)
- Added tests for parsing comma and newline-separated inputs.
Bumps the development-dependencies group with 4 updates:
[c8](https://github.com/bcoe/c8),
[esbuild](https://github.com/evanw/esbuild),
[execa](https://github.com/sindresorhus/execa) and
[yaml](https://github.com/eemeli/yaml).
Updates `c8` from 9.1.0 to 10.1.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/bcoe/c8/releases">c8's
releases</a>.</em></p>
<blockquote>
<h2>v10.1.2</h2>
<h2><a
href="https://github.com/bcoe/c8/compare/v10.1.1...v10.1.2">10.1.2</a>
(2024-06-13)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> make monocart-coverage-reports an optional
with meta defined (<a
href="3b91fdaa0e">3b91fda</a>)</li>
</ul>
<h2>v10.1.1</h2>
<h2><a
href="https://github.com/bcoe/c8/compare/v10.1.0...v10.1.1">10.1.1</a>
(2024-06-11)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>stop installing monocart-coverage-reports (<a
href="https://redirect.github.com/bcoe/c8/issues/535">#535</a>) (<a
href="13979a76b5">13979a7</a>)</li>
</ul>
<h2>v10.1.0</h2>
<h2><a
href="https://github.com/bcoe/c8/compare/v10.0.0...v10.1.0">10.1.0</a>
(2024-06-11)</h2>
<h3>Features</h3>
<ul>
<li>add experimental monocart reports (<a
href="https://redirect.github.com/bcoe/c8/issues/521">#521</a>) (<a
href="2e5e297ac0">2e5e297</a>)</li>
</ul>
<h2>v10.0.0</h2>
<h2><a
href="https://github.com/bcoe/c8/compare/v9.1.0...v10.0.0">10.0.0</a>
(2024-06-10)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li><strong>deps:</strong> Node 18 is now the minimum supported Node.js
version</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> update test-exclude with new glob / minimatch
(<a href="https://redirect.github.com/bcoe/c8/issues/531">#531</a>) (<a
href="e33cf30d0c">e33cf30</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bcoe/c8/blob/main/CHANGELOG.md">c8's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/bcoe/c8/compare/v10.1.1...v10.1.2">10.1.2</a>
(2024-06-13)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> make monocart-coverage-reports an optional
with meta defined (<a
href="3b91fdaa0e">3b91fda</a>)</li>
</ul>
<h2><a
href="https://github.com/bcoe/c8/compare/v10.1.0...v10.1.1">10.1.1</a>
(2024-06-11)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>stop installing monocart-coverage-reports (<a
href="https://redirect.github.com/bcoe/c8/issues/535">#535</a>) (<a
href="13979a76b5">13979a7</a>)</li>
</ul>
<h2><a
href="https://github.com/bcoe/c8/compare/v10.0.0...v10.1.0">10.1.0</a>
(2024-06-11)</h2>
<h3>Features</h3>
<ul>
<li>add experimental monocart reports (<a
href="https://redirect.github.com/bcoe/c8/issues/521">#521</a>) (<a
href="2e5e297ac0">2e5e297</a>)</li>
</ul>
<h2><a
href="https://github.com/bcoe/c8/compare/v9.1.0...v10.0.0">10.0.0</a>
(2024-06-10)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li><strong>deps:</strong> Node 18 is now the minimum supported Node.js
version</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> update test-exclude with new glob / minimatch
(<a href="https://redirect.github.com/bcoe/c8/issues/531">#531</a>) (<a
href="e33cf30d0c">e33cf30</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ff146b4dde"><code>ff146b4</code></a>
chore(main): release 10.1.2 (<a
href="https://redirect.github.com/bcoe/c8/issues/538">#538</a>)</li>
<li><a
href="3b91fdaa0e"><code>3b91fda</code></a>
fix(deps): make monocart-coverage-reports an optional with meta
defined</li>
<li><a
href="e3560e1211"><code>e3560e1</code></a>
chore(main): release 10.1.1 (<a
href="https://redirect.github.com/bcoe/c8/issues/536">#536</a>)</li>
<li><a
href="13979a76b5"><code>13979a7</code></a>
fix: stop installing monocart-coverage-reports (<a
href="https://redirect.github.com/bcoe/c8/issues/535">#535</a>)</li>
<li><a
href="15ac6905cd"><code>15ac690</code></a>
chore(main): release 10.1.0 (<a
href="https://redirect.github.com/bcoe/c8/issues/533">#533</a>)</li>
<li><a
href="96e869ff8c"><code>96e869f</code></a>
build(deps-dev): bump braces from 3.0.2 to 3.0.3 (<a
href="https://redirect.github.com/bcoe/c8/issues/534">#534</a>)</li>
<li><a
href="2e5e297ac0"><code>2e5e297</code></a>
feat: add experimental monocart reports (<a
href="https://redirect.github.com/bcoe/c8/issues/521">#521</a>)</li>
<li><a
href="dc38051b14"><code>dc38051</code></a>
chore(main): release 10.0.0 (<a
href="https://redirect.github.com/bcoe/c8/issues/532">#532</a>)</li>
<li><a
href="e33cf30d0c"><code>e33cf30</code></a>
fix(deps)!: update test-exclude with new glob / minimatch (<a
href="https://redirect.github.com/bcoe/c8/issues/531">#531</a>)</li>
<li><a
href="1eeeaebe65"><code>1eeeaeb</code></a>
doc(CONTRIBUTING): remove dead link, update broken link (<a
href="https://redirect.github.com/bcoe/c8/issues/526">#526</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/bcoe/c8/compare/v9.1.0...v10.1.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `esbuild` from 0.21.4 to 0.22.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/evanw/esbuild/releases">esbuild's
releases</a>.</em></p>
<blockquote>
<h2>v0.22.0</h2>
<p><strong>This release deliberately contains backwards-incompatible
changes.</strong> To avoid automatically picking up releases like this,
you should either be pinning the exact version of <code>esbuild</code>
in your <code>package.json</code> file (recommended) or be using a
version range syntax that only accepts patch upgrades such as
<code>^0.21.0</code> or <code>~0.21.0</code>. See npm's documentation
about <a
href="https://docs.npmjs.com/cli/v6/using-npm/semver/">semver</a> for
more information.</p>
<ul>
<li>
<p>Omit packages from bundles by default when targeting node (<a
href="https://redirect.github.com/evanw/esbuild/issues/1874">#1874</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/2830">#2830</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/2846">#2846</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/2915">#2915</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/3145">#3145</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/3294">#3294</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/3323">#3323</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/3582">#3582</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/3809">#3809</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/3815">#3815</a>)</p>
<p>This breaking change is an experiment. People are commonly confused
when using esbuild to bundle code for node (i.e. for
<code>--platform=node</code>) because some packages may not be intended
for bundlers, and may use node-specific features that don't work with a
bundler. Even though esbuild's "getting started" instructions
say to use <code>--packages=external</code> to work around this problem,
many people don't read the documentation and don't do this, and are then
confused when it doesn't work. So arguably this is a bad default
behavior for esbuild to have if people keep tripping over this.</p>
<p>With this release, esbuild will now omit packages from the bundle by
default when the platform is <code>node</code> (i.e. the previous
behavior of <code>--packages=external</code> is now the default in this
case). <em>Note that your dependencies must now be present on the file
system when your bundle is run.</em> If you don't want this behavior,
you can do <code>--packages=bundle</code> to allow packages to be
included in the bundle (i.e. the previous default behavior). Note that
<code>--packages=bundle</code> doesn't mean all packages are bundled,
just that packages are allowed to be bundled. You can still exclude
individual packages from the bundle using <code>--external:</code> even
when <code>--packages=bundle</code> is present.</p>
<p>The <code>--packages=</code> setting considers all import paths that
"look like" package imports in the original source code to be
package imports. Specifically import paths that don't start with a path
segment of <code>/</code> or <code>.</code> or <code>..</code> are
considered to be package imports. The only two exceptions to this rule
are <a
href="https://nodejs.org/api/packages.html#subpath-imports">subpath
imports</a> (which start with a <code>#</code> character) and TypeScript
path remappings via <code>paths</code> and/or <code>baseUrl</code> in
<code>tsconfig.json</code> (which are applied first).</p>
</li>
<li>
<p>Drop support for older platforms (<a
href="https://redirect.github.com/evanw/esbuild/issues/3802">#3802</a>)</p>
<p>This release drops support for the following operating systems:</p>
<ul>
<li>Windows 7</li>
<li>Windows 8</li>
<li>Windows Server 2008</li>
<li>Windows Server 2012</li>
</ul>
<p>This is because the Go programming language dropped support for these
operating system versions in <a
href="https://go.dev/doc/go1.21#windows">Go 1.21</a>, and this release
updates esbuild from Go 1.20 to Go 1.22.</p>
<p>Note that this only affects the binary esbuild executables that are
published to the <code>esbuild</code> npm package. It's still possible
to compile esbuild's source code for these older operating systems. If
you need to, you can compile esbuild for yourself using an older version
of the Go compiler (before Go version 1.21). That might look something
like this:</p>
<pre><code>git clone https://github.com/evanw/esbuild.git
cd esbuild
go build ./cmd/esbuild
./esbuild.exe --version
</code></pre>
<p>In addition, this release increases the minimum required node version
for esbuild's JavaScript API from node 12 to node 18. Node 18 is the
oldest version of node that is still being supported (see node's <a
href="https://nodejs.org/en/about/previous-releases">release
schedule</a> for more information). This increase is because of an
incompatibility between the JavaScript that the Go compiler generates
for the <code>esbuild-wasm</code> package and versions of node before
node 17.4 (specifically the <code>crypto.getRandomValues</code>
function).</p>
</li>
<li>
<p>Update <code>await using</code> behavior to match TypeScript</p>
<p>TypeScript 5.5 subtly changes the way <code>await using</code>
behaves. This release updates esbuild to match these changes in
TypeScript. You can read more about these changes in <a
href="https://redirect.github.com/microsoft/TypeScript/pull/58624">microsoft/TypeScript#58624</a>.</p>
</li>
<li>
<p>Allow <code>es2024</code> as a target environment</p>
<p>The ECMAScript 2024 specification was just approved, so it has been
added to esbuild as a possible compilation target. You can read more
about the features that it adds here: <a
href="https://2ality.com/2024/06/ecmascript-2024.html">https://2ality.com/2024/06/ecmascript-2024.html</a>.
The only addition that's relevant for esbuild is the regular expression
<code>/v</code> flag. With <code>--target=es2024</code>, regular
expressions that use the <code>/v</code> flag will now be passed through
untransformed instead of being transformed into a call to <code>new
RegExp</code>.</p>
</li>
<li>
<p>Publish binaries for OpenBSD on 64-bit ARM (<a
href="https://redirect.github.com/evanw/esbuild/issues/3665">#3665</a>,
<a
href="https://redirect.github.com/evanw/esbuild/pull/3674">#3674</a>)</p>
<p>With this release, you should now be able to install the
<code>esbuild</code> npm package in OpenBSD on 64-bit ARM, such as on an
Apple device with an M1 chip.</p>
<p>This was contributed by <a
href="https://github.com/ikmckenz"><code>@ikmckenz</code></a>.</p>
</li>
<li>
<p>Publish binaries for WASI (WebAssembly System Interface) preview 1
(<a
href="https://redirect.github.com/evanw/esbuild/issues/3300">#3300</a>,
<a
href="https://redirect.github.com/evanw/esbuild/pull/3779">#3779</a>)</p>
<p>The upcoming WASI (WebAssembly System Interface) standard is going to
be a way to run WebAssembly outside of a JavaScript host environment. In
this scenario you only need a <code>.wasm</code> file without any
supporting JavaScript code. Instead of JavaScript providing the APIs for
the host environment, the WASI standard specifies a "system
interface" that WebAssembly code can access directly (e.g. for file
system access).</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/evanw/esbuild/blob/main/CHANGELOG.md">esbuild's
changelog</a>.</em></p>
<blockquote>
<h2>0.22.0</h2>
<p><strong>This release deliberately contains backwards-incompatible
changes.</strong> To avoid automatically picking up releases like this,
you should either be pinning the exact version of <code>esbuild</code>
in your <code>package.json</code> file (recommended) or be using a
version range syntax that only accepts patch upgrades such as
<code>^0.21.0</code> or <code>~0.21.0</code>. See npm's documentation
about <a
href="https://docs.npmjs.com/cli/v6/using-npm/semver/">semver</a> for
more information.</p>
<ul>
<li>
<p>Omit packages from bundles by default when targeting node (<a
href="https://redirect.github.com/evanw/esbuild/issues/1874">#1874</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/2830">#2830</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/2846">#2846</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/2915">#2915</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/3145">#3145</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/3294">#3294</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/3323">#3323</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/3582">#3582</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/3809">#3809</a>,
<a
href="https://redirect.github.com/evanw/esbuild/issues/3815">#3815</a>)</p>
<p>This breaking change is an experiment. People are commonly confused
when using esbuild to bundle code for node (i.e. for
<code>--platform=node</code>) because some packages may not be intended
for bundlers, and may use node-specific features that don't work with a
bundler. Even though esbuild's "getting started" instructions
say to use <code>--packages=external</code> to work around this problem,
many people don't read the documentation and don't do this, and are then
confused when it doesn't work. So arguably this is a bad default
behavior for esbuild to have if people keep tripping over this.</p>
<p>With this release, esbuild will now omit packages from the bundle by
default when the platform is <code>node</code> (i.e. the previous
behavior of <code>--packages=external</code> is now the default in this
case). <em>Note that your dependencies must now be present on the file
system when your bundle is run.</em> If you don't want this behavior,
you can do <code>--packages=bundle</code> to allow packages to be
included in the bundle (i.e. the previous default behavior). Note that
<code>--packages=bundle</code> doesn't mean all packages are bundled,
just that packages are allowed to be bundled. You can still exclude
individual packages from the bundle using <code>--external:</code> even
when <code>--packages=bundle</code> is present.</p>
<p>The <code>--packages=</code> setting considers all import paths that
"look like" package imports in the original source code to be
package imports. Specifically import paths that don't start with a path
segment of <code>/</code> or <code>.</code> or <code>..</code> are
considered to be package imports. The only two exceptions to this rule
are <a
href="https://nodejs.org/api/packages.html#subpath-imports">subpath
imports</a> (which start with a <code>#</code> character) and TypeScript
path remappings via <code>paths</code> and/or <code>baseUrl</code> in
<code>tsconfig.json</code> (which are applied first).</p>
</li>
<li>
<p>Drop support for older platforms (<a
href="https://redirect.github.com/evanw/esbuild/issues/3802">#3802</a>)</p>
<p>This release drops support for the following operating systems:</p>
<ul>
<li>Windows 7</li>
<li>Windows 8</li>
<li>Windows Server 2008</li>
<li>Windows Server 2012</li>
</ul>
<p>This is because the Go programming language dropped support for these
operating system versions in <a
href="https://go.dev/doc/go1.21#windows">Go 1.21</a>, and this release
updates esbuild from Go 1.20 to Go 1.22.</p>
<p>Note that this only affects the binary esbuild executables that are
published to the <code>esbuild</code> npm package. It's still possible
to compile esbuild's source code for these older operating systems. If
you need to, you can compile esbuild for yourself using an older version
of the Go compiler (before Go version 1.21). That might look something
like this:</p>
<pre><code>git clone https://github.com/evanw/esbuild.git
cd esbuild
go build ./cmd/esbuild
./esbuild.exe --version
</code></pre>
<p>In addition, this release increases the minimum required node version
for esbuild's JavaScript API from node 12 to node 18. Node 18 is the
oldest version of node that is still being supported (see node's <a
href="https://nodejs.org/en/about/previous-releases">release
schedule</a> for more information). This increase is because of an
incompatibility between the JavaScript that the Go compiler generates
for the <code>esbuild-wasm</code> package and versions of node before
node 17.4 (specifically the <code>crypto.getRandomValues</code>
function).</p>
</li>
<li>
<p>Update <code>await using</code> behavior to match TypeScript</p>
<p>TypeScript 5.5 subtly changes the way <code>await using</code>
behaves. This release updates esbuild to match these changes in
TypeScript. You can read more about these changes in <a
href="https://redirect.github.com/microsoft/TypeScript/pull/58624">microsoft/TypeScript#58624</a>.</p>
</li>
<li>
<p>Allow <code>es2024</code> as a target environment</p>
<p>The ECMAScript 2024 specification was just approved, so it has been
added to esbuild as a possible compilation target. You can read more
about the features that it adds here: <a
href="https://2ality.com/2024/06/ecmascript-2024.html">https://2ality.com/2024/06/ecmascript-2024.html</a>.
The only addition that's relevant for esbuild is the regular expression
<code>/v</code> flag. With <code>--target=es2024</code>, regular
expressions that use the <code>/v</code> flag will now be passed through
untransformed instead of being transformed into a call to <code>new
RegExp</code>.</p>
</li>
<li>
<p>Publish binaries for OpenBSD on 64-bit ARM (<a
href="https://redirect.github.com/evanw/esbuild/issues/3665">#3665</a>,
<a
href="https://redirect.github.com/evanw/esbuild/pull/3674">#3674</a>)</p>
<p>With this release, you should now be able to install the
<code>esbuild</code> npm package in OpenBSD on 64-bit ARM, such as on an
Apple device with an M1 chip.</p>
<p>This was contributed by <a
href="https://github.com/ikmckenz"><code>@ikmckenz</code></a>.</p>
</li>
<li>
<p>Publish binaries for WASI (WebAssembly System Interface) preview 1
(<a
href="https://redirect.github.com/evanw/esbuild/issues/3300">#3300</a>,
<a
href="https://redirect.github.com/evanw/esbuild/pull/3779">#3779</a>)</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="80c6e6ea09"><code>80c6e6e</code></a>
publish 0.22.0 to npm</li>
<li><a
href="196dcad195"><code>196dcad</code></a>
fix <a
href="https://redirect.github.com/evanw/esbuild/issues/1874">#1874</a>:
node defaults to <code>--packages=external</code></li>
<li><a
href="3f57db853f"><code>3f57db8</code></a>
release notes for <a
href="https://redirect.github.com/evanw/esbuild/issues/3539">#3539</a></li>
<li><a
href="91663db644"><code>91663db</code></a>
Provide API to create a custom esbuild CLI with plugins (<a
href="https://redirect.github.com/evanw/esbuild/issues/3539">#3539</a>)</li>
<li><a
href="e01c0e028c"><code>e01c0e0</code></a>
also mention <a
href="https://redirect.github.com/evanw/esbuild/issues/3665">#3665</a>
in release notes</li>
<li><a
href="65711b32d5"><code>65711b3</code></a>
release notes for <a
href="https://redirect.github.com/evanw/esbuild/issues/3674">#3674</a></li>
<li><a
href="63eb8140a7"><code>63eb814</code></a>
Add OpenBSD arm64 (<a
href="https://redirect.github.com/evanw/esbuild/issues/3674">#3674</a>)</li>
<li><a
href="b7220009d0"><code>b722000</code></a>
fix <a
href="https://redirect.github.com/evanw/esbuild/issues/3300">#3300</a>,
fix <a
href="https://redirect.github.com/evanw/esbuild/issues/3779">#3779</a>:
add <code>@esbuild/wasi-preview1</code></li>
<li><a
href="6679ec8c7f"><code>6679ec8</code></a>
fix: verbose analyse output improperly trimmed (<a
href="https://redirect.github.com/evanw/esbuild/issues/3785">#3785</a>)</li>
<li><a
href="94f09ea521"><code>94f09ea</code></a>
fix <a
href="https://redirect.github.com/evanw/esbuild/issues/3790">#3790</a>:
warn about incorrect <code>onResolve</code> plugin</li>
<li>Additional commits viewable in <a
href="https://github.com/evanw/esbuild/compare/v0.21.4...v0.22.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `execa` from 9.1.0 to 9.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sindresorhus/execa/releases">execa's
releases</a>.</em></p>
<blockquote>
<h2>v9.3.0</h2>
<h2>Features</h2>
<ul>
<li>The <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/api.md#optionsverbose"><code>verbose</code></a>
option can now be <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/api.md#verbose-function">a
function</a> to <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/debugging.md#custom-logging">customize
logging</a>. (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1130">#1130</a>)</li>
</ul>
<h2>v9.2.0</h2>
<p>This release includes a <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/ipc.md">new
set of methods</a> to exchange messages between the current process and
a Node.js subprocess, also known as "IPC". This allows <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/input.md#any-input-type">passing</a>
and <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/output.md#any-output-type">returning</a>
almost any message type to/from a Node.js subprocess. Also, <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/ipc.md#debugging">debugging</a>
IPC is now much easier.</p>
<p>Moreover, a new <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/api.md#optionsgracefulcancel"><code>gracefulCancel</code></a>
option has also been added to <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/termination.md#graceful-termination">terminate
a subprocess gracefully</a>.</p>
<p>For a deeper dive-in, please check and share the <a
href="https://medium.com/@ehmicky/ipc-made-easy-with-execa-9-2-939c6a358731">release
post</a>!</p>
<p>Thanks <a href="https://github.com/iiroj"><code>@iiroj</code></a>
for your contribution, <a
href="https://github.com/SimonSiefke"><code>@SimonSiefke</code></a> and
<a href="https://github.com/adymorz"><code>@adymorz</code></a> for
reporting the bugs fixed in this release, and <a
href="https://github.com/karlhorky"><code>@karlhorky</code></a> for
improving the documentation!</p>
<h2>Deprecations</h2>
<ul>
<li>Passing <code>'ipc'</code> to the <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/api.md#optionsstdio"><code>stdio</code></a>
option has been deprecated. It will be removed in the next major
release. Instead, the <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/api.md#optionsipc"><code>ipc:
true</code></a> option should be used. (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1056">#1056</a>)</li>
</ul>
<pre lang="diff"><code>- await execa('npm', ['run', 'build'], {stdio:
['pipe', 'pipe', 'pipe', 'ipc']});
+ await execa('npm', ['run', 'build'], {ipc: true});
</code></pre>
<ul>
<li>The <a
href="https://github.com/sindresorhus/execa/blob/v9.1.0/docs/api.md#execacommandcommand-options"><code>execaCommand()</code></a>
method has been deprecated. It will be removed in the next major
release. If most cases, the <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/execution.md#template-string-syntax">template
string syntax</a> should be used instead.</li>
</ul>
<pre lang="diff"><code>- import {execaCommand} from 'execa';
+ import {execa} from 'execa';
<ul>
<li>await execaCommand('npm run build');</li>
</ul>
<ul>
<li>await execa<code>npm run build</code>;</li>
</ul>
<p>const taskName = 'build';</p>
<ul>
<li>await execaCommand(<code>npm run ${taskName}</code>);</li>
</ul>
<ul>
<li>await execa<code>npm run ${taskName}</code>;</li>
</ul>
<p>const commandArguments = ['run', 'task with space'];
await execa<code>npm ${commandArguments}</code>;
</code></pre></p>
<p>If the file and/or multiple arguments are supplied as a single
string, <a
href="https://github.com/sindresorhus/execa/blob/main/docs/api.md#parsecommandstringcommand">parseCommandString(command)</a>
can split that string into an array. <a
href="https://github.com/sindresorhus/execa/blob/HEAD/docs/escaping.md">More
info.</a> (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1054">#1054</a>)</p>
<pre lang="diff"><code>- import {execaCommand} from 'execa';
+ import {execa, parseCommandString} from 'execa';
<p>const commandString = 'npm run task';</p>
<ul>
<li>await execaCommand(commandString);</li>
</ul>
<ul>
<li>const commandArray = parseCommandString(commandString); // ['npm',
'run', 'task']</li>
<li>await execa<code>${commandArray}</code>;
</tr></table>
</code></pre></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="57658b0190"><code>57658b0</code></a>
9.3.0</li>
<li><a
href="8daf3484e9"><code>8daf348</code></a>
Allow <code>verbose</code> option to be a function for custom logging
(<a
href="https://redirect.github.com/sindresorhus/execa/issues/1130">#1130</a>)</li>
<li><a
href="78edcb9f2b"><code>78edcb9</code></a>
Fix c8 memory crash (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1129">#1129</a>)</li>
<li><a
href="18d320f93a"><code>18d320f</code></a>
Refactor test helpers for the <code>verbose</code> option (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1128">#1128</a>)</li>
<li><a
href="37e00242ea"><code>37e0024</code></a>
Add more tests for the <code>verbose</code> option (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1127">#1127</a>)</li>
<li><a
href="f9f1199f67"><code>f9f1199</code></a>
Refactor <code>verbose</code> logic (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1126">#1126</a>)</li>
<li><a
href="cbe805c72d"><code>cbe805c</code></a>
9.2.0</li>
<li><a
href="8ae69754d9"><code>8ae6975</code></a>
Send fewer requests with link checking (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1122">#1122</a>)</li>
<li><a
href="e15e5162c1"><code>e15e516</code></a>
Fix typo in IPC documentation (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1121">#1121</a>)</li>
<li><a
href="4044152329"><code>4044152</code></a>
Automatically check Markdown links (<a
href="https://redirect.github.com/sindresorhus/execa/issues/1120">#1120</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sindresorhus/execa/compare/v9.1.0...v9.3.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `yaml` from 2.4.2 to 2.4.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/eemeli/yaml/releases">yaml's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.5</h2>
<ul>
<li>Improve tab handling (<a
href="https://redirect.github.com/eemeli/yaml/issues/553">#553</a>,
yaml-test-suite tests <a
href="https://github.com/yaml/yaml-test-suite/blob/main/src/DK95.yaml">DK95</a>
& <a
href="https://github.com/yaml/yaml-test-suite/blob/main/src/Y79Y.yaml">Y79Y</a>)</li>
</ul>
<h2>v2.4.4</h2>
<p>With special thanks to <a
href="https://github.com/RedCMD"><code>@RedCMD</code></a> for finding
and reporting all of the following:</p>
<ul>
<li>Allow comment after top-level block scalar with explicit indent
indicator (<a
href="https://redirect.github.com/eemeli/yaml/issues/547">#547</a>)</li>
<li>Allow tab as indent for line comments before nodes (<a
href="https://redirect.github.com/eemeli/yaml/issues/548">#548</a>)</li>
<li>Do not allow tab before block collection (<a
href="https://redirect.github.com/eemeli/yaml/issues/549">#549</a>)</li>
<li>In flow collections, allow <code>[]{}</code> immediately after
<code>:</code> with plain key (<a
href="https://redirect.github.com/eemeli/yaml/issues/550">#550</a>)</li>
<li>Require indentation for <code>?</code> explicit-key contents (<a
href="https://redirect.github.com/eemeli/yaml/issues/551">#551</a>)</li>
<li>Require indentation from block scalar header & flow collections
in mapping values (<a
href="https://redirect.github.com/eemeli/yaml/issues/553">#553</a>)</li>
</ul>
<h2>v2.4.3</h2>
<ul>
<li>Improve error when parsing a non-string value (<a
href="https://redirect.github.com/eemeli/yaml/issues/459">#459</a>)</li>
<li>Do not parse <code>-.NaN</code> or <code>+.nan</code> as NaN (<a
href="https://redirect.github.com/eemeli/yaml/issues/546">#546</a>)</li>
<li>Support <code>#</code> within <code>%TAG</code> prefixes with
trailing <code>#comments</code></li>
<li>Check for non-node complex keys when stringifying with simpleKeys
(<a
href="https://redirect.github.com/eemeli/yaml/issues/541">#541</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1b8fde6717"><code>1b8fde6</code></a>
2.4.5</li>
<li><a
href="f3c7d030e9"><code>f3c7d03</code></a>
test: Obey yaml-test-suite skip instructions</li>
<li><a
href="4e66d72c76"><code>4e66d72</code></a>
fix: Improve tab handling (tests DK95 & Y79Y, <a
href="https://redirect.github.com/eemeli/yaml/issues/553">#553</a>)</li>
<li><a
href="d06f3867ae"><code>d06f386</code></a>
2.4.4</li>
<li><a
href="39053e83bb"><code>39053e8</code></a>
chore: Satisfy strict TS</li>
<li><a
href="8baee44423"><code>8baee44</code></a>
test: Use source files for yaml-test-suite tests</li>
<li><a
href="280a861919"><code>280a861</code></a>
fix: Allow comment after top-level block scalar with explicit indent
indicato...</li>
<li><a
href="767bc477e6"><code>767bc47</code></a>
fix: Require indentation from block scalar header & flow collections
in mappi...</li>
<li><a
href="5096f83786"><code>5096f83</code></a>
fix: Require indentation for ? explicit-key contents (fixes <a
href="https://redirect.github.com/eemeli/yaml/issues/551">#551</a>)</li>
<li><a
href="22f2c6fadd"><code>22f2c6f</code></a>
fix: In flow collections, allow []{} immediately after : with plain key
(fixe...</li>
<li>Additional commits viewable in <a
href="https://github.com/eemeli/yaml/compare/v2.4.2...v2.4.5">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>
Closes#140
The pull request at #95 introduced changes to avoid revoking expired
tokens by saving the `expiresAt` value in the state. The change,
however, used `core.setOutput` instead of `core.setState` meaning the
value is not saved in the state but rather available in the output.
```javascript
if (!skipTokenRevoke) {
core.saveState("token", authentication.token);
core.setOutput("expiresAt", authentication.expiresAt);
}
```
This means that when we use the value downstream, it evaluates to an
empty string and the following code block is never run:
```javascript
const expiresAt = core.getState("expiresAt");
if (expiresAt && tokenExpiresIn(expiresAt) < 0) {
core.info("Token expired, skipping token revocation");
return;
}
```
This is a tiny PR to correct that typo.
It is convenient to use `https://api.github.com/users/$app_slug[bot]` to
obtain the corresponding account ID later.
Then build `Signed-off-by: $app_slug[bot]
<$id+$app_slug[bot]@users.noreply.github.com>`.
Currently, there is no Linux environment to build test snapshot files
Fixes#72
If an Actions job is long enough, more than an hour can pass between
creating and revoking the App token in the post-job clean up step. Since
the token itself is used to authenticate with the revoke API, an expired
token will fail to be revoked.
This PR saves the token expiration in the actions state and uses that in
the post step to determine if the token can be revoked. I've also added
error handling to the revoke token API call, as it's unlikely that users
would want their job to fail if the token can't be revoked.
GitHub's macOS runners for the past while have had some bad clock drift
which sometimes prevents this action from working with the error:
```console
'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued
```
`@octokit/auth-app` already has logic to handle this so we can defer to
that code.
Fixes#57
This PR implements the 3-step plan proposed by @gr2m in
https://github.com/actions/create-github-app-token/issues/57#issuecomment-1751272252:
> 1. Support both input types
> 2. Log a deprecation warning for the old notation
> 3. Add a test for deprecations
Although this PR supports both input formats simultaneously, I opted
_not_ to document the old format in the updated README. That’s a
decision I’m happy to revisit, if y’all would prefer to have
documentation for both the old and new formats.
Fixes https://github.com/actions/create-github-app-token/issues/55
Currently, `actions/create-github-app-token` always/unconditionally
revokes the installation access token in a `post` step, at the
completion of the current job. This prevents tokens from being used in
other jobs.
This PR makes this behavior configurable:
- When the `skip-token-revoke` input is not specified (i.e. by default),
the token is revoked in a `post` step (i.e. the current behavior).
- When the `skip-token-revoke` input is set to a truthy value (e.g.
`"true"`[^1]), the token is not revoked in a `post` step.
This PR adds a test for the `skip-token-revoke: "true"` case.
This is configurable in other app token actions, e.g.
[tibdex/github-app-token](3eb77c7243/README.md (L46-L47))
and
[wow-actions/use-app-token](cd772994fc/README.md (L132)).
[^1]: Note that `"false"` is also truthy: `Boolean("false")` is `true`.
If we think that’ll potentially confuse folks, I can require
`skip-token-revoke` to be set explicitly to `"true"`.
semantic-release-bot