Skip to content

Sync Fork with Upstream#42

Open
github-actions[bot] wants to merge 52 commits intomainfrom
weekly-sync-branch-21808567773
Open

Sync Fork with Upstream#42
github-actions[bot] wants to merge 52 commits intomainfrom
weekly-sync-branch-21808567773

Conversation

@github-actions
Copy link

@github-actions github-actions bot commented Feb 9, 2026

Weekly Cron. Created by GitHub Actions.

GeekMasher and others added 30 commits August 15, 2025 10:53
@GeekMasher
Update README to have latest version
601c613
@GeekMasher
Merge pull request advanced-security#131 from advanced-security/GeekM…
c7cb2bb 
…asher-patch-1

Update README to have latest version
@lxop
Unescape the locationsFoundAt paths
ec00348
@lxop
Update dist
d434719
@lxop
Add test
9b429e3
@dependabot
Bump brace-expansion from 1.1.11 to 1.1.12
3517f8f 
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.11 to 1.1.12.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump js-yaml from 3.14.1 to 3.14.2
eb91e65 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump js-yaml in /test in the npm_and_yarn group across 1 directory
caf2b08 
Bumps the npm_and_yarn group with 1 update in the /test directory: [js-yaml](https://github.com/nodeca/js-yaml).


Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@aegilops
Merge pull request advanced-security#141 from advanced-security/depen…
376d625 
…dabot/npm_and_yarn/js-yaml-3.14.2
@aegilops
Merge pull request advanced-security#142 from advanced-security/depen…
f59e294 
…dabot/npm_and_yarn/test/npm_and_yarn-4265e88a4c
@aegilops
Merge pull request advanced-security#140 from advanced-security/depen…
333866a 
…dabot/npm_and_yarn/brace-expansion-1.1.12
@dependabot
Bump the npm-dependencies group across 1 directory with 13 updates
6ca39f3 
Bumps the npm-dependencies group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [dotenv](https://github.com/motdotla/dotenv) | `16.5.0` | `17.2.3` |
| [octokit](https://github.com/octokit/octokit.js) | `4.1.3` | `5.0.4` |
| [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.1` |
| [yaml](https://github.com/eemeli/yaml) | `2.7.1` | `2.8.1` |
| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.27.2` | `7.28.5` |
| [@babel/preset-typescript](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-typescript) | `7.27.1` | `7.28.5` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.26.0` | `9.38.0` |
| [@types/glob](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/glob) | `8.1.0` | `9.0.0` |
| [@vercel/ncc](https://github.com/vercel/ncc) | `0.38.3` | `0.38.4` |
| [eslint](https://github.com/eslint/eslint) | `9.26.0` | `9.38.0` |
| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `29.7.0` | `30.2.0` |
| [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) | `29.5.14` | `30.0.0` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.3.2` | `29.4.5` |



Updates `dotenv` from 16.5.0 to 17.2.3
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.5.0...v17.2.3)

Updates `octokit` from 4.1.3 to 5.0.4
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](octokit/octokit.js@v4.1.3...v5.0.4)

Updates `tar` from 7.4.3 to 7.5.1
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.4.3...v7.5.1)

Updates `yaml` from 2.7.1 to 2.8.1
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.7.1...v2.8.1)

Updates `@babel/preset-env` from 7.27.2 to 7.28.5
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.5/packages/babel-preset-env)

Updates `@babel/preset-typescript` from 7.27.1 to 7.28.5
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.5/packages/babel-preset-typescript)

Updates `@eslint/js` from 9.26.0 to 9.38.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.38.0/packages/js)

Updates `@types/glob` from 8.1.0 to 9.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/glob)

Updates `@vercel/ncc` from 0.38.3 to 0.38.4
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](vercel/ncc@0.38.3...0.38.4)

Updates `eslint` from 9.26.0 to 9.38.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.26.0...v9.38.0)

Updates `jest` from 29.7.0 to 30.2.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.2.0/packages/jest)

Updates `@types/jest` from 29.5.14 to 30.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Updates `ts-jest` from 29.3.2 to 29.4.5
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](kulshekhar/ts-jest@v29.3.2...v29.4.5)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.2.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: octokit
  dependency-version: 5.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: tar
  dependency-version: 7.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: yaml
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@babel/preset-env"
  dependency-version: 7.28.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@babel/preset-typescript"
  dependency-version: 7.28.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@eslint/js"
  dependency-version: 9.38.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@types/glob"
  dependency-version: 9.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: "@vercel/ncc"
  dependency-version: 0.38.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-version: 9.38.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: jest
  dependency-version: 30.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: "@types/jest"
  dependency-version: 30.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: ts-jest
  dependency-version: 29.4.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump the actions-dependencies group across 1 directory with 3 updates
98ddec4 
Bumps the actions-dependencies group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/setup-node](https://github.com/actions/setup-node) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v5)

Updates `actions/setup-node` from 4.4.0 to 6.0.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4.4.0...v6.0.0)

Updates `actions/upload-artifact` from 4 to 5
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-dependencies
- dependency-name: actions/setup-node
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-dependencies
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@aegilops
Merge pull request advanced-security#137 from lxop/unescape-locations…
7dde1e2 
…foundat

Unescape the locationsFoundAt paths
@aegilops
Merge pull request advanced-security#138 from advanced-security/depen…
d93866d 
…dabot/github_actions/actions-dependencies-aff0d92867

Bump the actions-dependencies group across 1 directory with 3 updates
@aegilops
Merge pull request advanced-security#139 from advanced-security/depen…
51ff88a 
…dabot/npm_and_yarn/npm-dependencies-f22493f90b

Bump the npm-dependencies group across 1 directory with 13 updates
@dependabot
Bump the npm-dependencies group across 1 directory with 6 updates
c4dbadd 
Bumps the npm-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `1.11.1` | `2.0.2` |
| [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) | `6.0.1` | `7.0.0` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.1` | `2.8.2` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.39.1` | `9.39.2` |
| [eslint](https://github.com/eslint/eslint) | `9.39.1` | `9.39.2` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.5` | `29.4.6` |



Updates `@actions/core` from 1.11.1 to 2.0.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `@actions/github` from 6.0.1 to 7.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

Updates `yaml` from 2.8.1 to 2.8.2
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.1...v2.8.2)

Updates `@eslint/js` from 9.39.1 to 9.39.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.39.2/packages/js)

Updates `eslint` from 9.39.1 to 9.39.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.1...v9.39.2)

Updates `ts-jest` from 29.4.5 to 29.4.6
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](kulshekhar/ts-jest@v29.4.5...v29.4.6)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: "@actions/github"
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: yaml
  dependency-version: 2.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@eslint/js"
  dependency-version: 9.39.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-version: 9.39.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: ts-jest
  dependency-version: 29.4.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Initial plan
b73d1f6
@felickz
Remove deprecated @types/glob and rebuild dist
0307c61 
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
@felickz
Merge pull request advanced-security#149 from advanced-security/copil…
130f5c0 
…ot/sub-pr-148

Fix build failure from deprecated @types/glob package
@felickz
Merge pull request advanced-security#148 from advanced-security/depen…
bbaabfd 
…dabot/npm_and_yarn/npm-dependencies-a0793ff638

Bump the npm-dependencies group across 1 directory with 6 updates
@dependabot
Bump tar in /test in the npm_and_yarn group across 1 directory
c2b8a66 
Bumps the npm_and_yarn group with 1 update in the /test directory: [tar](https://github.com/isaacs/node-tar).


Updates `tar` from 6.2.1 to 7.5.3
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.1...v7.5.3)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@felickz
Merge pull request advanced-security#150 from advanced-security/depen…
ea95fe5 
…dabot/npm_and_yarn/test/npm_and_yarn-bb754c2437

Bump tar from 6.2.1 to 7.5.3 in /test in the npm_and_yarn group across 1 directory
@dependabot
Bump tar from 7.5.2 to 7.5.3
489141f 
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.2 to 7.5.3.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.2...v7.5.3)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@felickz
Merge pull request advanced-security#151 from advanced-security/depen…
12d34de 
…dabot/npm_and_yarn/tar-7.5.3

Bump tar from 7.5.2 to 7.5.3
@dependabot
Bump the actions-dependencies group with 2 updates
516a3ad 
Bumps the actions-dependencies group with 2 updates: [actions/setup-node](https://github.com/actions/setup-node) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/setup-node` from 6.0.0 to 6.2.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v6.0.0...v6.2.0)

Updates `actions/upload-artifact` from 5 to 6
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-dependencies
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump @babel/preset-env in the npm-dependencies group
026ce8b 
Bumps the npm-dependencies group with 1 update: [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env).


Updates `@babel/preset-env` from 7.28.5 to 7.28.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-version: 7.28.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@felickz
Merge pull request advanced-security#153 from advanced-security/depen…
7422d90 
…dabot/npm_and_yarn/npm-dependencies-37dcccbec2

Bump @babel/preset-env from 7.28.5 to 7.28.6 in the npm-dependencies group
@felickz
Merge pull request advanced-security#152 from advanced-security/depen…
386aa5c 
…dabot/github_actions/actions-dependencies-b584cbb28a

Bump the actions-dependencies group with 2 updates
@dependabot
Bump tar from 7.5.3 to 7.5.4
6027851 
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.3 to 7.5.4.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.3...v7.5.4)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
dependabot bot and others added 22 commits January 21, 2026 21:19
@dependabot
Bump tar in /test in the npm_and_yarn group across 1 directory
1a936f4 
Bumps the npm_and_yarn group with 1 update in the /test directory: [tar](https://github.com/isaacs/node-tar).


Updates `tar` from 7.5.3 to 7.5.4
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.3...v7.5.4)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@felickz
Merge pull request advanced-security#154 from advanced-security/depen…
fe416ae 
…dabot/npm_and_yarn/tar-7.5.4

Bump tar from 7.5.3 to 7.5.4
@felickz
Merge pull request advanced-security#155 from advanced-security/depen…
9c110eb 
…dabot/npm_and_yarn/test/npm_and_yarn-a17bed1a3b

Bump tar from 7.5.3 to 7.5.4 in /test in the npm_and_yarn group across 1 directory
@felickz
Update component detection action version to 0.1.1
32fc958
@felickz
Merge pull request advanced-security#156 from advanced-security/lates…
7957361 
…t-version-readme

Update component detection action version to 0.1.1
@dependabot
Bump lodash in /test/nested in the npm_and_yarn group across 1 directory
4407dda 
Bumps the npm_and_yarn group with 1 update in the /test/nested directory: [lodash](https://github.com/lodash/lodash).


Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@felickz
Merge pull request advanced-security#157 from advanced-security/depen…
65d132c 
…dabot/npm_and_yarn/test/nested/npm_and_yarn-f3562b46b9

Bump lodash from 4.17.21 to 4.17.23 in /test/nested in the npm_and_yarn group across 1 directory
@dependabot
Bump tar from 7.5.4 to 7.5.6 in the npm-dependencies group
fe72234 
Bumps the npm-dependencies group with 1 update: [tar](https://github.com/isaacs/node-tar).


Updates `tar` from 7.5.4 to 7.5.6
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.4...v7.5.6)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@felickz
Merge pull request advanced-security#158 from advanced-security/depen…
8270e9a 
…dabot/npm_and_yarn/npm-dependencies-1c5b4d3897

Bump tar from 7.5.4 to 7.5.6 in the npm-dependencies group
@dependabot
Bump tar in /test in the npm_and_yarn group across 1 directory
f7f30e1 
Bumps the npm_and_yarn group with 1 update in the /test directory: [tar](https://github.com/isaacs/node-tar).


Updates `tar` from 7.5.4 to 7.5.7
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.4...v7.5.7)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.7
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@felickz
Revise README for workflows and detector options
d041cfd 
Updated example workflow section and added details about experimental and default-off detectors that are passed into detectorArgs as EnableIfDefaultOff
@felickz
Update README to remove duplication and version change
d177d78 
fix formatting and typo
@dependabot
Bump the npm-dependencies group with 4 updates
cf04b7b 
Bumps the npm-dependencies group with 4 updates: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github), [tar](https://github.com/isaacs/node-tar) and [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env).


Updates `@actions/core` from 2.0.2 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `@actions/github` from 7.0.0 to 9.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

Updates `tar` from 7.5.6 to 7.5.7
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.6...v7.5.7)

Updates `@babel/preset-env` from 7.28.6 to 7.29.0
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: "@actions/github"
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: tar
  dependency-version: 7.5.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@babel/preset-env"
  dependency-version: 7.29.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Initial plan
1a45444
@felickz
Fix ESM compatibility for @actions packages v3/v9
4f00d77 
- Remove unused deep import of Context from @actions/github/lib/context
- Update TypeScript config to compile to ES2022 modules instead of CommonJS
- This fixes build failures with @actions/core v3 and @actions/github v9

Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
@felickz
Update TypeScript config comments to be more concise
41bb53a 
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
@felickz
Merge pull request advanced-security#163 from advanced-security/copil…
9aece0e 
…ot/sub-pr-162

Fix ESM compatibility for @actions/core v3 and @actions/github v9
@felickz
Merge pull request advanced-security#162 from advanced-security/depen…
9337616 
…dabot/npm_and_yarn/npm-dependencies-304c371dc4

Bump the npm-dependencies group with 4 updates
@felickz
Merge pull request advanced-security#159 from advanced-security/depen…
332c61a 
…dabot/npm_and_yarn/test/npm_and_yarn-c2faeb1381

Bump tar from 7.5.4 to 7.5.7 in /test in the npm_and_yarn group across 1 directory
@felickz
Merge pull request advanced-security#161 from advanced-security/docum…
630165e 
…ent-EnableIfDefaultOff-detectorArgs

Revise README for workflows and detector options
@github-actions
Merge upstream:main
a0444db
@github-actions
Empty commit to open PR
c63308c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@GeekMasher @lxop @aegilops @felickz