actions/setup-node
1
0
Fork 0
mirror of https://github.com/actions/setup-node.git synced 2026-06-08 13:33:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: actions:30164f5c9dc71cd17d0837558637f1d6a028d77a
Branches Tags
actions:main actions:dependabot/npm_and_yarn/fast-xml-builder-1.2.0 actions:dependabot/npm_and_yarn/fast-xml-parser-5.7.1 actions:dependabot/npm_and_yarn/multi-fa4ce633fc actions:dependabot/github_actions/pnpm/action-setup-6 actions:dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-8.58.0 actions:copilot/research-node-auth-token-usage actions:dependabot/npm_and_yarn/multi-954fefb278 actions:dependabot/npm_and_yarn/eslint-9.39.2 actions:dependabot/npm_and_yarn/jest-circus-30.2.0 actions:dependabot/npm_and_yarn/typescript-eslint/parser-8.46.2 actions:macos-15-x64-runner-test actions:test-macos-x64-runner actions:releases/v5 actions:releases/v3 actions:releases/v4 actions:Node-Test-app actions:update-memoization actions:update-temp-ditectory-creation actions:releases/v2 actions:kotewar/update-actions-cache-version actions:tiwarishub/cache-30 actions:thboop/node16upgrade actions:servicing/v1 actions:malob/adr-caching-monorepos actions:malob/update-readme actions:v-mazhuk/automate-releasing-new-versions actions:malob/cache-adr actions:updates actions:master actions:v-malob/update-readme-v2 actions:releases/v1
actions:v6.4.0 actions:v6 actions:v6.3.0 actions:v6.2.0 actions:v6.1.0 actions:v6.0.0 actions:v5 actions:v5.0.0 actions:v3.9.1 actions:v3.9.0 actions:v4.4.0 actions:v4.3.0 actions:v4.2.0 actions:v4.1.0 actions:v4.0.4 actions:v4 actions:v4.0.3 actions:v4.0.2 actions:v4.0.1 actions:v4.0.0 actions:v3 actions:v3.8.2 actions:v3.8.1 actions:v3.8.0 actions:v3.7.0 actions:v2 actions:v2.5.2 actions:v3.6.0 actions:v3.5.1 actions:v3.5.0 actions:v3.4.1 actions:v3.4.0 actions:v3.3.0 actions:v3.2.0 actions:v3.1.1 actions:v3.1.0 actions:v3.0.0 actions:v2.5.1 actions:v2.5.0 actions:v2.4.1 actions:v2.4.0 actions:v2.3.2 actions:v1 actions:v1.4.6 actions:v1.4.5 actions:v2.3.1 actions:v2.3.0 actions:v2.2.0 actions:v2.1.5 actions:v2.1.4 actions:v2-beta actions:v2.1.3 actions:v2.1.2 actions:v1.4.4 actions:v1.4.3 actions:v2.1.1 actions:v2.1.0 actions:v2.0.0 actions:v1.4.2 actions:v1.4.1 actions:v1.4.0 actions:v1.3.0 actions:v1.2.0 actions:v1.1.2 actions:v1.1.1 actions:v1.1.0 actions:v1.0.4 actions:v1.0.3 actions:v1.0.2 actions:v1.0.1 actions:v1.0.0
..
compare: actions:copilot/research-node-auth-token-usage
Branches Tags
actions:main actions:dependabot/npm_and_yarn/fast-xml-builder-1.2.0 actions:dependabot/npm_and_yarn/fast-xml-parser-5.7.1 actions:dependabot/npm_and_yarn/multi-fa4ce633fc actions:dependabot/github_actions/pnpm/action-setup-6 actions:dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-8.58.0 actions:copilot/research-node-auth-token-usage actions:dependabot/npm_and_yarn/multi-954fefb278 actions:dependabot/npm_and_yarn/eslint-9.39.2 actions:dependabot/npm_and_yarn/jest-circus-30.2.0 actions:dependabot/npm_and_yarn/typescript-eslint/parser-8.46.2 actions:macos-15-x64-runner-test actions:test-macos-x64-runner actions:releases/v5 actions:releases/v3 actions:releases/v4 actions:Node-Test-app actions:update-memoization actions:update-temp-ditectory-creation actions:releases/v2 actions:kotewar/update-actions-cache-version actions:tiwarishub/cache-30 actions:thboop/node16upgrade actions:servicing/v1 actions:malob/adr-caching-monorepos actions:malob/update-readme actions:v-mazhuk/automate-releasing-new-versions actions:malob/cache-adr actions:updates actions:master actions:v-malob/update-readme-v2 actions:releases/v1
actions:v6.4.0 actions:v6 actions:v6.3.0 actions:v6.2.0 actions:v6.1.0 actions:v6.0.0 actions:v5 actions:v5.0.0 actions:v3.9.1 actions:v3.9.0 actions:v4.4.0 actions:v4.3.0 actions:v4.2.0 actions:v4.1.0 actions:v4.0.4 actions:v4 actions:v4.0.3 actions:v4.0.2 actions:v4.0.1 actions:v4.0.0 actions:v3 actions:v3.8.2 actions:v3.8.1 actions:v3.8.0 actions:v3.7.0 actions:v2 actions:v2.5.2 actions:v3.6.0 actions:v3.5.1 actions:v3.5.0 actions:v3.4.1 actions:v3.4.0 actions:v3.3.0 actions:v3.2.0 actions:v3.1.1 actions:v3.1.0 actions:v3.0.0 actions:v2.5.1 actions:v2.5.0 actions:v2.4.1 actions:v2.4.0 actions:v2.3.2 actions:v1 actions:v1.4.6 actions:v1.4.5 actions:v2.3.1 actions:v2.3.0 actions:v2.2.0 actions:v2.1.5 actions:v2.1.4 actions:v2-beta actions:v2.1.3 actions:v2.1.2 actions:v1.4.4 actions:v1.4.3 actions:v2.1.1 actions:v2.1.0 actions:v2.0.0 actions:v1.4.2 actions:v1.4.1 actions:v1.4.0 actions:v1.3.0 actions:v1.2.0 actions:v1.1.2 actions:v1.1.1 actions:v1.1.0 actions:v1.0.4 actions:v1.0.3 actions:v1.0.2 actions:v1.0.1 actions:v1.0.0

1 Commits
30164f5c9d ... copilot/re

Author SHA1 Message Date
dependabot[bot]
53b83947a5 Bump minimatch from 3.1.2 to 3.1.5 (#1498) 
* Bump minimatch from 3.1.2 to 3.1.3

Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.3.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.3)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Check failure fix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: gowridurgad <gowridurgad@gmail.com>
 2026-03-02 15:21:49 -06:00
9 changed files with 387 additions and 270 deletions
Expand all files Collapse all files

32
.licenses/npm/fast-xml-builder.dep.yml generated Normal file
View File

@@ -0,0 +1,32 @@
---
name: fast-xml-builder
version: 1.0.0
type: npm
summary: Build XML from JSON without C/C++ based libraries
homepage:
license: mit
licenses:
- sources: LICENSE
text: |
MIT License
Copyright (c) 2026 Natural Intelligence
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
notices: []

2
.licenses/npm/fast-xml-parser.dep.yml generated
View File

@@ -1,6 +1,6 @@
---
name: fast-xml-parser
version: 5.3.4
version: 5.4.1
type: npm
summary: Validate XML, Parse XML, Build XML without C/C++ based libraries
homepage:

4
.licenses/npm/minimatch.dep.yml generated
View File

@@ -1,9 +1,9 @@
---
name: minimatch
version: 3.1.2
version: 3.1.5
type: npm
summary: a glob matcher in javascript
homepage: https://github.com/isaacs/minimatch#readme
homepage:
license: isc
licenses:
- sources: LICENSE

20
.licenses/npm/uuid.dep.yml generated
View File

@@ -1,20 +0,0 @@
---
name: uuid
version: 11.1.0
type: npm
summary: RFC9562 UUIDs
homepage:
license: mit
licenses:
- sources: LICENSE.md
text: |
The MIT License (MIT)
Copyright (c) 2010-2020 Robert Kieffer and other contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
notices: []

18
__tests__/authutil.test.ts
View File

@@ -118,24 +118,6 @@ describe('authutil tests', () => {
expect(process.env.NODE_AUTH_TOKEN).toEqual('foobar');
});
it('should not export NODE_AUTH_TOKEN if not set (OIDC support)', async () => {
// Clean NODE_AUTH_TOKEN from environment
delete process.env.NODE_AUTH_TOKEN;
await auth.configAuthentication('https://registry.npmjs.org/');
expect(fs.statSync(rcFile)).toBeDefined();
// NODE_AUTH_TOKEN should not be exported to environment if not initially set
// This allows OIDC authentication to work properly
const rc = readRcFile(rcFile);
expect(rc['registry']).toBe('https://registry.npmjs.org/');
});
it('should export empty string NODE_AUTH_TOKEN if explicitly set to empty (OIDC support)', async () => {
process.env.NODE_AUTH_TOKEN = '';
await auth.configAuthentication('https://registry.npmjs.org/');
expect(fs.statSync(rcFile)).toBeDefined();
expect(process.env.NODE_AUTH_TOKEN).toEqual('');
});
it('configAuthentication should overwrite non-scoped with non-scoped', async () => {
fs.writeFileSync(rcFile, 'registry=NNN');
await auth.configAuthentication('https://registry.npmjs.org/');

264
dist/cache-save/index.js vendored
View File

File diff suppressed because one or more lines are too long

272
dist/setup/index.js vendored
View File

File diff suppressed because one or more lines are too long

34
package-lock.json generated
View File

@@ -521,7 +521,6 @@
"integrity": "sha512-e7jT4DxYvIDLk1ZHmU/m/mB19rex9sv0c2ftBtjSBv+kVM/902eh0fINUzD7UwLLNR+jU585GxUJ8/EBfAM5fw==",
"dev": true,
"license": "MIT",
"peer": true,
"dependencies": {
"@babel/code-frame": "^7.27.1",
"@babel/generator": "^7.28.5",
@@ -2215,9 +2214,9 @@
}
},
"node_modules/ajv": {
"version": "6.12.6",
"resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
"integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
"version": "6.14.0",
"resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
"integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -3342,10 +3341,22 @@
"dev": true,
"license": "MIT"
},
"node_modules/fast-xml-builder": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.0.0.tgz",
"integrity": "sha512-fpZuDogrAgnyt9oDDz+5DBz0zgPdPZz6D4IR7iESxRXElrlGTRkHJ9eEt+SACRJwT0FNFrt71DFQIUFBJfX/uQ==",
"funding": [
{
"type": "github",
"url": "https://github.com/sponsors/NaturalIntelligence"
}
],
"license": "MIT"
},
"node_modules/fast-xml-parser": {
"version": "5.3.4",
"resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.4.tgz",
"integrity": "sha512-EFd6afGmXlCx8H8WTZHhAoDaWaGyuIBoZJ2mknrNxug+aZKjkp0a0dlars9Izl+jF+7Gu1/5f/2h68cQpe0IiA==",
"version": "5.4.1",
"resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.4.1.tgz",
"integrity": "sha512-BQ30U1mKkvXQXXkAGcuyUA/GA26oEB7NzOtsxCDtyu62sjGw5QraKFhx2Em3WQNjPw9PG6MQ9yuIIgkSDfGu5A==",
"funding": [
{
"type": "github",
@@ -3354,7 +3365,8 @@
],
"license": "MIT",
"dependencies": {
"strnum": "^2.1.0"
"fast-xml-builder": "^1.0.0",
"strnum": "^2.1.2"
},
"bin": {
"fxparser": "src/cli/cli.js"
@@ -4770,9 +4782,9 @@
}
},
"node_modules/minimatch": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
"integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
"version": "3.1.5",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"

11
src/authutil.ts
View File

@@ -46,10 +46,9 @@ function writeRegistryToFile(registryUrl: string, fileLocation: string) {
newContents += `${authString}${os.EOL}${registryString}`;
fs.writeFileSync(fileLocation, newContents);
core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation);
// Only export NODE_AUTH_TOKEN if explicitly provided by user
// This is required to support NPM OIDC tokens which need NODE_AUTH_TOKEN to be unset
// See: https://github.com/actions/setup-node/issues/1440
if (Object.prototype.hasOwnProperty.call(process.env, 'NODE_AUTH_TOKEN')) {
core.exportVariable('NODE_AUTH_TOKEN', process.env.NODE_AUTH_TOKEN);
}
// Export empty node_auth_token if didn't exist so npm doesn't complain about not being able to find it
core.exportVariable(
'NODE_AUTH_TOKEN',
process.env.NODE_AUTH_TOKEN || 'XXXXX-XXXXX-XXXXX-XXXXX'
);
}