Merge 1d1e7b0d14 into 8edcb1bdb4

Revert "Revert "Revert "Revert "Revert "Bump the npm_and_yarn group across 1 directory with 5 updates"""""

.github/workflows/codacy.yml

@@ -0,0 +1,61 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow checks out code, performs a Codacy security scan
+# and integrates the results with the
+# GitHub Advanced Security code scanning feature.  For more information on
+# the Codacy security scan action usage and parameters, see
+# https://github.com/codacy/codacy-analysis-cli-action.
+# For more information on Codacy Analysis CLI in general, see
+# https://github.com/codacy/codacy-analysis-cli.
+
+name: Codacy Security Scan
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '39 20 * * 1'
+
+permissions:
+  contents: read
+
+jobs:
+  codacy-security-scan:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Codacy Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
+      - name: Run Codacy Analysis CLI
+        uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
+        with:
+          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
+          # You can also omit the token and run the tools that support default configurations
+          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          verbose: true
+          output: results.sarif
+          format: sarif
+          # Adjust severity of non-security issues
+          gh-code-scanning-compat: true
+          # Force 0 exit code to allow SARIF file generation
+          # This will handover control about PR rejection to the GitHub side
+          max-allowed-issues: 2147483647
+
+      # Upload the SARIF file generated in the previous step
+      - name: Upload SARIF results file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

.github/workflows/codeql.yml

@@ -0,0 +1,100 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '38 16 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: actions
+          build-mode: none
+        - language: javascript-typescript
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Add any setup steps before running the `github/codeql-action/init` action.
+    # This includes steps like installing compilers or runtimes (`actions/setup-node`
+    # or others). This is typically only required for manual builds.
+    # - name: Setup runtime (example)
+    #   uses: actions/setup-example@v1
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # If the analyze step fails for one of the languages you are analyzing with
+    # "We were unable to automatically build your code", modify the matrix above
+    # to set the build mode to "manual" for that language. Then modify this step
+    # to build your code.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    - if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        echo 'If you are using a "manual" build mode for one or more of the' \
+          'languages you are analyzing, replace this with the commands to build' \
+          'your code, for example:'
+        echo '  make bootstrap'
+        echo '  make release'
+        exit 1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/docker-image.yml

@@ -0,0 +1,18 @@
+name: Docker Image CI
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Build the Docker image
+      run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)

.github/workflows/fortify.yml

@@ -0,0 +1,129 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+################################################################################################################################################
+# Fortify Application Security provides your team with solutions to empower DevSecOps practices, enable cloud transformation, and secure your  #
+# software supply chain. To learn more about Fortify, start a free trial or contact our sales team, visit fortify.com.                         #
+#                                                                                                                                              #
+# Use this starter workflow as a basis for integrating Fortify Application Security Testing into your GitHub workflows. This template          #
+# demonstrates the steps to package the code+dependencies, initiate a scan, and optionally import SAST vulnerabilities into GitHub Security    #
+# Code Scanning Alerts. Additional information is available in the workflow comments and the Fortify AST Action / fcli / Fortify product       #
+# documentation. If you need additional assistance, please contact Fortify support.                                                            #
+################################################################################################################################################
+
+name: Fortify AST Scan
+
+# Customize trigger events based on your DevSecOps process and/or policy
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '40 23 * * 6'
+  workflow_dispatch:
+
+jobs:
+  Fortify-AST-Scan:
+    # Use the appropriate runner for building your source code. Ensure dev tools required to build your code are present and configured appropriately (MSBuild, Python, etc).
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+      # pull-requests: write     # Required if DO_PR_COMMENT is set to true
+
+    steps:
+      # Check out source code
+      - name: Check Out Source Code
+        uses: actions/checkout@v4
+
+      # Perform SAST and/or SCA scan via Fortify on Demand/Fortify Hosted/ScanCentral SAST/Debricked. Based on
+      # configuration, the Fortify GitHub Action can optionally set up the application version/release, generate
+      # job summaries and Pull Request comments, and/or export SAST results to the GitHub code scanning dashboard.
+      # The Fortify GitHub Action provides many customization capabilities, but in case further customization is
+      # required, you can use sub-actions like fortify/github-action/setup@v1 to set up the various Fortify tools
+      # and run them directly from within your pipeline. It is recommended to review the Fortify GitHub Action
+      # documentation at https://github.com/fortify/github-action#readme for more information on the various
+      # configuration options and available sub-actions.
+      - name: Run Fortify Scan
+        # Specify Fortify GitHub Action version to run. As per GitHub starter workflow requirements, this example
+        # uses the commit id corresponding to version 1.6.2. It is recommended to check whether any later releases
+        # are available at https://github.com/fortify/github-action/releases. Depending on the amount of stability
+        # required, you may want to consider using fortify/github-action@v1 instead to use the latest 1.x.y version
+        # of this action, allowing your workflows to automatically benefit from any new features and bug fixes.
+        uses: fortify/github-action@ef5539bf4bd9c45c0bd971978f635a69eae55297
+        with:
+          sast-scan: true          # Run a SAST scan; if not specified or set to false, no SAST scan will be run
+          debricked-sca-scan: true # For FoD, run an open-source scan as part of the SAST scan (ignored if SAST scan
+                                   # is disabled). For SSC, run a Debricked scan and import results into SSC.
+        env:
+          #############################################################
+          ##### Fortify on Demand configuration
+          ##### Remove this section if you're integrating with Fortify Hosted/Software Security Center (see below)
+          ### Required configuration
+          FOD_URL: https://ams.fortify.com                 # Must be hardcoded or configured through GitHub variable, not secret
+          FOD_TENANT: ${{secrets.FOD_TENANT}}              # Either tenant/user/password or client id/secret are required;
+          FOD_USER: ${{secrets.FOD_USER}}                  # these should be configured through GitHub secrets.
+          FOD_PASSWORD: ${{secrets.FOD_PAT}}
+          # FOD_CLIENT_ID: ${{secrets.FOD_CLIENT_ID}}
+          # FOD_CLIENT_SECRET: ${{secrets.FOD_CLIENT_SECRET}}
+          ### Optional configuration
+          # FOD_LOGIN_EXTRA_OPTS: --socket-timeout=60s     # Extra 'fcli fod session login' options
+          # FOD_RELEASE: MyApp:MyRelease                   # FoD release name, default: <org>/<repo>:<branch>
+          # DO_SETUP: true                                 # Setup FoD application, release & static scan configuration
+          # SETUP_ACTION: <URL or file>                    # Customize setup action
+                                                           # Pass extra options to setup action:
+          # SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}"
+          # PACKAGE_EXTRA_OPTS: -oss -bt mvn               # Extra 'scancentral package' options
+          # FOD_SAST_SCAN_EXTRA_OPTS:                      # Extra 'fcli fod sast-scan start' options
+          # DO_WAIT: true                                  # Wait for successful scan completion (implied if post-scan actions enabled)
+          # DO_POLICY_CHECK: true                          # Fail pipeline if security policy outcome is FAIL
+          # POLICY_CHECK_ACTION: <URL or file>             # Customize security policy checks
+          # POLICY_CHECK_EXTRA_OPTS: --on-unsigned=ignore  # Pass extra options to policy check action
+          # DO_JOB_SUMMARY: true                           # Generate workflow job summary
+          # JOB_SUMMARY_ACTION: <URL or file>              # Customize job summary
+          # JOB_SUMMARY_EXTRA_OPTS: --on-unsigned=ignore   # Pass extra options to job summary action
+          # DO_PR_COMMENT: true                            # Generate PR comments, only used on pull_request triggers
+          # PR_COMMENT_ACTION: <URL or file>               # Customize PR comments
+          # PR_COMMENT_EXTRA_OPTS: --on-unsigned=ignore    # Pass extra options to PR comment action
+          # DO_EXPORT: true                                # Export vulnerability data to GitHub code scanning dashboard
+          # EXPORT_ACTION: <URL or file>                   # Customize export action
+          # EXPORT_EXTRA_OPTS: --on-unsigned=ignore        # Pass extra options to export action
+          # TOOL_DEFINITIONS: <URL>                        # URL from where to retrieve Fortify tool definitions
+
+          #############################################################
+          ##### Fortify Hosted / Software Security Center & ScanCentral
+          ##### Remove this section if you're integrating with Fortify on Demand (see above)
+          ### Required configuration
+          SSC_URL: ${{vars.SSC_URL}}                       # Must be hardcoded or configured through GitHub variable, not secret
+          SSC_TOKEN: ${{secrets.SSC_TOKEN}}                # SSC CIToken; credentials should be configured through GitHub secrets
+          SC_SAST_TOKEN: ${{secrets.SC_CLIENT_AUTH_TOKEN}} # ScanCentral SAST client_auth_token, required if SAST scan is enabled
+          DEBRICKED_TOKEN: ${{secrets.DEBRICKED_TOKEN}}    # Debricked token, required if Debricked scan is enabled
+          SC_SAST_SENSOR_VERSION: 24.4.0                   # Sensor version to use for the scan, required if SAST scan is enabled
+          ### Optional configuration
+          # SSC_LOGIN_EXTRA_OPTS: --socket-timeout=60s     # Extra 'fcli ssc session login' options
+          # SC_SAST_LOGIN_EXTRA_OPTS: --socket-timeout=60s # Extra 'fcli sc-sast session login' options
+          # SSC_APPVERSION: MyApp:MyVersion                # SSC application version name, default: <org>/<repo>:<branch>
+          # DO_SETUP: true                                 # Set up SSC application & version
+          # SETUP_ACTION: <URL or file>                    # Customize setup action
+          # SETUP_EXTRA_OPTS: --on-unsigned=ignore         # Pass extra options to setup action
+          # PACKAGE_EXTRA_OPTS: -bt mvn                    # Extra 'scancentral package' options
+          # EXTRA_SC_SAST_SCAN_OPTS:                       # Extra 'fcli sc-sast scan start' options
+          # DO_WAIT: true                                  # Wait for successful scan completion (implied if post-scan actions enabled)
+          # DO_POLICY_CHECK: true                          # Fail pipeline if security policy outcome is FAIL
+          # POLICY_CHECK_ACTION: <URL or file>             # Customize security policy checks
+          # POLICY_CHECK_EXTRA_OPTS: --on-unsigned=ignore  # Pass extra options to policy check action
+          # DO_JOB_SUMMARY: true                           # Generate workflow job summary
+          # JOB_SUMMARY_ACTION: <URL or file>              # Customize job summary
+          # JOB_SUMMARY_EXTRA_OPTS: --on-unsigned=ignore   # Pass extra options to job summary action
+          # DO_PR_COMMENT: true                            # Generate PR comments, only used on pull_request triggers
+          # PR_COMMENT_ACTION: <URL or file>               # Customize PR comments
+          # PR_COMMENT_EXTRA_OPTS: --on-unsigned=ignore    # Pass extra options to PR comment action
+          # DO_EXPORT: true                                # Export vulnerability data to GitHub code scanning dashboard
+          # EXPORT_ACTION: <URL or file>                   # Customize export action
+          # EXPORT_EXTRA_OPTS: --on-unsigned=ignore        # Pass extra options to export action
+          # TOOL_DEFINITIONS: <URL>                        # URL from where to retrieve Fortify tool definitions

.github/workflows/jekyll-gh-pages.yml

@@ -0,0 +1,51 @@
+# Sample workflow for building and deploying a Jekyll site to GitHub Pages
+name: Deploy Jekyll with GitHub Pages dependencies preinstalled
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: ["main"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  # Build job
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Pages
+        uses: actions/configure-pages@v5
+      - name: Build with Jekyll
+        uses: actions/jekyll-build-pages@v1
+        with:
+          source: ./
+          destination: ./_site
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+
+  # Deployment job
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.github/workflows/main.yml

@@ -0,0 +1,16 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "terraform"
+    directory: "/infra"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.licenses/npm/@octokit/endpoint.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@octokit/endpoint"
-version: 9.0.6
+version: 9.0.5
 type: npm
 summary: Turns REST API endpoints into generic request options
-homepage:
+homepage: 
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/plugin-paginate-rest.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@octokit/plugin-paginate-rest"
-version: 9.2.2
+version: 9.2.1
 type: npm
 summary: Octokit plugin to paginate REST API endpoint responses
-homepage:
+homepage: 
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/request-error.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@octokit/request-error"
-version: 5.1.1
+version: 5.1.0
 type: npm
 summary: Error class for Octokit request errors
-homepage:
+homepage: 
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@octokit/request.dep.yml

@@ -1,10 +1,10 @@
 ---
 name: "@octokit/request"
-version: 8.4.1
+version: 8.4.0
 type: npm
 summary: Send parameterized requests to GitHub's APIs with sensible defaults in browsers
   and Node
-homepage:
+homepage: 
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/undici.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: undici
-version: 5.29.0
+version: 5.28.4
 type: npm
 summary: An HTTP/1.1 client, written from scratch for Node.js
 homepage: https://undici.nodejs.org

CHANGELOG.md

@@ -1,14 +1,5 @@
 # Changelog
 
-## V4.3.0
-* docs: update README.md by @motss in https://github.com/actions/checkout/pull/1971
-* Add internal repos for checking out multiple repositories by @mouismail in https://github.com/actions/checkout/pull/1977
-* Documentation update - add recommended permissions to Readme by @benwells in https://github.com/actions/checkout/pull/2043
-* Adjust positioning of user email note and permissions heading by @joshmgross in https://github.com/actions/checkout/pull/2044
-* Update README.md by @nebuk89 in https://github.com/actions/checkout/pull/2194
-* Update CODEOWNERS for actions by @TingluoHuang in https://github.com/actions/checkout/pull/2224
-* Update package dependencies by @salmanmkc in https://github.com/actions/checkout/pull/2236
-
 ## v4.2.2
 * `url-helper.ts` now leverages well-known environment variables by @jww3 in https://github.com/actions/checkout/pull/1941
 * Expand unit test coverage for `isGhes` by @jww3 in https://github.com/actions/checkout/pull/1946

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.

__test__/git-auth-helper.test.ts

@@ -675,283 +675,6 @@ describe('git-auth-helper tests', () => {
     expect(gitConfigContent.indexOf('http.')).toBeLessThan(0)
   })
 
-  const removeAuth_removesV6StyleCredentials =
-    'removeAuth removes v6 style credentials'
-  it(removeAuth_removesV6StyleCredentials, async () => {
-    // Arrange
-    await setup(removeAuth_removesV6StyleCredentials)
-    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
-    await authHelper.configureAuth()
-
-    // Manually create v6-style credentials that would be left by v6
-    const credentialsFileName =
-      'git-credentials-12345678-1234-1234-1234-123456789abc.config'
-    const credentialsFilePath = path.join(runnerTemp, credentialsFileName)
-    const basicCredential = Buffer.from(
-      `x-access-token:${settings.authToken}`,
-      'utf8'
-    ).toString('base64')
-    const credentialsContent = `[http "https://github.com/"]\n\textraheader = AUTHORIZATION: basic ${basicCredential}\n`
-    await fs.promises.writeFile(credentialsFilePath, credentialsContent)
-
-    // Add includeIf entries to local git config (simulating v6 configuration)
-    const hostGitDir = path.join(workspace, '.git').replace(/\\/g, '/')
-    await fs.promises.appendFile(
-      localGitConfigPath,
-      `[includeIf "gitdir:${hostGitDir}/"]\n\tpath = ${credentialsFilePath}\n`
-    )
-    await fs.promises.appendFile(
-      localGitConfigPath,
-      `[includeIf "gitdir:/github/workspace/.git/"]\n\tpath = /github/runner_temp/${credentialsFileName}\n`
-    )
-
-    // Verify v6 style config exists
-    let gitConfigContent = (
-      await fs.promises.readFile(localGitConfigPath)
-    ).toString()
-    expect(gitConfigContent.indexOf('includeIf')).toBeGreaterThanOrEqual(0)
-    expect(
-      gitConfigContent.indexOf(credentialsFilePath)
-    ).toBeGreaterThanOrEqual(0)
-    await fs.promises.stat(credentialsFilePath) // Verify file exists
-
-    // Mock the git methods to handle v6 cleanup
-    const mockTryGetConfigKeys = git.tryGetConfigKeys as jest.Mock<any, any>
-    mockTryGetConfigKeys.mockResolvedValue([
-      `includeIf.gitdir:${hostGitDir}/.path`,
-      'includeIf.gitdir:/github/workspace/.git/.path'
-    ])
-
-    const mockTryGetConfigValues = git.tryGetConfigValues as jest.Mock<any, any>
-    mockTryGetConfigValues.mockImplementation(async (key: string) => {
-      if (key === `includeIf.gitdir:${hostGitDir}/.path`) {
-        return [credentialsFilePath]
-      }
-      if (key === 'includeIf.gitdir:/github/workspace/.git/.path') {
-        return [`/github/runner_temp/${credentialsFileName}`]
-      }
-      return []
-    })
-
-    const mockTryConfigUnsetValue = git.tryConfigUnsetValue as jest.Mock<
-      any,
-      any
-    >
-    mockTryConfigUnsetValue.mockImplementation(
-      async (
-        key: string,
-        value: string,
-        globalConfig?: boolean,
-        configPath?: string
-      ) => {
-        const targetPath = configPath || localGitConfigPath
-        let content = await fs.promises.readFile(targetPath, 'utf8')
-        // Remove the includeIf section
-        const lines = content
-          .split('\n')
-          .filter(line => !line.includes('includeIf') && !line.includes(value))
-        await fs.promises.writeFile(targetPath, lines.join('\n'))
-        return true
-      }
-    )
-
-    // Act
-    await authHelper.removeAuth()
-
-    // Assert includeIf entries removed from local git config
-    gitConfigContent = (
-      await fs.promises.readFile(localGitConfigPath)
-    ).toString()
-    expect(gitConfigContent.indexOf('includeIf')).toBeLessThan(0)
-    expect(gitConfigContent.indexOf(credentialsFilePath)).toBeLessThan(0)
-
-    // Assert credentials config file deleted
-    try {
-      await fs.promises.stat(credentialsFilePath)
-      throw new Error('Credentials file should have been deleted')
-    } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
-        throw err
-      }
-    }
-  })
-
-  const removeAuth_removesV6StyleCredentialsFromSubmodules =
-    'removeAuth removes v6 style credentials from submodules'
-  it(removeAuth_removesV6StyleCredentialsFromSubmodules, async () => {
-    // Arrange
-    await setup(removeAuth_removesV6StyleCredentialsFromSubmodules)
-
-    // Create fake submodule config paths
-    const submodule1Dir = path.join(workspace, '.git', 'modules', 'submodule-1')
-    const submodule1ConfigPath = path.join(submodule1Dir, 'config')
-    await fs.promises.mkdir(submodule1Dir, {recursive: true})
-    await fs.promises.writeFile(submodule1ConfigPath, '')
-
-    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
-    await authHelper.configureAuth()
-
-    // Create v6-style credentials file
-    const credentialsFileName =
-      'git-credentials-abcdef12-3456-7890-abcd-ef1234567890.config'
-    const credentialsFilePath = path.join(runnerTemp, credentialsFileName)
-    const basicCredential = Buffer.from(
-      `x-access-token:${settings.authToken}`,
-      'utf8'
-    ).toString('base64')
-    const credentialsContent = `[http "https://github.com/"]\n\textraheader = AUTHORIZATION: basic ${basicCredential}\n`
-    await fs.promises.writeFile(credentialsFilePath, credentialsContent)
-
-    // Add includeIf entries to submodule config
-    const submodule1GitDir = submodule1Dir.replace(/\\/g, '/')
-    await fs.promises.appendFile(
-      submodule1ConfigPath,
-      `[includeIf "gitdir:${submodule1GitDir}/"]\n\tpath = ${credentialsFilePath}\n`
-    )
-
-    // Verify submodule config has includeIf entry
-    let submoduleConfigContent = (
-      await fs.promises.readFile(submodule1ConfigPath)
-    ).toString()
-    expect(submoduleConfigContent.indexOf('includeIf')).toBeGreaterThanOrEqual(
-      0
-    )
-    expect(
-      submoduleConfigContent.indexOf(credentialsFilePath)
-    ).toBeGreaterThanOrEqual(0)
-
-    // Mock getSubmoduleConfigPaths
-    const mockGetSubmoduleConfigPaths =
-      git.getSubmoduleConfigPaths as jest.Mock<any, any>
-    mockGetSubmoduleConfigPaths.mockResolvedValue([submodule1ConfigPath])
-
-    // Mock tryGetConfigKeys for submodule
-    const mockTryGetConfigKeys = git.tryGetConfigKeys as jest.Mock<any, any>
-    mockTryGetConfigKeys.mockImplementation(
-      async (pattern: string, globalConfig?: boolean, configPath?: string) => {
-        if (configPath === submodule1ConfigPath) {
-          return [`includeIf.gitdir:${submodule1GitDir}/.path`]
-        }
-        return []
-      }
-    )
-
-    // Mock tryGetConfigValues for submodule
-    const mockTryGetConfigValues = git.tryGetConfigValues as jest.Mock<any, any>
-    mockTryGetConfigValues.mockImplementation(
-      async (key: string, globalConfig?: boolean, configPath?: string) => {
-        if (
-          configPath === submodule1ConfigPath &&
-          key === `includeIf.gitdir:${submodule1GitDir}/.path`
-        ) {
-          return [credentialsFilePath]
-        }
-        return []
-      }
-    )
-
-    // Mock tryConfigUnsetValue for submodule
-    const mockTryConfigUnsetValue = git.tryConfigUnsetValue as jest.Mock<
-      any,
-      any
-    >
-    mockTryConfigUnsetValue.mockImplementation(
-      async (
-        key: string,
-        value: string,
-        globalConfig?: boolean,
-        configPath?: string
-      ) => {
-        const targetPath = configPath || localGitConfigPath
-        let content = await fs.promises.readFile(targetPath, 'utf8')
-        const lines = content
-          .split('\n')
-          .filter(line => !line.includes('includeIf') && !line.includes(value))
-        await fs.promises.writeFile(targetPath, lines.join('\n'))
-        return true
-      }
-    )
-
-    // Act
-    await authHelper.removeAuth()
-
-    // Assert submodule includeIf entries removed
-    submoduleConfigContent = (
-      await fs.promises.readFile(submodule1ConfigPath)
-    ).toString()
-    expect(submoduleConfigContent.indexOf('includeIf')).toBeLessThan(0)
-    expect(submoduleConfigContent.indexOf(credentialsFilePath)).toBeLessThan(0)
-
-    // Assert credentials file deleted
-    try {
-      await fs.promises.stat(credentialsFilePath)
-      throw new Error('Credentials file should have been deleted')
-    } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
-        throw err
-      }
-    }
-  })
-
-  const removeAuth_skipsV6CleanupWhenEnvVarSet =
-    'removeAuth skips v6 cleanup when ACTIONS_CHECKOUT_SKIP_V6_CLEANUP is set'
-  it(removeAuth_skipsV6CleanupWhenEnvVarSet, async () => {
-    // Arrange
-    await setup(removeAuth_skipsV6CleanupWhenEnvVarSet)
-
-    // Set the skip environment variable
-    process.env['ACTIONS_CHECKOUT_SKIP_V6_CLEANUP'] = '1'
-
-    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
-    await authHelper.configureAuth()
-
-    // Create v6-style credentials file in RUNNER_TEMP
-    const credentialsFileName = 'git-credentials-test-uuid-1234-5678.config'
-    const credentialsFilePath = path.join(runnerTemp, credentialsFileName)
-    const credentialsContent =
-      '[http "https://github.com/"]\n\textraheader = AUTHORIZATION: basic token\n'
-    await fs.promises.writeFile(credentialsFilePath, credentialsContent)
-
-    // Add includeIf section to local git config (separate from http.* config)
-    const includeIfSection = `\n[includeIf "gitdir:/some/path/.git/"]\n\tpath = ${credentialsFilePath}\n`
-    await fs.promises.appendFile(localGitConfigPath, includeIfSection)
-
-    // Verify v6 style config exists
-    let gitConfigContent = (
-      await fs.promises.readFile(localGitConfigPath)
-    ).toString()
-    expect(gitConfigContent.indexOf('includeIf')).toBeGreaterThanOrEqual(0)
-    await fs.promises.stat(credentialsFilePath) // Verify file exists
-
-    // Act
-    await authHelper.removeAuth()
-
-    // Assert v5 cleanup still happened (http.* removed)
-    gitConfigContent = (
-      await fs.promises.readFile(localGitConfigPath)
-    ).toString()
-    expect(
-      gitConfigContent.indexOf('http.https://github.com/.extraheader')
-    ).toBeLessThan(0)
-
-    // Assert v6 cleanup was skipped - includeIf should still be present
-    expect(gitConfigContent.indexOf('includeIf')).toBeGreaterThanOrEqual(0)
-    expect(
-      gitConfigContent.indexOf(credentialsFilePath)
-    ).toBeGreaterThanOrEqual(0)
-
-    // Assert credentials file still exists (wasn't deleted)
-    await fs.promises.stat(credentialsFilePath) // File should still exist
-
-    // Assert debug message was logged
-    expect(core.debug).toHaveBeenCalledWith(
-      'Skipping v6 style cleanup due to ACTIONS_CHECKOUT_SKIP_V6_CLEANUP'
-    )
-
-    // Cleanup
-    delete process.env['ACTIONS_CHECKOUT_SKIP_V6_CLEANUP']
-  })
-
   const removeGlobalConfig_removesOverride =
     'removeGlobalConfig removes override'
   it(removeGlobalConfig_removesOverride, async () => {
@@ -1073,18 +796,6 @@ async function setup(testName: string): Promise<void> {
     ),
     tryDisableAutomaticGarbageCollection: jest.fn(),
     tryGetFetchUrl: jest.fn(),
-    getSubmoduleConfigPaths: jest.fn(async () => {
-      return []
-    }),
-    tryConfigUnsetValue: jest.fn(async () => {
-      return true
-    }),
-    tryGetConfigValues: jest.fn(async () => {
-      return []
-    }),
-    tryGetConfigKeys: jest.fn(async () => {
-      return []
-    }),
     tryReset: jest.fn(),
     version: jest.fn()
   }

__test__/git-directory-helper.test.ts

@@ -499,18 +499,6 @@ async function setup(testName: string): Promise<void> {
       await fs.promises.stat(path.join(repositoryPath, '.git'))
       return repositoryUrl
     }),
-    getSubmoduleConfigPaths: jest.fn(async () => {
-      return []
-    }),
-    tryConfigUnsetValue: jest.fn(async () => {
-      return true
-    }),
-    tryGetConfigValues: jest.fn(async () => {
-      return []
-    }),
-    tryGetConfigKeys: jest.fn(async () => {
-      return []
-    }),
     tryReset: jest.fn(async () => {
       return true
     }),

dist/index.js

@@ -411,50 +411,8 @@ class GitAuthHelper {
     }
     removeToken() {
         return __awaiter(this, void 0, void 0, function* () {
-            // Remove HTTP extra header from local git config and submodule configs
+            // HTTP extra header
             yield this.removeGitConfig(this.tokenConfigKey);
-            //
-            // Cleanup actions/checkout@v6 style credentials
-            //
-            const skipV6Cleanup = process.env['ACTIONS_CHECKOUT_SKIP_V6_CLEANUP'];
-            if (skipV6Cleanup === '1' || (skipV6Cleanup === null || skipV6Cleanup === void 0 ? void 0 : skipV6Cleanup.toLowerCase()) === 'true') {
-                core.debug('Skipping v6 style cleanup due to ACTIONS_CHECKOUT_SKIP_V6_CLEANUP');
-                return;
-            }
-            try {
-                // Collect credentials config paths that need to be removed
-                const credentialsPaths = new Set();
-                // Remove includeIf entries that point to git-credentials-*.config files
-                const mainCredentialsPaths = yield this.removeIncludeIfCredentials();
-                mainCredentialsPaths.forEach(path => credentialsPaths.add(path));
-                // Remove submodule includeIf entries that point to git-credentials-*.config files
-                try {
-                    const submoduleConfigPaths = yield this.git.getSubmoduleConfigPaths(true);
-                    for (const configPath of submoduleConfigPaths) {
-                        const submoduleCredentialsPaths = yield this.removeIncludeIfCredentials(configPath);
-                        submoduleCredentialsPaths.forEach(path => credentialsPaths.add(path));
-                    }
-                }
-                catch (err) {
-                    core.debug(`Unable to get submodule config paths: ${err}`);
-                }
-                // Remove credentials config files
-                for (const credentialsPath of credentialsPaths) {
-                    // Only remove credentials config files if they are under RUNNER_TEMP
-                    const runnerTemp = process.env['RUNNER_TEMP'];
-                    if (runnerTemp && credentialsPath.startsWith(runnerTemp)) {
-                        try {
-                            yield io.rmRF(credentialsPath);
-                        }
-                        catch (err) {
-                            core.debug(`Failed to remove credentials config '${credentialsPath}': ${err}`);
-                        }
-                    }
-                }
-            }
-            catch (err) {
-                core.debug(`Failed to cleanup v6 style credentials: ${err}`);
-            }
         });
     }
     removeGitConfig(configKey_1) {
@@ -472,49 +430,6 @@ class GitAuthHelper {
             `sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`, true);
         });
     }
-    /**
-     * Removes includeIf entries that point to git-credentials-*.config files.
-     * This handles cleanup of credentials configured by newer versions of the action.
-     * @param configPath Optional path to a specific git config file to operate on
-     * @returns Array of unique credentials config file paths that were found and removed
-     */
-    removeIncludeIfCredentials(configPath) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const credentialsPaths = new Set();
-            try {
-                // Get all includeIf.gitdir keys
-                const keys = yield this.git.tryGetConfigKeys('^includeIf\\.gitdir:', false, // globalConfig?
-                configPath);
-                for (const key of keys) {
-                    // Get all values for this key
-                    const values = yield this.git.tryGetConfigValues(key, false, // globalConfig?
-                    configPath);
-                    if (values.length > 0) {
-                        // Remove only values that match git-credentials-<uuid>.config pattern
-                        for (const value of values) {
-                            if (this.testCredentialsConfigPath(value)) {
-                                credentialsPaths.add(value);
-                                yield this.git.tryConfigUnsetValue(key, value, false, configPath);
-                            }
-                        }
-                    }
-                }
-            }
-            catch (err) {
-                // Ignore errors - this is cleanup code
-                core.debug(`Error during includeIf cleanup${configPath ? ` for ${configPath}` : ''}: ${err}`);
-            }
-            return Array.from(credentialsPaths);
-        });
-    }
-    /**
-     * Tests if a path matches the git-credentials-*.config pattern used by newer versions.
-     * @param path The path to test
-     * @returns True if the path matches the credentials config pattern
-     */
-    testCredentialsConfigPath(path) {
-        return /git-credentials-[0-9a-f-]+\.config$/i.test(path);
-    }
 }
 
 
@@ -791,16 +706,6 @@ class GitCommandManager {
             throw new Error('Unexpected output when retrieving default branch');
         });
     }
-    getSubmoduleConfigPaths(recursive) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Get submodule config file paths.
-            // Use `--show-origin` to get the config file path for each submodule.
-            const output = yield this.submoduleForeach(`git config --local --show-origin --name-only --get-regexp remote.origin.url`, recursive);
-            // Extract config file paths from the output (lines starting with "file:").
-            const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
-            return configPaths;
-        });
-    }
     getWorkingDirectory() {
         return this.workingDirectory;
     }
@@ -931,20 +836,6 @@ class GitCommandManager {
             return output.exitCode === 0;
         });
     }
-    tryConfigUnsetValue(configKey, configValue, globalConfig, configFile) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const args = ['config'];
-            if (configFile) {
-                args.push('--file', configFile);
-            }
-            else {
-                args.push(globalConfig ? '--global' : '--local');
-            }
-            args.push('--unset', configKey, configValue);
-            const output = yield this.execGit(args, true);
-            return output.exitCode === 0;
-        });
-    }
     tryDisableAutomaticGarbageCollection() {
         return __awaiter(this, void 0, void 0, function* () {
             const output = yield this.execGit(['config', '--local', 'gc.auto', '0'], true);
@@ -964,46 +855,6 @@ class GitCommandManager {
             return stdout;
         });
     }
-    tryGetConfigValues(configKey, globalConfig, configFile) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const args = ['config'];
-            if (configFile) {
-                args.push('--file', configFile);
-            }
-            else {
-                args.push(globalConfig ? '--global' : '--local');
-            }
-            args.push('--get-all', configKey);
-            const output = yield this.execGit(args, true);
-            if (output.exitCode !== 0) {
-                return [];
-            }
-            return output.stdout
-                .trim()
-                .split('\n')
-                .filter(value => value.trim());
-        });
-    }
-    tryGetConfigKeys(pattern, globalConfig, configFile) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const args = ['config'];
-            if (configFile) {
-                args.push('--file', configFile);
-            }
-            else {
-                args.push(globalConfig ? '--global' : '--local');
-            }
-            args.push('--name-only', '--get-regexp', pattern);
-            const output = yield this.execGit(args, true);
-            if (output.exitCode !== 0) {
-                return [];
-            }
-            return output.stdout
-                .trim()
-                .split('\n')
-                .filter(key => key.trim());
-        });
-    }
     tryReset() {
         return __awaiter(this, void 0, void 0, function* () {
             const output = yield this.execGit(['reset', '--hard', 'HEAD'], true);
@@ -7951,7 +7802,7 @@ module.exports = __toCommonJS(dist_src_exports);
 var import_universal_user_agent = __nccwpck_require__(5030);
 
 // pkg/dist-src/version.js
-var VERSION = "9.0.6";
+var VERSION = "9.0.5";
 
 // pkg/dist-src/defaults.js
 var userAgent = `octokit-endpoint.js/${VERSION} ${(0, import_universal_user_agent.getUserAgent)()}`;
@@ -8056,9 +7907,9 @@ function addQueryParameters(url, parameters) {
 }
 
 // pkg/dist-src/util/extract-url-variable-names.js
-var urlVariableRegex = /\{[^{}}]+\}/g;
+var urlVariableRegex = /\{[^}]+\}/g;
 function removeNonChars(variableName) {
-  return variableName.replace(/(?:^\W+)|(?:(?<!\W)\W+$)/g, "").split(/,/);
+  return variableName.replace(/^\W+|\W+$/g, "").split(/,/);
 }
 function extractUrlVariableNames(url) {
   const matches = url.match(urlVariableRegex);
@@ -8244,7 +8095,7 @@ function parse(options) {
     }
     if (url.endsWith("/graphql")) {
       if (options.mediaType.previews?.length) {
-        const previewsFromAcceptHeader = headers.accept.match(/(?<![\w-])[\w-]+(?=-preview)/g) || [];
+        const previewsFromAcceptHeader = headers.accept.match(/[\w-]+(?=-preview)/g) || [];
         headers.accept = previewsFromAcceptHeader.concat(options.mediaType.previews).map((preview) => {
           const format = options.mediaType.format ? `.${options.mediaType.format}` : "+json";
           return `application/vnd.github.${preview}-preview${format}`;
@@ -8493,7 +8344,7 @@ __export(dist_src_exports, {
 module.exports = __toCommonJS(dist_src_exports);
 
 // pkg/dist-src/version.js
-var VERSION = "9.2.2";
+var VERSION = "9.2.1";
 
 // pkg/dist-src/normalize-paginated-list-response.js
 function normalizePaginatedListResponse(response) {
@@ -8541,7 +8392,7 @@ function iterator(octokit, route, parameters) {
           const response = await requestMethod({ method, url, headers });
           const normalizedResponse = normalizePaginatedListResponse(response);
           url = ((normalizedResponse.headers.link || "").match(
-            /<([^<>]+)>;\s*rel="next"/
+            /<([^>]+)>;\s*rel="next"/
           ) || [])[1];
           return { value: normalizedResponse };
         } catch (error) {
@@ -11093,7 +10944,7 @@ var RequestError = class extends Error {
     if (options.request.headers.authorization) {
       requestCopy.headers = Object.assign({}, options.request.headers, {
         authorization: options.request.headers.authorization.replace(
-          /(?<! ) .*$/,
+          / .*$/,
           " [REDACTED]"
         )
       });
@@ -11161,7 +11012,7 @@ var import_endpoint = __nccwpck_require__(9440);
 var import_universal_user_agent = __nccwpck_require__(5030);
 
 // pkg/dist-src/version.js
-var VERSION = "8.4.1";
+var VERSION = "8.4.0";
 
 // pkg/dist-src/is-plain-object.js
 function isPlainObject(value) {
@@ -11220,7 +11071,7 @@ function fetchWrapper(requestOptions) {
       headers[keyAndValue[0]] = keyAndValue[1];
     }
     if ("deprecation" in headers) {
-      const matches = headers.link && headers.link.match(/<([^<>]+)>; rel="deprecation"/);
+      const matches = headers.link && headers.link.match(/<([^>]+)>; rel="deprecation"/);
       const deprecationLink = matches && matches.pop();
       log.warn(
         `[@octokit/request] "${requestOptions.method} ${requestOptions.url}" is deprecated. It is scheduled to be removed on ${headers.sunset}${deprecationLink ? `. See ${deprecationLink}` : ""}`
@@ -18874,7 +18725,7 @@ module.exports = {
 
 
 const { parseSetCookie } = __nccwpck_require__(4408)
-const { stringify } = __nccwpck_require__(3121)
+const { stringify, getHeadersList } = __nccwpck_require__(3121)
 const { webidl } = __nccwpck_require__(1744)
 const { Headers } = __nccwpck_require__(554)
 
@@ -18950,13 +18801,14 @@ function getSetCookies (headers) {
 
   webidl.brandCheck(headers, Headers, { strict: false })
 
-  const cookies = headers.getSetCookie()
+  const cookies = getHeadersList(headers).cookies
 
   if (!cookies) {
     return []
   }
 
-  return cookies.map((pair) => parseSetCookie(pair))
+  // In older versions of undici, cookies is a list of name:value.
+  return cookies.map((pair) => parseSetCookie(Array.isArray(pair) ? pair[1] : pair))
 }
 
 /**
@@ -19384,15 +19236,14 @@ module.exports = {
 /***/ }),
 
 /***/ 3121:
-/***/ ((module) => {
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
 
 "use strict";
 
 
-/**
- * @param {string} value
- * @returns {boolean}
- */
+const assert = __nccwpck_require__(9491)
+const { kHeadersList } = __nccwpck_require__(2785)
+
 function isCTLExcludingHtab (value) {
   if (value.length === 0) {
     return false
@@ -19653,13 +19504,31 @@ function stringify (cookie) {
   return out.join('; ')
 }
 
+let kHeadersListNode
+
+function getHeadersList (headers) {
+  if (headers[kHeadersList]) {
+    return headers[kHeadersList]
+  }
+
+  if (!kHeadersListNode) {
+    kHeadersListNode = Object.getOwnPropertySymbols(headers).find(
+      (symbol) => symbol.description === 'headers list'
+    )
+
+    assert(kHeadersListNode, 'Headers cannot be parsed')
+  }
+
+  const headersList = headers[kHeadersListNode]
+  assert(headersList)
+
+  return headersList
+}
+
 module.exports = {
   isCTLExcludingHtab,
-  validateCookieName,
-  validateCookiePath,
-  validateCookieValue,
-  toIMFDate,
-  stringify
+  stringify,
+  getHeadersList
 }
 
 
@@ -21588,14 +21457,6 @@ const { isUint8Array, isArrayBuffer } = __nccwpck_require__(9830)
 const { File: UndiciFile } = __nccwpck_require__(8511)
 const { parseMIMEType, serializeAMimeType } = __nccwpck_require__(685)
 
-let random
-try {
-  const crypto = __nccwpck_require__(6005)
-  random = (max) => crypto.randomInt(0, max)
-} catch {
-  random = (max) => Math.floor(Math.random(max))
-}
-
 let ReadableStream = globalThis.ReadableStream
 
 /** @type {globalThis['File']} */
@@ -21681,7 +21542,7 @@ function extractBody (object, keepalive = false) {
     // Set source to a copy of the bytes held by object.
     source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength))
   } else if (util.isFormDataLike(object)) {
-    const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}`
+    const boundary = `----formdata-undici-0${`${Math.floor(Math.random() * 1e11)}`.padStart(11, '0')}`
     const prefix = `--${boundary}\r\nContent-Disposition: form-data`
 
     /*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */
@@ -23663,7 +23524,6 @@ const {
   isValidHeaderName,
   isValidHeaderValue
 } = __nccwpck_require__(2538)
-const util = __nccwpck_require__(3837)
 const { webidl } = __nccwpck_require__(1744)
 const assert = __nccwpck_require__(9491)
 
@@ -24217,9 +24077,6 @@ Object.defineProperties(Headers.prototype, {
   [Symbol.toStringTag]: {
     value: 'Headers',
     configurable: true
-  },
-  [util.inspect.custom]: {
-    enumerable: false
   }
 })
 
@@ -33396,20 +33253,6 @@ class Pool extends PoolBase {
       ? { ...options.interceptors }
       : undefined
     this[kFactory] = factory
-
-    this.on('connectionError', (origin, targets, error) => {
-      // If a connection error occurs, we remove the client from the pool,
-      // and emit a connectionError event. They will not be re-used.
-      // Fixes https://github.com/nodejs/undici/issues/3895
-      for (const target of targets) {
-        // Do not use kRemoveClient here, as it will close the client,
-        // but the client cannot be closed in this state.
-        const idx = this[kClients].indexOf(target)
-        if (idx !== -1) {
-          this[kClients].splice(idx, 1)
-        }
-      }
-    })
   }
 
   [kGetDispatcher] () {
@@ -36565,14 +36408,6 @@ module.exports = require("net");
 
 /***/ }),
 
-/***/ 6005:
-/***/ ((module) => {
-
-"use strict";
-module.exports = require("node:crypto");
-
-/***/ }),
-
 /***/ 5673:
 /***/ ((module) => {
 

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "checkout",
-  "version": "4.3.0",
+  "version": "4.2.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "checkout",
-      "version": "4.3.0",
+      "version": "4.2.2",
       "license": "MIT",
       "dependencies": {
         "@actions/core": "^1.10.1",
@@ -129,15 +129,13 @@
       }
     },
     "node_modules/@babel/code-frame": {
-      "version": "7.27.1",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz",
-      "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==",
+      "version": "7.24.2",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz",
+      "integrity": "sha512-y5+tLQyV8pg3fsiln67BVLD1P13Eg4lh5RW9mF0zUuvLrv9uIQ4MCL+CRT+FTsBlBjcIan6PGsLcBN0m3ClUyQ==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
-        "@babel/helper-validator-identifier": "^7.27.1",
-        "js-tokens": "^4.0.0",
-        "picocolors": "^1.1.1"
+        "@babel/highlight": "^7.24.2",
+        "picocolors": "^1.0.0"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -312,21 +310,19 @@
       }
     },
     "node_modules/@babel/helper-string-parser": {
-      "version": "7.27.1",
-      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
-      "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
+      "version": "7.24.1",
+      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz",
+      "integrity": "sha512-2ofRCjnnA9y+wk8b9IAREroeUP02KHp431N2mhKniy2yKIDKpbrHv9eXwm8cBeWQYcJmzv5qKCu65P47eCF7CQ==",
       "dev": true,
-      "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-validator-identifier": {
-      "version": "7.27.1",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz",
-      "integrity": "sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow==",
+      "version": "7.22.20",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz",
+      "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==",
       "dev": true,
-      "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
       }
@@ -341,28 +337,110 @@
       }
     },
     "node_modules/@babel/helpers": {
-      "version": "7.28.2",
-      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.28.2.tgz",
-      "integrity": "sha512-/V9771t+EgXz62aCcyofnQhGM8DQACbRhvzKFsXKC9QM+5MadF8ZmIm0crDMaz3+o0h0zXfJnd4EhbYbxsrcFw==",
+      "version": "7.24.4",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz",
+      "integrity": "sha512-FewdlZbSiwaVGlgT1DPANDuCHaDMiOo+D/IDYRFYjHOuv66xMSJ7fQwwODwRNAPkADIO/z1EoF/l2BCWlWABDw==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
-        "@babel/template": "^7.27.2",
-        "@babel/types": "^7.28.2"
+        "@babel/template": "^7.24.0",
+        "@babel/traverse": "^7.24.1",
+        "@babel/types": "^7.24.0"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
-    "node_modules/@babel/parser": {
-      "version": "7.28.0",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.0.tgz",
-      "integrity": "sha512-jVZGvOxOuNSsuQuLRTh13nU0AogFlw32w/MT+LV6D3sP5WdbW61E77RnkbaO2dUvmPAYrBDJXGn5gGS6tH4j8g==",
+    "node_modules/@babel/highlight": {
+      "version": "7.24.2",
+      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz",
+      "integrity": "sha512-Yac1ao4flkTxTteCDZLEvdxg2fZfz1v8M4QpaGypq/WPDqg3ijHYbDfs+LG5hvzSoqaSZ9/Z9lKSP3CjZjv+pA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
-        "@babel/types": "^7.28.0"
+        "@babel/helper-validator-identifier": "^7.22.20",
+        "chalk": "^2.4.2",
+        "js-tokens": "^4.0.0",
+        "picocolors": "^1.0.0"
       },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/highlight/node_modules/ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dev": true,
+      "dependencies": {
+        "color-convert": "^1.9.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/@babel/highlight/node_modules/chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "dev": true,
+      "dependencies": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/@babel/highlight/node_modules/color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "dev": true,
+      "dependencies": {
+        "color-name": "1.1.3"
+      }
+    },
+    "node_modules/@babel/highlight/node_modules/color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==",
+      "dev": true
+    },
+    "node_modules/@babel/highlight/node_modules/escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
+      "dev": true,
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "node_modules/@babel/highlight/node_modules/has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
+      "dev": true,
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/@babel/highlight/node_modules/supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dev": true,
+      "dependencies": {
+        "has-flag": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/@babel/parser": {
+      "version": "7.24.4",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz",
+      "integrity": "sha512-zTvEBcghmeBma9QIGunWevvBAp4/Qu9Bdq+2k0Ot4fVMD6v3dsC9WOcRSKk7tRRyBM/53yKMJko9xOatGQAwSg==",
+      "dev": true,
       "bin": {
         "parser": "bin/babel-parser.js"
       },
@@ -548,25 +626,26 @@
       }
     },
     "node_modules/@babel/runtime": {
-      "version": "7.28.2",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.2.tgz",
-      "integrity": "sha512-KHp2IflsnGywDjBWDkR9iEqiWSpc8GIi0lgTT3mOElT0PP1tG26P4tmFI2YvAdzgq9RGyoHZQEIEdZy6Ec5xCA==",
+      "version": "7.24.4",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.24.4.tgz",
+      "integrity": "sha512-dkxf7+hn8mFBwKjs9bvBlArzLVxVbS8usaPUDd5p2a9JCL9tB8OaOVN1isD4+Xyk4ns89/xeOmbQvgdK7IIVdA==",
       "dev": true,
-      "license": "MIT",
+      "dependencies": {
+        "regenerator-runtime": "^0.14.0"
+      },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/template": {
-      "version": "7.27.2",
-      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz",
-      "integrity": "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==",
+      "version": "7.24.0",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz",
+      "integrity": "sha512-Bkf2q8lMB0AFpX0NFEqSbx1OkTHf0f+0j82mkw+ZpzBnkk7e9Ql0891vlfgi+kHwOk8tQjiQHpqh4LaSa0fKEA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
-        "@babel/code-frame": "^7.27.1",
-        "@babel/parser": "^7.27.2",
-        "@babel/types": "^7.27.1"
+        "@babel/code-frame": "^7.23.5",
+        "@babel/parser": "^7.24.0",
+        "@babel/types": "^7.24.0"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -603,14 +682,14 @@
       }
     },
     "node_modules/@babel/types": {
-      "version": "7.28.2",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.2.tgz",
-      "integrity": "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ==",
+      "version": "7.24.0",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz",
+      "integrity": "sha512-+j7a5c253RfKh8iABBhywc8NSfP5LURe7Uh4qpsh6jc+aLJguvmIUBdjSdEMQv2bENrCR5MfRdjGo7vzS/ob7w==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
-        "@babel/helper-string-parser": "^7.27.1",
-        "@babel/helper-validator-identifier": "^7.27.1"
+        "@babel/helper-string-parser": "^7.23.4",
+        "@babel/helper-validator-identifier": "^7.22.20",
+        "to-fast-properties": "^2.0.0"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -670,11 +749,10 @@
       }
     },
     "node_modules/@eslint/eslintrc/node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
@@ -730,11 +808,10 @@
       }
     },
     "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
@@ -1266,10 +1343,9 @@
       }
     },
     "node_modules/@octokit/endpoint": {
-      "version": "9.0.6",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-9.0.6.tgz",
-      "integrity": "sha512-H1fNTMA57HbkFESSt3Y9+FBICv+0jFceJFPWDePYlR/iMGrwM5ph+Dd4XRQs+8X+PUFURLQgX9ChPfhJ/1uNQw==",
-      "license": "MIT",
+      "version": "9.0.5",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-9.0.5.tgz",
+      "integrity": "sha512-ekqR4/+PCLkEBF6qgj8WqJfvDq65RH85OAgrtnVp1mSxaXF03u2xW/hUdweGS5654IlC0wkNYC18Z50tSYTAFw==",
       "dependencies": {
         "@octokit/types": "^13.1.0",
         "universal-user-agent": "^6.0.0"
@@ -1297,10 +1373,9 @@
       "integrity": "sha512-pGUdSP+eEPfZiQHNkZI0U01HLipxncisdJQB4G//OAmfeO8sqTQ9KRa0KF03TUPCziNsoXUrTg4B2Q1EX++T0Q=="
     },
     "node_modules/@octokit/plugin-paginate-rest": {
-      "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-9.2.2.tgz",
-      "integrity": "sha512-u3KYkGF7GcZnSD/3UP0S7K5XUFT2FkOQdcfXZGZQPGv3lm4F2Xbf71lvjldr8c1H3nNbF+33cLEkWYbokGWqiQ==",
-      "license": "MIT",
+      "version": "9.2.1",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-9.2.1.tgz",
+      "integrity": "sha512-wfGhE/TAkXZRLjksFXuDZdmGnJQHvtU/joFQdweXUgzo1XwvBCD4o4+75NtFfjfLK5IwLf9vHTfSiU3sLRYpRw==",
       "dependencies": {
         "@octokit/types": "^12.6.0"
       },
@@ -1352,13 +1427,12 @@
       }
     },
     "node_modules/@octokit/request": {
-      "version": "8.4.1",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-8.4.1.tgz",
-      "integrity": "sha512-qnB2+SY3hkCmBxZsR/MPCybNmbJe4KAlfWErXq+rBKkQJlbjdJeS85VI9r8UqeLYLvnAenU8Q1okM/0MBsAGXw==",
-      "license": "MIT",
+      "version": "8.4.0",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-8.4.0.tgz",
+      "integrity": "sha512-9Bb014e+m2TgBeEJGEbdplMVWwPmL1FPtggHQRkV+WVsMggPtEkLKPlcVYm/o8xKLkpJ7B+6N8WfQMtDLX2Dpw==",
       "dependencies": {
-        "@octokit/endpoint": "^9.0.6",
-        "@octokit/request-error": "^5.1.1",
+        "@octokit/endpoint": "^9.0.1",
+        "@octokit/request-error": "^5.1.0",
         "@octokit/types": "^13.1.0",
         "universal-user-agent": "^6.0.0"
       },
@@ -1367,10 +1441,9 @@
       }
     },
     "node_modules/@octokit/request-error": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.1.1.tgz",
-      "integrity": "sha512-v9iyEQJH6ZntoENr9/yXxjuezh4My67CBSu9r6Ve/05Iu5gNgnisNWOsoJHTP6k0Rr0+HQIpnH+kyammu90q/g==",
-      "license": "MIT",
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.1.0.tgz",
+      "integrity": "sha512-GETXfE05J0+7H2STzekpKObFe765O5dlAKUTLNGeH+x47z7JjXHfsHKo5z21D/o/IOZTUEI6nyWyR+bZVP/n5Q==",
       "dependencies": {
         "@octokit/types": "^13.1.0",
         "deprecation": "^2.0.0",
@@ -2165,11 +2238,10 @@
       "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ=="
     },
     "node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0"
       }
@@ -2430,11 +2502,10 @@
       }
     },
     "node_modules/cross-spawn": {
-      "version": "7.0.6",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
-      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
+      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "path-key": "^3.1.0",
         "shebang-command": "^2.0.0",
@@ -3104,11 +3175,10 @@
       }
     },
     "node_modules/eslint-plugin-import/node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
@@ -3203,11 +3273,10 @@
       }
     },
     "node_modules/eslint-plugin-jsx-a11y/node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
@@ -3302,11 +3371,10 @@
       }
     },
     "node_modules/eslint/node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
@@ -3768,11 +3836,10 @@
       }
     },
     "node_modules/glob/node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
@@ -4568,11 +4635,10 @@
       }
     },
     "node_modules/jake/node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
@@ -5182,8 +5248,7 @@
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
       "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
-      "dev": true,
-      "license": "MIT"
+      "dev": true
     },
     "node_modules/js-yaml": {
       "version": "4.1.0",
@@ -5463,13 +5528,12 @@
       }
     },
     "node_modules/micromatch": {
-      "version": "4.0.8",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
-      "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
+      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
-        "braces": "^3.0.3",
+        "braces": "^3.0.2",
         "picomatch": "^2.3.1"
       },
       "engines": {
@@ -5805,11 +5869,10 @@
       }
     },
     "node_modules/picocolors": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
-      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==",
-      "dev": true,
-      "license": "ISC"
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz",
+      "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==",
+      "dev": true
     },
     "node_modules/picomatch": {
       "version": "2.3.1",
@@ -6052,6 +6115,12 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/regenerator-runtime": {
+      "version": "0.14.1",
+      "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.14.1.tgz",
+      "integrity": "sha512-dYnhHh0nJoMfnkZs6GmmhFknAGRrLznOu5nc9ML+EJxGvrx6H7teuevqVqCuPcPK//3eDrrjQhehXVx9cnkGdw==",
+      "dev": true
+    },
     "node_modules/regexp.prototype.flags": {
       "version": "1.5.2",
       "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.2.tgz",
@@ -6553,11 +6622,10 @@
       }
     },
     "node_modules/test-exclude/node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
@@ -6587,6 +6655,15 @@
       "integrity": "sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==",
       "dev": true
     },
+    "node_modules/to-fast-properties": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz",
+      "integrity": "sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==",
+      "dev": true,
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/to-regex-range": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
@@ -6853,10 +6930,9 @@
       }
     },
     "node_modules/undici": {
-      "version": "5.29.0",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
-      "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
-      "license": "MIT",
+      "version": "5.28.4",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz",
+      "integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==",
       "dependencies": {
         "@fastify/busboy": "^2.0.0"
       },

package.json

@@ -1,6 +1,6 @@
 {
   "name": "checkout",
-  "version": "4.3.0",
+  "version": "4.2.2",
   "description": "checkout action",
   "main": "lib/main.js",
   "scripts": {

src/git-auth-helper.ts

@@ -346,58 +346,8 @@ class GitAuthHelper {
   }
 
   private async removeToken(): Promise<void> {
-    // Remove HTTP extra header from local git config and submodule configs
+    // HTTP extra header
     await this.removeGitConfig(this.tokenConfigKey)
-
-    //
-    // Cleanup actions/checkout@v6 style credentials
-    //
-    const skipV6Cleanup = process.env['ACTIONS_CHECKOUT_SKIP_V6_CLEANUP']
-    if (skipV6Cleanup === '1' || skipV6Cleanup?.toLowerCase() === 'true') {
-      core.debug(
-        'Skipping v6 style cleanup due to ACTIONS_CHECKOUT_SKIP_V6_CLEANUP'
-      )
-      return
-    }
-
-    try {
-      // Collect credentials config paths that need to be removed
-      const credentialsPaths = new Set<string>()
-
-      // Remove includeIf entries that point to git-credentials-*.config files
-      const mainCredentialsPaths = await this.removeIncludeIfCredentials()
-      mainCredentialsPaths.forEach(path => credentialsPaths.add(path))
-
-      // Remove submodule includeIf entries that point to git-credentials-*.config files
-      try {
-        const submoduleConfigPaths =
-          await this.git.getSubmoduleConfigPaths(true)
-        for (const configPath of submoduleConfigPaths) {
-          const submoduleCredentialsPaths =
-            await this.removeIncludeIfCredentials(configPath)
-          submoduleCredentialsPaths.forEach(path => credentialsPaths.add(path))
-        }
-      } catch (err) {
-        core.debug(`Unable to get submodule config paths: ${err}`)
-      }
-
-      // Remove credentials config files
-      for (const credentialsPath of credentialsPaths) {
-        // Only remove credentials config files if they are under RUNNER_TEMP
-        const runnerTemp = process.env['RUNNER_TEMP']
-        if (runnerTemp && credentialsPath.startsWith(runnerTemp)) {
-          try {
-            await io.rmRF(credentialsPath)
-          } catch (err) {
-            core.debug(
-              `Failed to remove credentials config '${credentialsPath}': ${err}`
-            )
-          }
-        }
-      }
-    } catch (err) {
-      core.debug(`Failed to cleanup v6 style credentials: ${err}`)
-    }
   }
 
   private async removeGitConfig(
@@ -421,59 +371,4 @@ class GitAuthHelper {
       true
     )
   }
-
-  /**
-   * Removes includeIf entries that point to git-credentials-*.config files.
-   * This handles cleanup of credentials configured by newer versions of the action.
-   * @param configPath Optional path to a specific git config file to operate on
-   * @returns Array of unique credentials config file paths that were found and removed
-   */
-  private async removeIncludeIfCredentials(
-    configPath?: string
-  ): Promise<string[]> {
-    const credentialsPaths = new Set<string>()
-
-    try {
-      // Get all includeIf.gitdir keys
-      const keys = await this.git.tryGetConfigKeys(
-        '^includeIf\\.gitdir:',
-        false, // globalConfig?
-        configPath
-      )
-
-      for (const key of keys) {
-        // Get all values for this key
-        const values = await this.git.tryGetConfigValues(
-          key,
-          false, // globalConfig?
-          configPath
-        )
-        if (values.length > 0) {
-          // Remove only values that match git-credentials-<uuid>.config pattern
-          for (const value of values) {
-            if (this.testCredentialsConfigPath(value)) {
-              credentialsPaths.add(value)
-              await this.git.tryConfigUnsetValue(key, value, false, configPath)
-            }
-          }
-        }
-      }
-    } catch (err) {
-      // Ignore errors - this is cleanup code
-      core.debug(
-        `Error during includeIf cleanup${configPath ? ` for ${configPath}` : ''}: ${err}`
-      )
-    }
-
-    return Array.from(credentialsPaths)
-  }
-
-  /**
-   * Tests if a path matches the git-credentials-*.config pattern used by newer versions.
-   * @param path The path to test
-   * @returns True if the path matches the credentials config pattern
-   */
-  private testCredentialsConfigPath(path: string): boolean {
-    return /git-credentials-[0-9a-f-]+\.config$/i.test(path)
-  }
 }

src/git-command-manager.ts

@@ -41,7 +41,6 @@ export interface IGitCommandManager {
     }
   ): Promise<void>
   getDefaultBranch(repositoryUrl: string): Promise<string>
-  getSubmoduleConfigPaths(recursive: boolean): Promise<string[]>
   getWorkingDirectory(): string
   init(): Promise<void>
   isDetached(): Promise<boolean>
@@ -60,24 +59,8 @@ export interface IGitCommandManager {
   tagExists(pattern: string): Promise<boolean>
   tryClean(): Promise<boolean>
   tryConfigUnset(configKey: string, globalConfig?: boolean): Promise<boolean>
-  tryConfigUnsetValue(
-    configKey: string,
-    configValue: string,
-    globalConfig?: boolean,
-    configFile?: string
-  ): Promise<boolean>
   tryDisableAutomaticGarbageCollection(): Promise<boolean>
   tryGetFetchUrl(): Promise<string>
-  tryGetConfigValues(
-    configKey: string,
-    globalConfig?: boolean,
-    configFile?: string
-  ): Promise<string[]>
-  tryGetConfigKeys(
-    pattern: string,
-    globalConfig?: boolean,
-    configFile?: string
-  ): Promise<string[]>
   tryReset(): Promise<boolean>
   version(): Promise<GitVersion>
 }
@@ -340,21 +323,6 @@ class GitCommandManager {
     throw new Error('Unexpected output when retrieving default branch')
   }
 
-  async getSubmoduleConfigPaths(recursive: boolean): Promise<string[]> {
-    // Get submodule config file paths.
-    // Use `--show-origin` to get the config file path for each submodule.
-    const output = await this.submoduleForeach(
-      `git config --local --show-origin --name-only --get-regexp remote.origin.url`,
-      recursive
-    )
-
-    // Extract config file paths from the output (lines starting with "file:").
-    const configPaths =
-      output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || []
-
-    return configPaths
-  }
-
   getWorkingDirectory(): string {
     return this.workingDirectory
   }
@@ -487,24 +455,6 @@ class GitCommandManager {
     return output.exitCode === 0
   }
 
-  async tryConfigUnsetValue(
-    configKey: string,
-    configValue: string,
-    globalConfig?: boolean,
-    configFile?: string
-  ): Promise<boolean> {
-    const args = ['config']
-    if (configFile) {
-      args.push('--file', configFile)
-    } else {
-      args.push(globalConfig ? '--global' : '--local')
-    }
-    args.push('--unset', configKey, configValue)
-
-    const output = await this.execGit(args, true)
-    return output.exitCode === 0
-  }
-
   async tryDisableAutomaticGarbageCollection(): Promise<boolean> {
     const output = await this.execGit(
       ['config', '--local', 'gc.auto', '0'],
@@ -531,56 +481,6 @@ class GitCommandManager {
     return stdout
   }
 
-  async tryGetConfigValues(
-    configKey: string,
-    globalConfig?: boolean,
-    configFile?: string
-  ): Promise<string[]> {
-    const args = ['config']
-    if (configFile) {
-      args.push('--file', configFile)
-    } else {
-      args.push(globalConfig ? '--global' : '--local')
-    }
-    args.push('--get-all', configKey)
-
-    const output = await this.execGit(args, true)
-
-    if (output.exitCode !== 0) {
-      return []
-    }
-
-    return output.stdout
-      .trim()
-      .split('\n')
-      .filter(value => value.trim())
-  }
-
-  async tryGetConfigKeys(
-    pattern: string,
-    globalConfig?: boolean,
-    configFile?: string
-  ): Promise<string[]> {
-    const args = ['config']
-    if (configFile) {
-      args.push('--file', configFile)
-    } else {
-      args.push(globalConfig ? '--global' : '--local')
-    }
-    args.push('--name-only', '--get-regexp', pattern)
-
-    const output = await this.execGit(args, true)
-
-    if (output.exitCode !== 0) {
-      return []
-    }
-
-    return output.stdout
-      .trim()
-      .split('\n')
-      .filter(key => key.trim())
-  }
-
   async tryReset(): Promise<boolean> {
     const output = await this.execGit(['reset', '--hard', 'HEAD'], true)
     return output.exitCode === 0