Comparing changes

Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.12 to 29.5.14. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest) --- updated-dependencies: - dependency-name: "@types/jest" dependency-version: 29.5.14 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump @actions/tool-cache from 2.0.1 to 2.0.2 Bumps [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache) from 2.0.1 to 2.0.2. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache) --- updated-dependencies: - dependency-name: "@actions/tool-cache" dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Fix failures --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <[email protected]>

Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.62.0 to 8.32.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.32.0/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-version: 8.32.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump undici from 5.28.5 to 5.29.0 Bumps [undici](https://github.com/nodejs/undici) from 5.28.5 to 5.29.0. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.5...v5.29.0) --- updated-dependencies: - dependency-name: undici dependency-version: 5.29.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Fix CI failures --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <[email protected]>

* Bump typescript from 5.4.2 to 5.7.3 Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.4.2 to 5.7.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml) - [Commits](microsoft/TypeScript@v5.4.2...v5.7.3) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Fix low security alert --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <[email protected]>

Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 28.11.0 to 29.0.1. - [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases) - [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md) - [Commits](jest-community/eslint-plugin-jest@v28.11.0...v29.0.1) --- updated-dependencies: - dependency-name: eslint-plugin-jest dependency-version: 29.0.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

The vulnerability: $ npm audit --audit-level=high # npm audit report form-data >=4.0.0 <4.0.4 || <2.5.4 Severity: critical form-data uses unsafe random function in form-data for choosing boundary - GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundary - GHSA-fjxv-7rqg-78g4 fix available via `npm audit fix` node_modules/@azure/core-http/node_modules/form-data node_modules/@types/node-fetch/node_modules/form-data node_modules/form-data 1 critical severity vulnerability To address all issues, run: npm audit fix This change is the result of from running `npm audit fix` and then using[1] to update licenses via `licensed cache`. It doesn't look like `dependabot` previously raised any PRs for this dependency, so this bumps it from `4.0.0` to `4.0.4`, see the changelog[2] for details. Link: https://github.com/licensee/licensed [1] Link: https://github.com/form-data/form-data/blob/v4.0.4/CHANGELOG.md [2]

* Configure environment to avoid toolchain installs Force `go` to always use the local toolchain (i.e. the one the one that shipped with the go command being run) via setting the `GOTOOLCHAIN` environment variable to `local`[1]: > When GOTOOLCHAIN is set to local, the go command always runs the bundled Go toolchain. This is how things are setup in the official Docker images (e.g.[2], see also the discussion around that change[3]). The motivation behind this is to: * Reduce duplicate work: if the `toolchain` version in `go.mod` was greated than the `go` version, the version from the `go` directive would be installed, then Go would detect the `toolchain` version and additionally install that * Avoid Unexpected behaviour: if you specify this action runs with some Go version (e.g. `1.21.0`) but your go.mod contains a `toolchain` or `go` directive for a newer version (e.g. `1.22.0`) then, without any other configuration/environment setup, any go commands will be run using go `1.22.0` This will be a **breaking change** for some workflows. Given a `go.mod` like: module proj go 1.22.0 Then running any `go` command, e.g. `go mod tidy`, in an environment where only go versions before `1.22.0` were installed would previously trigger a toolchain download of Go `1.22.0` and that version being used to execute the command. With this change the above would error out with something like: > go: go.mod requires go >= 1.22.0 (running go 1.21.7; GOTOOLCHAIN=local) [1] https://go.dev/doc/toolchain#select [2] https://github.com/docker-library/golang/blob/dae3405a325073e8ad7c8c378ebdf2540d8565c4/Dockerfile-linux.template#L163 [3] docker-library/golang#472 * Prefer installing version from `toolchain` directive Prefer this over the version from the `go` directive. Per the docs[1] > The toolchain line declares a suggested toolchain to use with the module or workspace It seems reasonable to use this, since running this action in a directory containing a `go.mod` (or `go.work`) suggests the user is wishing to work _with the module or workspace_. Link: https://go.dev/doc/toolchain#config [1] Issue: #457 * squash! Configure environment to avoid toolchain installs Only modify env if `GOTOOLCHAIN` is not set * squash! Prefer installing version from `toolchain` directive Avoid installing from `toolchain` if `GOTOOLCHAIN` is `local`, also better regex for matching toolchain directive

* Node 24 upgrade Doing an upgrade for node 24, node 24 is stricter with types so need to add a type for achitecture * format * package updates * fix for check failures * upgrade @types/node * update package.json version * check failure fix * package-lock.json update * update node24 * npm run format * npm run format * node update from the workflows * Upgrade `actions/checkout` to v5 and `actions/setup-go` to v6 in README.md --------- Co-authored-by: Aparna Jyothi <[email protected]> Co-authored-by: Priya Gupta <[email protected]>

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comparing changes

Open a pull request

Commits on Jun 11, 2025

Commits on Jun 18, 2025

Commits on Jul 7, 2025

Commits on Jul 8, 2025

Commits on Jul 11, 2025

Commits on Jul 16, 2025

Commits on Aug 13, 2025

Commits on Aug 29, 2025

Commits on Sep 4, 2025

This comparison is taking too long to generate.

Uh oh!