From dd50a9e2354a8e8cb0a1f4a46b4546071f420a05 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Apr 2026 05:51:16 +0000 Subject: [PATCH 1/3] Bump fast-xml-parser from 5.5.11 to 5.7.1 Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.5.11 to 5.7.1. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.11...v5.7.1) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.7.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index eabbf3fc..28130045 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1553,6 +1553,18 @@ "@jridgewell/sourcemap-codec": "^1.4.14" } }, + "node_modules/@nodable/entities": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/@nodable/entities/-/entities-2.1.0.tgz", + "integrity": "sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/nodable" + } + ], + "license": "MIT" + }, "node_modules/@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", @@ -3320,9 +3332,9 @@ "license": "MIT" }, "node_modules/fast-xml-builder": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.4.tgz", - "integrity": "sha512-f2jhpN4Eccy0/Uz9csxh3Nu6q4ErKxf0XIsasomfOihuSUa3/xw6w8dnOtCDgEItQFJG8KyXPzQXzcODDrrbOg==", + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.5.tgz", + "integrity": "sha512-4TJn/8FKLeslLAH3dnohXqE3QSoxkhvaMzepOIZytwJXZO69Bfz0HBdDHzOTOon6G59Zrk6VQ2bEiv1t61rfkA==", "funding": [ { "type": "github", @@ -3335,9 +3347,9 @@ } }, "node_modules/fast-xml-parser": { - "version": "5.5.11", - "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.5.11.tgz", - "integrity": "sha512-QL0eb0YbSTVWF6tTf1+LEMSgtCEjBYPpnAjoLC8SscESlAjXEIRJ7cHtLG0pLeDFaZLa4VKZLArtA/60ZS7vyA==", + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.7.1.tgz", + "integrity": "sha512-8Cc3f8GUGUULg34pBch/KGyPLglS+OFs05deyOlY7fL2MTagYPKrVQNmR1fLF/yJ9PH5ZSTd3YDF6pnmeZU+zA==", "funding": [ { "type": "github", @@ -3346,8 +3358,9 @@ ], "license": "MIT", "dependencies": { - "fast-xml-builder": "^1.1.4", - "path-expression-matcher": "^1.4.0", + "@nodable/entities": "^2.1.0", + "fast-xml-builder": "^1.1.5", + "path-expression-matcher": "^1.5.0", "strnum": "^2.2.3" }, "bin": { @@ -4977,9 +4990,9 @@ } }, "node_modules/path-expression-matcher": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.4.0.tgz", - "integrity": "sha512-s4DQMxIdhj3jLFWd9LxHOplj4p9yQ4ffMGowFf3cpEgrrJjEhN0V5nxw4Ye1EViAGDoL4/1AeO6qHpqYPOzE4Q==", + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.5.0.tgz", + "integrity": "sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ==", "funding": [ { "type": "github", From ad1b57eb8159e2fd3cc753317dd4a4016287218f Mon Sep 17 00:00:00 2001 From: priya-kinthali <147703874+priya-kinthali@users.noreply.github.com> Date: Wed, 27 May 2026 04:21:36 +0530 Subject: [PATCH 2/3] docs: Update restore-only cache documentation (#1550) * update restore-only cache example in advanced-usage.md * fix copilot suggestion * update naming --- docs/advanced-usage.md | 65 ++++++++++++++++++++++++++---------------- 1 file changed, 40 insertions(+), 25 deletions(-) diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index 2671a6ad..5f0edfb0 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -329,36 +329,51 @@ steps: - run: npm test ``` -**Restore-Only Cache** +**Restore-only cache** + +You can restore caches without saving new entries, which helps reduce cache writes and storage usage in read-only cache workflows. ```yaml -## In some workflows, you may want to restore a cache without saving it. This can help reduce cache writes and storage usage in workflows that only need to read from cache -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - # Restore Node.js modules cache (restore-only) - - name: Restore Node modules cache - uses: actions/cache@v5 - id: cache-node-modules - with: - path: ~/.npm - key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- - # Setup Node.js - - name: Setup Node.js - uses: actions/setup-node@v6 - with: - node-version: '24' - # Install dependencies - - run: npm install +steps: +- uses: actions/checkout@v6 +# - uses: pnpm/action-setup@v6 +# with: +# version: 10 + +- name: Setup Node.js + uses: actions/setup-node@v6 + with: + node-version: '24' + +- name: Normalize runner architecture + shell: bash + run: echo "ARCH=$(echo '${{ runner.arch }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV + +- name: Output of cache path + id: cachepath + shell: bash + run: echo "path=$(npm config get cache)" >> $GITHUB_OUTPUT + # run: echo "path=$(pnpm store path --silent)" >> $GITHUB_OUTPUT + # For yarn workflow, output of yarn cache dir (v1) or yarn config get cacheFolder (v2+) + # run: echo "path=$(yarn cache dir)" >> $GITHUB_OUTPUT + +- name: Restore Node cache + uses: actions/cache/restore@v5 + with: + path: ${{ steps.cachepath.outputs.path }} + key: node-cache-${{ runner.os }}-${{ env.ARCH }}-npm-${{ hashFiles('**/package-lock.json') }} + # key: node-cache-${{ runner.os }}-${{ env.ARCH }}-yarn-${{ hashFiles('**/yarn.lock') }} + # key: node-cache-${{ runner.os }}-${{ env.ARCH }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }} + +- run: npm ci +# - run: yarn install --frozen-lockfile # optional, --immutable +# - run: pnpm install ``` +> **Note**: Uncomment the commands relevant to your project's package manager. -> For more details related to cache scenarios, please refer [Node – npm](https://github.com/actions/cache/blob/main/examples.md#node---npm). +> For more details related to cache scenarios, please refer [actions/cache/restore](https://github.com/actions/cache/tree/main/restore#only-restore-cache). -## Multiple Operating Systems and Architectures +## Multiple operating systems and architectures ```yaml jobs: From 0355742c943ddb13ca8a6b700f824231caa91e75 Mon Sep 17 00:00:00 2001 From: gowridurgad <159780674+gowridurgad@users.noreply.github.com> Date: Thu, 28 May 2026 08:26:31 +0530 Subject: [PATCH 3/3] Remove dummy NODE_AUTH_TOKEN export (#1558) Co-authored-by: gowridurgad --- __tests__/authutil.test.ts | 21 +++++++++++++++++++++ dist/setup/index.js | 6 ++++-- src/authutil.ts | 9 ++++----- 3 files changed, 29 insertions(+), 7 deletions(-) diff --git a/__tests__/authutil.test.ts b/__tests__/authutil.test.ts index d5f6c195..d884e23c 100644 --- a/__tests__/authutil.test.ts +++ b/__tests__/authutil.test.ts @@ -118,6 +118,27 @@ describe('authutil tests', () => { expect(process.env.NODE_AUTH_TOKEN).toEqual('foobar'); }); + it('should not export NODE_AUTH_TOKEN if not set in environment', async () => { + const exportSpy = jest.spyOn(core, 'exportVariable'); + delete process.env.NODE_AUTH_TOKEN; + await auth.configAuthentication('https://registry.npmjs.org/'); + expect(fs.statSync(rcFile)).toBeDefined(); + const rc = readRcFile(rcFile); + expect(rc['registry']).toBe('https://registry.npmjs.org/'); + expect(exportSpy).not.toHaveBeenCalledWith( + 'NODE_AUTH_TOKEN', + expect.anything() + ); + }); + + it('should export NODE_AUTH_TOKEN if set to empty string', async () => { + const exportSpy = jest.spyOn(core, 'exportVariable'); + process.env.NODE_AUTH_TOKEN = ''; + await auth.configAuthentication('https://registry.npmjs.org/'); + expect(fs.statSync(rcFile)).toBeDefined(); + expect(exportSpy).toHaveBeenCalledWith('NODE_AUTH_TOKEN', ''); + }); + it('configAuthentication should overwrite non-scoped with non-scoped', async () => { fs.writeFileSync(rcFile, 'registry=NNN'); await auth.configAuthentication('https://registry.npmjs.org/'); diff --git a/dist/setup/index.js b/dist/setup/index.js index 90d70cfc..8a86b779 100644 --- a/dist/setup/index.js +++ b/dist/setup/index.js @@ -78875,8 +78875,10 @@ function writeRegistryToFile(registryUrl, fileLocation) { newContents += `${authString}${os.EOL}${registryString}`; fs.writeFileSync(fileLocation, newContents); core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation); - // Export empty node_auth_token if didn't exist so npm doesn't complain about not being able to find it - core.exportVariable('NODE_AUTH_TOKEN', process.env.NODE_AUTH_TOKEN || 'XXXXX-XXXXX-XXXXX-XXXXX'); + // Only export NODE_AUTH_TOKEN if explicitly provided by user + if (Object.prototype.hasOwnProperty.call(process.env, 'NODE_AUTH_TOKEN')) { + core.exportVariable('NODE_AUTH_TOKEN', process.env.NODE_AUTH_TOKEN); + } } diff --git a/src/authutil.ts b/src/authutil.ts index e4b823bd..37d8cfe1 100644 --- a/src/authutil.ts +++ b/src/authutil.ts @@ -46,9 +46,8 @@ function writeRegistryToFile(registryUrl: string, fileLocation: string) { newContents += `${authString}${os.EOL}${registryString}`; fs.writeFileSync(fileLocation, newContents); core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation); - // Export empty node_auth_token if didn't exist so npm doesn't complain about not being able to find it - core.exportVariable( - 'NODE_AUTH_TOKEN', - process.env.NODE_AUTH_TOKEN || 'XXXXX-XXXXX-XXXXX-XXXXX' - ); + // Only export NODE_AUTH_TOKEN if explicitly provided by user + if (Object.prototype.hasOwnProperty.call(process.env, 'NODE_AUTH_TOKEN')) { + core.exportVariable('NODE_AUTH_TOKEN', process.env.NODE_AUTH_TOKEN); + } }