Merge branch 'main' into patch-1

.github/workflows/check-dist.yml

@@ -1,4 +1,4 @@
-name: Check dist/
+name: Check dist content
 
 on:
   push:
@@ -11,9 +11,12 @@ on:
       - '**.md'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   call-check-dist:
     name: Check dist/
     uses: actions/reusable-workflows/.github/workflows/check-dist.yml@main
     with:
-      node-version: "20.x"
+      node-version: "24.x"

.github/workflows/close-inactive-issues.yml

@@ -1,4 +1,5 @@
 name: Close inactive issues
+
 on:
   schedule:
     - cron: "30 8 * * *"

.github/workflows/codeql.yml

@@ -1,4 +1,4 @@
-name: "Code scanning - action"
+name: Code scanning
 
 on:
   push:
@@ -6,18 +6,17 @@ on:
   schedule:
     - cron: '0 19 * * 0'
 
+permissions:
+  contents: read
+  security-events: write
+
 jobs:
   CodeQL-Build:
     # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
     runs-on: ubuntu-latest
-
-    permissions:
-      # required for all workflows
-      security-events: write
-
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/issue-opened-workflow.yml

@@ -1,16 +1,21 @@
 name: Assign issue
+
 on:
   issues:
     types: [opened]
+
+permissions:
+  issues: write
+
 jobs:
   run-action:
     runs-on: ubuntu-latest
     steps:
-    - name: Get current oncall
+      - name: Get current oncall
-      id: oncall
+        id: oncall
-      run: |
+        run: |
-        echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT
+          echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT
 
-    - name: add_assignees
+      - name: add_assignees
-      run: |
+        run: |
-        curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.issue.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}'
+          curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.issue.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}'

.github/workflows/licensed.yml

@@ -1,4 +1,4 @@
-name: Licensed
+name: License check
 
 on:
   push:
@@ -9,6 +9,9 @@ on:
       - main
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   validate-cached-dependency-records:
     runs-on: ubuntu-latest
@@ -16,7 +19,7 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Install dependencies
         run: npm ci --ignore-scripts

.github/workflows/pr-opened-workflow.yml

@@ -1,20 +1,25 @@
-name: Add Reviewer PR
+name: Assign pull request reviewer
+
 on:
   pull_request_target:
     types: [opened]
+
+permissions:
+  pull-requests: write
+
 jobs:
   run-action:
     runs-on: ubuntu-latest
     steps:
-    - name: Get current oncall
+      - name: Get current oncall
-      id: oncall
+        id: oncall
-      run: |
+        run: |
-        echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT
+          echo "CURRENT=$(curl --request GET 'https://api.pagerduty.com/oncalls?include[]=users&schedule_ids[]=P5VG2BX&earliest=true' --header 'Authorization: Token token=${{ secrets.PAGERDUTY_TOKEN }}' --header 'Accept: application/vnd.pagerduty+json;version=2' --header 'Content-Type: application/json' | jq -r '.oncalls[].user.name')" >> $GITHUB_OUTPUT
 
-    - name: Request Review
+      - name: Request Review
-      run: |
+        run: |
-        curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/pulls/${{ github.event.pull_request.number}}/requested_reviewers -d '{"reviewers":["${{steps.oncall.outputs.CURRENT}}"]}'
+          curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/pulls/${{ github.event.pull_request.number}}/requested_reviewers -d '{"reviewers":["${{steps.oncall.outputs.CURRENT}}"]}'
 
-    - name: Add Assignee
+      - name: Add Assignee
-      run: |
+        run: |
-        curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.pull_request.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}'    
+          curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{github.repository}}/issues/${{ github.event.pull_request.number}}/assignees -d '{"assignees":["${{steps.oncall.outputs.CURRENT}}"]}'

.github/workflows/publish-immutable-actions.yml

@@ -1,20 +1,20 @@
-name: 'Publish Immutable Action Version'
+name: Publish immutable action
 
 on:
   release:
     types: [released]
 
+permissions:
+  contents: read
+  id-token: write
+  packages: write
+
 jobs:
   publish:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-      packages: write
-
     steps:
       - name: Checking out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Publish
         id: publish
         uses: actions/publish-immutable-action@0.0.3

.github/workflows/release-new-action-version.yml

@@ -1,4 +1,5 @@
 name: Release new action version
+
 on:
   release:
     types: [released]
@@ -10,6 +11,7 @@ on:
 
 env:
   TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}
+
 permissions:
   contents: write
 

.github/workflows/workflow.yml

@@ -10,6 +10,9 @@ on:
       - main
       - releases/**
 
+permissions:
+  contents: read
+
 jobs:
   # Build and unit test
   build:
@@ -20,11 +23,11 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
-    - name: Setup Node.js 20.x
+    - name: Setup Node.js 24.x
       uses: actions/setup-node@v4
       with:
-        node-version: 20.x
+        node-version: 24.x
         cache: npm
     - run: npm ci
     - name: Prettier Format Check
@@ -43,7 +46,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Generate files in working directory
       shell: bash
       run: __tests__/create-cache-files.sh ${{ runner.os }} test-cache
@@ -57,6 +60,7 @@ jobs:
         path: |
           test-cache
           ~/test-cache
+
   test-restore:
     needs: test-save
     strategy:
@@ -66,7 +70,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Restore cache
       uses: ./
       with:
@@ -96,7 +100,7 @@ jobs:
       https_proxy: http://squid-proxy:3128
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Generate files
       run: __tests__/create-cache-files.sh proxy test-cache
     - name: Save cache
@@ -104,6 +108,7 @@ jobs:
       with:
         key: test-proxy-${{ github.run_id }}
         path: test-cache
+
   test-proxy-restore:
     needs: test-proxy-save
     runs-on: ubuntu-latest
@@ -119,7 +124,7 @@ jobs:
       https_proxy: http://squid-proxy:3128
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Restore cache
       uses: ./
       with:

.licensed.yml

@@ -28,3 +28,4 @@ reviewed:
   - glob # ISC
   - prettier # MIT
   - lodash # MIT
+  - "@actions/http-client" # MIT

CONTRIBUTING.md

@@ -16,7 +16,7 @@ Please note that this project is released with a [Contributor Code of Conduct][c
 1. [Fork][fork] and clone the repository
 2. Configure and install the dependencies: `npm install`
 3. Make sure the tests pass on your machine: `npm run test`
-4. Create a new branch: `git checkout -b my-branch-name`
+4. Create a new branch: `git switch -c my-branch-name`
 5. Make your change, add tests, and make sure the tests still pass
 6. Push to your fork and [submit a pull request][pr]
 7. Pat your self on the back and wait for your pull request to be reviewed and merged.

README.md

@@ -17,6 +17,10 @@ See ["Caching dependencies to speed up workflows"](https://docs.github.com/en/ac
 
 ### ⚠️ Important changes
 
+> [!IMPORTANT]
+> `actions/cache@v5` runs on the Node.js 24 runtime and requires a minimum Actions Runner version of `2.327.1`.
+> If you are using self-hosted runners, ensure they are updated before upgrading.
+
 The cache backend service has been rewritten from the ground up for improved performance and reliability. [actions/cache](https://github.com/actions/cache) now integrates with the new cache service (v2) APIs.
 
 The new service will gradually roll out as of **February 1st, 2025**. The legacy service will also be sunset on the same date. Changes in these releases are **fully backward compatible**.
@@ -34,6 +38,11 @@ Upgrading to the recommended versions will not break your workflows.
 
 Read more about the change & access the migration guide: [reference to the announcement](https://github.com/actions/cache/discussions/1510).
 
+### v5
+
+* Updated to node 24
+* Requires a minimum Actions Runner version of `2.327.1`
+
 ### v4
 
 * Integrated with the new cache service (v2) APIs.
@@ -69,6 +78,8 @@ Create a workflow `.yml` file in your repository's `.github/workflows` directory
 
 If you are using this inside a container, a POSIX-compliant `tar` needs to be included and accessible from the execution path.
 
+Note: `actions/cache@v5` runs on Node.js 24 and requires a minimum Actions Runner version of `2.327.1`.
+
 If you are using a `self-hosted` Windows runner, `GNU tar` and `zstd` are required for [Cross-OS caching](https://github.com/actions/cache/blob/main/tips-and-workarounds.md#cross-os-cache) to work. They are also recommended to be installed in general so the performance is on par with `hosted` Windows runners.
 
 ### Inputs

RELEASES.md

@@ -1,5 +1,49 @@
 # Releases
 
+## How to prepare a release
+
+> [!NOTE]  
+> Relevant for maintainers with write access only.
+
+1. Switch to a new branch from `main`.
+1. Run `npm test` to ensure all tests are passing.
+1. Update the version in [`package.json`](package.json).
+1. Run `npm run build` to update the compiled files.
+1. Update this [`RELEASES.md`](RELEASES.md) with the new version and changes in the `## Changelog` section.
+1. Run `licensed cache` to update the license report.
+1. Run `licensed status` and resolve any warnings by updating the [`.licensed.yml`](.licensed.yml) file with the exceptions.
+1. Commit your changes and push your branch upstream.
+1. Open a pull request against `main` and get it reviewed and merged.
+1. Draft a new release https://github.com/actions/cache/releases use the same version number used in `package.json`
+    1. Create a new tag with the version number.
+    1. Auto generate release notes and update them to match the changes you made in `RELEASES.md`.
+    1. Toggle the set as the latest release option.
+    1. Publish the release.
+1. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
+    1. There should be a workflow run queued with the same version number.
+    1. Approve the run to publish the new version and update the major tags for this action. 
+
+## Changelog
+
+### 5.0.3
+
+- Bump `@actions/cache` to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
+- Bump `@actions/core` to v2.0.3
+
+### 5.0.2
+
+- Bump `@actions/cache` to v5.0.3 [#1692](https://github.com/actions/cache/pull/1692)
+
+### 5.0.1
+
+- Update `@azure/storage-blob` to `^12.29.1` via `@actions/cache@5.0.1` [#1685](https://github.com/actions/cache/pull/1685)
+
+### 5.0.0
+
+> [!IMPORTANT]
+> `actions/cache@v5` runs on the Node.js 24 runtime and requires a minimum Actions Runner version of `2.327.1`.
+> If you are using self-hosted runners, ensure they are updated before upgrading.
+
 ### 4.3.0
 
 - Bump `@actions/cache` to [v4.1.0](https://github.com/actions/toolkit/pull/2132)

action.yml

@@ -38,7 +38,7 @@ outputs:
   cache-hit:
     description: 'A boolean value to indicate an exact match was found for the primary key'
 runs:
-  using: 'node20'
+  using: 'node24'
   main: 'dist/restore/index.js'
   post: 'dist/save/index.js'
   post-if: "success()"

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cache",
-  "version": "4.3.0",
+  "version": "5.0.3",
   "private": true,
   "description": "Cache dependencies and build outputs",
   "main": "dist/restore/index.js",
@@ -23,29 +23,32 @@
   "author": "GitHub",
   "license": "MIT",
   "dependencies": {
-    "@actions/cache": "^4.1.0",
+    "@actions/cache": "^5.0.5",
-    "@actions/core": "^1.11.1",
+    "@actions/core": "^2.0.3",
-    "@actions/exec": "^1.1.1",
+    "@actions/exec": "^2.0.0",
-    "@actions/io": "^1.1.3"
+    "@actions/io": "^2.0.0"
   },
   "devDependencies": {
-    "@types/jest": "^27.5.2",
+    "@types/jest": "^29.5.14",
     "@types/nock": "^11.1.0",
-    "@types/node": "^16.18.3",
+    "@types/node": "^24.1.0",
-    "@typescript-eslint/eslint-plugin": "^5.45.0",
+    "@typescript-eslint/eslint-plugin": "^7.2.0",
-    "@typescript-eslint/parser": "^5.45.0",
+    "@typescript-eslint/parser": "^7.2.0",
     "@vercel/ncc": "^0.38.3",
     "eslint": "^8.28.0",
-    "eslint-config-prettier": "^8.5.0",
+    "eslint-config-prettier": "^9.1.2",
-    "eslint-plugin-import": "^2.26.0",
+    "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-jest": "^26.9.0",
+    "eslint-plugin-jest": "^27.9.0",
-    "eslint-plugin-prettier": "^4.2.1",
+    "eslint-plugin-prettier": "^5.5.3",
-    "eslint-plugin-simple-import-sort": "^7.0.0",
+    "eslint-plugin-simple-import-sort": "^12.1.1",
-    "jest": "^28.1.3",
+    "jest": "^29.7.0",
-    "jest-circus": "^27.5.1",
+    "jest-circus": "^29.7.0",
     "nock": "^13.2.9",
-    "prettier": "^2.8.0",
+    "prettier": "^3.6.2",
-    "ts-jest": "^28.0.8",
+    "ts-jest": "^29.4.0",
-    "typescript": "^4.9.3"
+    "typescript": "^5.8.3"
+  },
+  "engines": {
+    "node": ">=24"
   }
 }

restore/action.yml

@@ -31,7 +31,7 @@ outputs:
   cache-matched-key:
     description: 'Key of the cache that was restored, it could either be the primary key on cache-hit or a partial/complete match of one of the restore keys'
 runs:
-  using: 'node20'
+  using: 'node24'
   main: '../dist/restore-only/index.js'
 branding:
   icon: 'archive'

save/action.yml

@@ -16,7 +16,7 @@ inputs:
     default: 'false'
     required: false
 runs:
-  using: 'node20'
+  using: 'node24'
   main: '../dist/save-only/index.js'
 branding:
   icon: 'archive'