Release notes
Sourced from typing-extensions's releases.
4.14.1
Release 4.14.1 (July 4, 2025)
- Fix usage of
typing_extensions.TypedDictnested inside other types (e.g.,typing.Type[typing_extensions.TypedDict]). This is not allowed by the type system but worked on older versions, so we maintain support.4.14.0
This release adds several new features, including experimental support for inline typed dictionaries (PEP 764) and sentinels (PEP 661), and support for changes in Python 3.14. In addition, Python 3.8 is no longer supported.
Changes since 4.14.0rc1:
- Remove
__or__and__ror__methods fromtyping_extensions.Sentinelon Python versions <3.10. PEP 604 was introduced in Python 3.10, andtyping_extensionsdoes not generally attempt to backport PEP-604 methods to prior versions.- Further update
typing_extensions.evaluate_forward_refwith changes in Python 3.14.Changes included in 4.14.0rc1:
- Drop support for Python 3.8 (including PyPy-3.8). Patch by Victorien Plot.
- Do not attempt to re-export names that have been removed from
typing, anticipating the removal oftyping.no_type_check_decoratorin Python 3.15. Patch by Jelle Zijlstra.- Update
typing_extensions.Format,typing_extensions.evaluate_forward_ref, andtyping_extensions.TypedDictto align with changes in Python 3.14. Patches by Jelle Zijlstra.- Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.
New features:
- Add support for inline typed dictionaries (PEP 764). Patch by Victorien Plot.
- Add
typing_extensions.Readerandtyping_extensions.Writer. Patch by Sebastian Rittau.- Add support for sentinels (PEP 661). Patch by Victorien Plot.
4.14.0rc1
Major changes:
- Drop support for Python 3.8 (including PyPy-3.8). Patch by Victorien Plot.
- Do not attempt to re-export names that have been removed from
typing, anticipating the removal oftyping.no_type_check_decoratorin Python 3.15. Patch by Jelle Zijlstra.- Update
typing_extensions.Format,typing_extensions.evaluate_forward_ref, andtyping_extensions.TypedDictto align with changes in Python 3.14. Patches by Jelle Zijlstra.- Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.
... (truncated)
Changelog
Sourced from typing-extensions's changelog.
Release 4.14.1 (July 4, 2025)
- Fix usage of
typing_extensions.TypedDictnested inside other types (e.g.,typing.Type[typing_extensions.TypedDict]). This is not allowed by the type system but worked on older versions, so we maintain support.Release 4.14.0 (June 2, 2025)
Changes since 4.14.0rc1:
- Remove
__or__and__ror__methods fromtyping_extensions.Sentinelon Python versions <3.10. PEP 604 was introduced in Python 3.10, andtyping_extensionsdoes not generally attempt to backport PEP-604 methods to prior versions.- Further update
typing_extensions.evaluate_forward_refwith changes in Python 3.14.Release 4.14.0rc1 (May 24, 2025)
- Drop support for Python 3.8 (including PyPy-3.8). Patch by Victorien Plot.
- Do not attempt to re-export names that have been removed from
typing, anticipating the removal oftyping.no_type_check_decoratorin Python 3.15. Patch by Jelle Zijlstra.- Update
typing_extensions.Format,typing_extensions.evaluate_forward_ref, andtyping_extensions.TypedDictto align with changes in Python 3.14. Patches by Jelle Zijlstra.- Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.
New features:
- Add support for inline typed dictionaries (PEP 764). Patch by Victorien Plot.
- Add
typing_extensions.Readerandtyping_extensions.Writer. Patch by Sebastian Rittau.- Add support for sentinels (PEP 661). Patch by Victorien Plot.
Commits
42027abPrepare release 4.14.1 (#620)59d2c20Fix off by one in pickle protocol tests (#618)40e22ebDo not use slots for_TypedDictSpecialForm(#616)d17c456allow TypedDict as a type argument (#614)b07d245Prepare release 4.14.0 (#612)fcf5265Backport evaluate_forward_ref() changes (#611)fadc1edRemove PEP-604 methods fromSentinelon Python <3.10 (#605)44de568Add 3.14 to project classifiers and tox.ini (#604)36cc476Prepare release 4.14.0rc1 (#603)ec1876cMore fixes for 3.14 and 3.15 (#602)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Changelog
Sourced from importlib-metadata's changelog.
v8.7.0
Features
.metadata()(andDistribution.metadata) can now returnNoneif the metadata directory exists but not metadata file is present. (#493)Bugfixes
- Raise consistent ValueError for invalid EntryPoint.value (#518)
Commits
708dff4Finalizeb3065f0Merge pull request #519 from python/bugfix/493-metadata-missinge4351c2Add a new test capturing the new expectation.5a65705Refactor the casting into a wrapper for brevity and to document its purpose.0830c39Add news fragment.22bb567Fix type errors where metadata could be None.57f31d7Allow metadata to return None when there is no metadata present.b9c4be4Merge pull request #518 from python/bugfix/488-bad-ep-value9f8af01Prefer a cached property, as the property is likely to be retrieved at least ...f179e28Also raise ValueError on construction if the value is invalid.- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from mheap/github-action-required-labels's releases.
v5.5.1
What's Changed
- fix: Ensure all label pages are traversed and remove per_page from API and tests by
@markscamilleriin mheap/github-action-required-labels#91New Contributors
@markscamillerimade their first contribution in mheap/github-action-required-labels#91Full Changelog: https://github.com/mheap/github-action-required-labels/compare/v5.5.0...v5.5.1
Commits
8afbe8aAutomatic compilation8eb7f59fix: Ensure all label pages are traversed and remove per_page from API and te...- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Changelog
Sourced from form-data's changelog.
v4.0.4 - 2025-07-16
Commits
- [meta] add
auto-changelog811f682- [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
1d11a76- [Fix] Switch to using
cryptorandom for boundary values3d17230- [Tests] fix linting errors
5e34080- [meta] actually ensure the readme backup isn’t published
316c82b- [Dev Deps] update
@ljharb/eslint-config58c25d7- [meta] fix readme capitalization
2300ca1v4.0.3 - 2025-06-05
Fixed
- [Fix]
append: avoid a crash on nullish values[#577](https://github.com/form-data/form-data/issues/577)Commits
- [eslint] use a shared config
426ba9a- [eslint] fix some spacing issues
2094191- [Refactor] use
hasown81ab41b- [Fix] validate boundary type in
setBoundary()method8d8e469- [Tests] add tests to check the behavior of
getBoundarywith non-strings837b8a1- [Dev Deps] remove unused deps
870e4e6- [meta] remove local commit hooks
e6e83cc- [Dev Deps] update
eslint4066fd6- [meta] fix scripts to use prepublishOnly
c4bbb13v4.0.2 - 2025-02-14
Merged
- [Fix] set
Symbol.toStringTagwhen available[#573](https://github.com/form-data/form-data/issues/573)- [Fix] set
Symbol.toStringTagwhen available[#573](https://github.com/form-data/form-data/issues/573)- fix (npmignore): ignore temporary build files
[#532](https://github.com/form-data/form-data/issues/532)- fix (npmignore): ignore temporary build files
[#532](https://github.com/form-data/form-data/issues/532)Fixed
- [Fix] set
Symbol.toStringTagwhen available (#573)[#396](https://github.com/form-data/form-data/issues/396)- [Fix] set
Symbol.toStringTagwhen available (#573)[#396](https://github.com/form-data/form-data/issues/396)- [Fix] set
Symbol.toStringTagwhen available[#396](https://github.com/form-data/form-data/issues/396)Commits
... (truncated)
Commits
41996f5v4.0.4316c82b[meta] actually ensure the readme backup isn’t published2300ca1[meta] fix readme capitalization811f682[meta] addauto-changelog5e34080[Tests] fix linting errors1d11a76[Tests] handle predict-v8-randomness failures in node < 17 and node > 2358c25d7[Dev Deps] update@ljharb/eslint-config3d17230[Fix] Switch to usingcryptorandom for boundary valuesd8d67dcv4.0.3e6e83cc[meta] remove local commit hooks- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by ljharb, a new releaser for form-data since your current version.
Updates `form-data` from 2.5.1 to 4.0.4
Changelog
Sourced from form-data's changelog.
v4.0.4 - 2025-07-16
Commits
- [meta] add
auto-changelog811f682- [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
1d11a76- [Fix] Switch to using
cryptorandom for boundary values3d17230- [Tests] fix linting errors
5e34080- [meta] actually ensure the readme backup isn’t published
316c82b- [Dev Deps] update
@ljharb/eslint-config58c25d7- [meta] fix readme capitalization
2300ca1v4.0.3 - 2025-06-05
Fixed
- [Fix]
append: avoid a crash on nullish values[#577](https://github.com/form-data/form-data/issues/577)Commits
- [eslint] use a shared config
426ba9a- [eslint] fix some spacing issues
2094191- [Refactor] use
hasown81ab41b- [Fix] validate boundary type in
setBoundary()method8d8e469- [Tests] add tests to check the behavior of
getBoundarywith non-strings837b8a1- [Dev Deps] remove unused deps
870e4e6- [meta] remove local commit hooks
e6e83cc- [Dev Deps] update
eslint4066fd6- [meta] fix scripts to use prepublishOnly
c4bbb13v4.0.2 - 2025-02-14
Merged
- [Fix] set
Symbol.toStringTagwhen available[#573](https://github.com/form-data/form-data/issues/573)- [Fix] set
Symbol.toStringTagwhen available[#573](https://github.com/form-data/form-data/issues/573)- fix (npmignore): ignore temporary build files
[#532](https://github.com/form-data/form-data/issues/532)- fix (npmignore): ignore temporary build files
[#532](https://github.com/form-data/form-data/issues/532)Fixed
- [Fix] set
Symbol.toStringTagwhen available (#573)[#396](https://github.com/form-data/form-data/issues/396)- [Fix] set
Symbol.toStringTagwhen available (#573)[#396](https://github.com/form-data/form-data/issues/396)- [Fix] set
Symbol.toStringTagwhen available[#396](https://github.com/form-data/form-data/issues/396)Commits
... (truncated)
Commits
41996f5v4.0.4316c82b[meta] actually ensure the readme backup isn’t published2300ca1[meta] fix readme capitalization811f682[meta] addauto-changelog5e34080[Tests] fix linting errors1d11a76[Tests] handle predict-v8-randomness failures in node < 17 and node > 2358c25d7[Dev Deps] update@ljharb/eslint-config3d17230[Fix] Switch to usingcryptorandom for boundary valuesd8d67dcv4.0.3e6e83cc[meta] remove local commit hooks- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by ljharb, a new releaser for form-data since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/checkout's releases.
v5.0.0
What's Changed
- Update actions checkout to use node 24 by
@salmanmkcin actions/checkout#2226- Prepare v5.0.0 release by
@salmanmkcin actions/checkout#2238⚠️ Minimum Compatible Runner Version
v2.327.1
Release NotesMake sure your runner is updated to this version or newer to use this release.
Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0
v4.3.0
What's Changed
- docs: update README.md by
@motssin actions/checkout#1971- Add internal repos for checking out multiple repositories by
@mouismailin actions/checkout#1977- Documentation update - add recommended permissions to Readme by
@benwellsin actions/checkout#2043- Adjust positioning of user email note and permissions heading by
@joshmgrossin actions/checkout#2044- Update README.md by
@nebuk89in actions/checkout#2194- Update CODEOWNERS for actions by
@TingluoHuangin actions/checkout#2224- Update package dependencies by
@salmanmkcin actions/checkout#2236- Prepare release v4.3.0 by
@salmanmkcin actions/checkout#2237New Contributors
@motssmade their first contribution in actions/checkout#1971@mouismailmade their first contribution in actions/checkout#1977@benwellsmade their first contribution in actions/checkout#2043@nebuk89made their first contribution in actions/checkout#2194@salmanmkcmade their first contribution in actions/checkout#2236Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.0
v4.2.2
What's Changed
url-helper.tsnow leverages well-known environment variables by@jww3in actions/checkout#1941- Expand unit test coverage for
isGhesby@jww3in actions/checkout#1946Full Changelog: https://github.com/actions/checkout/compare/v4.2.1...v4.2.2
v4.2.1
What's Changed
- Check out other refs/* by commit if provided, fall back to ref by
@orhantoyin actions/checkout#1924New Contributors
@Jcambassmade their first contribution in actions/checkout#1919Full Changelog: https://github.com/actions/checkout/compare/v4.2.0...v4.2.1
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
Changelog
V5.0.0
- Update actions checkout to use node 24 by
@salmanmkcin actions/checkout#2226V4.3.0
- docs: update README.md by
@motssin actions/checkout#1971- Add internal repos for checking out multiple repositories by
@mouismailin actions/checkout#1977- Documentation update - add recommended permissions to Readme by
@benwellsin actions/checkout#2043- Adjust positioning of user email note and permissions heading by
@joshmgrossin actions/checkout#2044- Update README.md by
@nebuk89in actions/checkout#2194- Update CODEOWNERS for actions by
@TingluoHuangin actions/checkout#2224- Update package dependencies by
@salmanmkcin actions/checkout#2236v4.2.2
url-helper.tsnow leverages well-known environment variables by@jww3in actions/checkout#1941- Expand unit test coverage for
isGhesby@jww3in actions/checkout#1946v4.2.1
- Check out other refs/* by commit if provided, fall back to ref by
@orhantoyin actions/checkout#1924v4.2.0
- Add Ref and Commit outputs by
@lucacomein actions/checkout#1180- Dependency updates by
@dependabot- actions/checkout#1777, actions/checkout#1872v4.1.7
- Bump the minor-npm-dependencies group across 1 directory with 4 updates by
@dependabotin actions/checkout#1739- Bump actions/checkout from 3 to 4 by
@dependabotin actions/checkout#1697- Check out other refs/* by commit by
@orhantoyin actions/checkout#1774- Pin actions/checkout's own workflows to a known, good, stable version. by
@jww3in actions/checkout#1776v4.1.6
- Check platform to set archive extension appropriately by
@cory-millerin actions/checkout#1732v4.1.5
- Update NPM dependencies by
@cory-millerin actions/checkout#1703- Bump github/codeql-action from 2 to 3 by
@dependabotin actions/checkout#1694- Bump actions/setup-node from 1 to 4 by
@dependabotin actions/checkout#1696- Bump actions/upload-artifact from 2 to 4 by
@dependabotin actions/checkout#1695- README: Suggest
user.emailto be41898282+github-actions[bot]@users.noreply.github.comby@cory-millerin actions/checkout#1707v4.1.4
- Disable
extensions.worktreeConfigwhen disablingsparse-checkoutby@jww3in actions/checkout#1692- Add dependabot config by
@cory-millerin actions/checkout#1688- Bump the minor-actions-dependencies group with 2 updates by
@dependabotin actions/checkout#1693- Bump word-wrap from 1.2.3 to 1.2.5 by
@dependabotin actions/checkout#1643v4.1.3
... (truncated)
Commits
08c6903Prepare v5.0.0 release (#2238)9f26565Update actions checkout to use node 24 (#2226)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-node's releases.
v5.0.0
What's Changed
Breaking Changes
- Upgrade action to use node24 by
@salmanmkcin actions/setup-node#1325Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes
Dependency Upgrades
- Upgrade
@octokit/request-errorand@actions/githubby@dependabot[bot] in actions/setup-node#1227- Upgrade uuid from 9.0.1 to 11.1.0 by
@dependabot[bot] in actions/setup-node#1273- Upgrade undici from 5.28.5 to 5.29.0 by
@dependabot[bot] in actions/setup-node#1295- Upgrade form-data to bring in fix for critical vulnerability by
@gowridurgadin actions/setup-node#1332- Upgrade actions/checkout from 4 to 5 by
@dependabot[bot] in actions/setup-node#1345Enhancement:
- Enhance caching in setup-node with automatic package manager detection by
@priya-kinthaliin actions/setup-node#1348New Contributors
@priya-kinthalimade their first contribution in actions/setup-node#1348@salmanmkcmade their first contribution in actions/setup-node#1325Full Changelog: https://github.com/actions/setup-node/compare/v4...v5.0.0
v4.4.0
What's Changed
Bug fixes:
- Make eslint-compact matcher compatible with Stylelint by
@FloEdelmannin actions/setup-node#98- Add support for indented eslint output by
@fregantein actions/setup-node#1245Enhancement:
- Support private mirrors by
@marco-ippolitoin actions/setup-node#1240Dependency update:
- Upgrade
@action/cachefrom 4.0.2 to 4.0.3 by@aparnajyothi-yin actions/setup-node#1262New Contributors
@FloEdelmannmade their first contribution in actions/setup-node#98@fregantemade their first contribution in actions/setup-node#1245@marco-ippolitomade their first contribution in actions/setup-node#1240Full Changelog: https://github.com/actions/setup-node/compare/v4...v4.4.0
v4.3.0
What's Changed
Dependency updates
- Upgrade
@actions/globfrom 0.4.0 to 0.5.0 by@dependabotin actions/setup-node#1200- Upgrade
@action/cachefrom 4.0.0 to 4.0.2 by@gowridurgadin actions/setup-node#1251- Upgrade
@vercel/nccfrom 0.38.1 to 0.38.3 by@dependabotin actions/setup-node#1203- Upgrade
@actions/tool-cachefrom 2.0.1 to 2.0.2 by@dependabotin actions/setup-node#1220
... (truncated)
Commits
a0853c2Bump actions/checkout from 4 to 5 (#1345)b7234ccUpgrade action to use node24 (#1325)d7a1131Enhance caching in setup-node with automatic package manager detection (#1348)5e2628cBumps form-data (#1332)65becefBump undici from 5.28.5 to 5.29.0 (#1295)7e24a65Bump uuid from 9.0.1 to 11.1.0 (#1273)08f58d1Bump@octokit/request-errorand@actions/github(#1227)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/github-script's releases.
v8.0.0
What's Changed
- Update Node.js version support to 24.x by
@salmanmkcin actions/github-script#637- README for updating actions/github-script from v7 to v8 by
@sneha-kripin actions/github-script#653⚠️ Minimum Compatible Runner Version
v2.327.1
Release NotesMake sure your runner is updated to this version or newer to use this release.
New Contributors
@salmanmkcmade their first contribution in actions/github-script#637@sneha-kripmade their first contribution in actions/github-script#653Full Changelog: https://github.com/actions/github-script/compare/v7.1.0...v8.0.0
v7.1.0
What's Changed
- Upgrade husky to v9 by
@benelanin actions/github-script#482- Add workflow file for publishing releases to immutable action package by
@Jcambassin actions/github-script#485- Upgrade IA Publish by
@Jcambassin actions/github-script#486- Fix workflow status badges by
@joshmgrossin actions/github-script#497- Update usage of
actions/upload-artifactby@joshmgrossin actions/github-script#512- Clear up package name confusion by
@joshmgrossin actions/github-script#514- Update dependencies with
npm audit fixby@joshmgrossin actions/github-script#515- Specify that the used script is JavaScript by
@timotkin actions/github-script#478- chore: Add Dependabot for NPM and Actions by
@nschonniin actions/github-script#472- Define
permissionsin workflows and update actions by@joshmgrossin actions/github-script#531- chore: Add Dependabot for .github/actions/install-dependencies by
@nschonniin actions/github-script#532- chore: Remove .vscode settings by
@nschonniin actions/github-script#533- ci: Use github/setup-licensed by
@nschonniin actions/github-script#473- make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by
@iamstarkovin actions/github-script#508- Remove
octokitREADME updates for v7 by@joshmgrossin actions/github-script#557- docs: add "exec" usage examples by
@neilimein actions/github-script#546- Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by
@dependabot[bot] in actions/github-script#563- Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by
@dependabot[bot] in actions/github-script#575- Clearly document passing inputs to the
scriptby@joshmgrossin actions/github-script#603- Update README.md by
@nebuk89in actions/github-script#610New Contributors
@benelanmade their first contribution in actions/github-script#482@Jcambassmade their first contribution in actions/github-script#485@timotkmade their first contribution in actions/github-script#478@iamstarkovmade their first contribution in actions/github-script#508@neilimemade their first contribution in actions/github-script#546@nebuk89made their first contribution in actions/github-script#610Full Changelog: https://github.com/actions/github-script/compare/v7...v7.1.0
... (truncated)
Commits
ed59741Merge pull request #653 from actions/sneha-krip/readme-for-v82dc352eBold minimum Actions Runner version in README01e118cUpdate README for Node 24 runtime requirements8b222acApply suggestion from@salmanmkcadc0eeaREADME for updating actions/github-script from v7 to v820fe497Merge pull request #637 from actions/node24e7b7f22update licenses2c81ba0Update Node.js version support to 24.xf28e40cMerge pull request #610 from actions/nebuk89-patch-11ae9958Update README.md- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-python's releases.
v6.0.0
What's Changed
Breaking Changes
- Upgrade to node 24 by
@salmanmkcin actions/setup-python#1164Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes
Enhancements:
- Add support for
pip-versionby@priyagupta108in actions/setup-python#1129- Enhance reading from .python-version by
@krystof-kin actions/setup-python#787- Add version parsing from Pipfile by
@aradkdjin actions/setup-python#1067Bug fixes:
- Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by
@aparnajyothi-yin actions/setup-python#1183- Change missing cache directory error to warning by
@aparnajyothi-yin actions/setup-python#1182- Add Architecture-Specific PATH Management for Python with --user Flag on Windows by
@aparnajyothi-yin actions/setup-python#1122- Include python version in PyPy python-version output by
@cdce8pin actions/setup-python#1110- Update docs: clarification on pip authentication with setup-python by
@priya-kinthaliin actions/setup-python#1156Dependency updates:
- Upgrade idna from 2.9 to 3.7 in /tests/data by
@dependabot[bot] in actions/setup-python#843- Upgrade form-data to fix critical vulnerabilities #182 & #183 by
@aparnajyothi-yin actions/setup-python#1163- Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by
@aparnajyothi-yin actions/setup-python#1165- Upgrade actions/checkout from 4 to 5 by
@dependabot[bot] in actions/setup-python#1181- Upgrade
@actions/tool-cachefrom 2.0.1 to 2.0.2 by@dependabot[bot] in actions/setup-python#1095New Contributors
@krystof-kmade their first contribution in actions/setup-python#787@cdce8pmade their first contribution in actions/setup-python#1110@aradkdjmade their first contribution in actions/setup-python#1067Full Changelog: https://github.com/actions/setup-python/compare/v5...v6.0.0
v5.6.0
What's Changed
- Workflow updates related to Ubuntu 20.04 by
@aparnajyothi-yin actions/setup-python#1065- Fix for Candidate Not Iterable Error by
@aparnajyothi-yin actions/setup-python#1082- Upgrade semver and
@types/semverby@dependabotin actions/setup-python#1091- Upgrade prettier from 2.8.8 to 3.5.3 by
@dependabotin actions/setup-python#1046- Upgrade ts-jest from 29.1.2 to 29.3.2 by
@dependabotin actions/setup-python#1081Full Changelog: https://github.com/actions/setup-python/compare/v5...v5.6.0
v5.5.0
What's Changed
Enhancements:
- Support free threaded Python versions like '3.13t' by
@colesburyin actions/setup-python#973- Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade
@action/cachefrom 4.0.0 to 4.0.3 by@priya-kinthaliin actions/setup-python#1056- Add support for .tool-versions file in setup-python by
@mahabaleshwarsin actions/setup-python#1043Bug fixes:
- Fix architecture for pypy on Linux ARM64 by
@mayeutin actions/setup-python#1011 This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.
... (truncated)
Commits
e797f83Upgrade to node 24 (#1164)3d1e2d2Revert "Enhance cache-dependency-path handling to support files outside the w...65b0712Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...5b668cfBump actions/checkout from 4 to 5 (#1181)f62a0e2Change missing cache directory error to warning (#1182)9322b3cUpgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...fbeb884Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)03bb615Bump idna from 2.9 to 3.7 in /tests/data (#843)36da51dAdd version parsing from Pipfile (#1067)3c6f142update documentation (#1156)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from typing-extensions's releases.
4.15.0
No user-facing changes since 4.15.0rc1.
New features since 4.14.1:
- Add the
@typing_extensions.disjoint_basedecorator, as specified in PEP 800. Patch by Jelle Zijlstra.- Add
typing_extensions.type_repr, a backport ofannotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.- Fix behavior of type params in
typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.4.15.0rc1
- Add the
@typing_extensions.disjoint_basedecorator, as specified in PEP 800. Patch by Jelle Zijlstra.- Add
typing_extensions.type_repr, a backport ofannotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.- Fix behavior of type params in
typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.
Changelog
Sourced from typing-extensions's changelog.
Release 4.15.0 (August 25, 2025)
No user-facing changes since 4.15.0rc1.
Release 4.15.0rc1 (August 18, 2025)
- Add the
@typing_extensions.disjoint_basedecorator, as specified in PEP 800. Patch by Jelle Zijlstra.- Add
typing_extensions.type_repr, a backport ofannotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.- Fix behavior of type params in
typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.
Commits
9d1637ePrepare release 4.15.0 (#658)4bd67c5Coverage: exclude some noise (#656)e589a26Coverage: add detailed report to job summary (#655)67d37feCoverage: Implement fail_under (#654)e9ae26fDon't delete previous coverage comment (#653)ac80bb7Add Coverage workflow (#623)abaaafdPrepare release 4.15.0rc1 (#650)9810405Add@disjoint_base(PEP 800) (#634)7ee9e05Backport type_params fix from CPython (#646)1e8eb9cDo not refer to PEP 705 as being experimental (#648)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-node's releases.
v5.0.0
What's Changed
Breaking Changes
- Upgrade action to use node24 by
@salmanmkcin actions/setup-node#1325Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes
Dependency Upgrades
- Upgrade
@octokit/request-errorand@actions/githubby@dependabot[bot] in actions/setup-node#1227- Upgrade uuid from 9.0.1 to 11.1.0 by
@dependabot[bot] in actions/setup-node#1273- Upgrade undici from 5.28.5 to 5.29.0 by
@dependabot[bot] in actions/setup-node#1295- Upgrade form-data to bring in fix for critical vulnerability by
@gowridurgadin actions/setup-node#1332- Upgrade actions/checkout from 4 to 5 by
@dependabot[bot] in actions/setup-node#1345Enhancement:
- Enhance caching in setup-node with automatic package manager detection by
@priya-kinthaliin actions/setup-node#1348New Contributors
@priya-kinthalimade their first contribution in actions/setup-node#1348@salmanmkcmade their first contribution in actions/setup-node#1325Full Changelog: https://github.com/actions/setup-node/compare/v4...v5.0.0
v4.4.0
What's Changed
Bug fixes:
- Make eslint-compact matcher compatible with Stylelint by
@FloEdelmannin actions/setup-node#98- Add support for indented eslint output by
@fregantein actions/setup-node#1245Enhancement:
- Support private mirrors by
@marco-ippolitoin actions/setup-node#1240Dependency update:
- Upgrade
@action/cachefrom 4.0.2 to 4.0.3 by@aparnajyothi-yin actions/setup-node#1262New Contributors
@FloEdelmannmade their first contribution in actions/setup-node#98@fregantemade their first contribution in actions/setup-node#1245@marco-ippolitomade their first contribution in actions/setup-node#1240Full Changelog: https://github.com/actions/setup-node/compare/v4...v4.4.0
v4.3.0
What's Changed
Dependency updates
- Upgrade
@actions/globfrom 0.4.0 to 0.5.0 by@dependabotin actions/setup-node#1200- Upgrade
@action/cachefrom 4.0.0 to 4.0.2 by@gowridurgadin actions/setup-node#1251- Upgrade
@vercel/nccfrom 0.38.1 to 0.38.3 by@dependabotin actions/setup-node#1203- Upgrade
@actions/tool-cachefrom 2.0.1 to 2.0.2 by@dependabotin actions/setup-node#1220
... (truncated)
Commits
a0853c2Bump actions/checkout from 4 to 5 (#1345)b7234ccUpgrade action to use node24 (#1325)d7a1131Enhance caching in setup-node with automatic package manager detection (#1348)5e2628cBumps form-data (#1332)65becefBump undici from 5.28.5 to 5.29.0 (#1295)7e24a65Bump uuid from 9.0.1 to 11.1.0 (#1273)08f58d1Bump@octokit/request-errorand@actions/github(#1227)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from jakebailey/pyright-action's releases.
v2.3.3
- Fix lint (4599f31)
- Replace jest-path-serializer (1349f1a)
- Fix deps (f701448)
- fmt (ec50111)
- Update engines (41972b7)
- Update github actions (#180) (86e183a)
- Update actions/checkout action to v5 (#190) (8b711b9)
- Update deps (9631dc2)
- Update deps (fa0d678)
- Update github actions (#163) (623784a)
- Fix eslint (73a65bd)
- Update deps (dee7200)
- Update deps (ea37d1c)
- Update nvmrc (fb32d81)
- Update eslint (b0c5af5)
- Update deps (f4851c1)
- Update actions/cache action to v4.2.0 (#159) (57f6678)
- Update codecov/codecov-action action to v5 (#154) (f572338)
- Update github actions (#146) (b7d7f8e)
- Update deps (b721321)
- Update deps (4156862)
- Update github actions (#121) (ec480a0)
- Update deps (bfe39b3)
Commits
6cabc0fRelease v2.3.34599f31Fix lint1349f1aReplace jest-path-serializerf701448Fix depsec50111fmt41972b7Update engines86e183aUpdate github actions (#180)8b711b9Update actions/checkout action to v5 (#190)9631dc2Update depsfa0d678Update deps- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-python's releases.
v6.0.0
What's Changed
Breaking Changes
- Upgrade to node 24 by
@salmanmkcin actions/setup-python#1164Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes
Enhancements:
- Add support for
pip-versionby@priyagupta108in actions/setup-python#1129- Enhance reading from .python-version by
@krystof-kin actions/setup-python#787- Add version parsing from Pipfile by
@aradkdjin actions/setup-python#1067Bug fixes:
- Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by
@aparnajyothi-yin actions/setup-python#1183- Change missing cache directory error to warning by
@aparnajyothi-yin actions/setup-python#1182- Add Architecture-Specific PATH Management for Python with --user Flag on Windows by
@aparnajyothi-yin actions/setup-python#1122- Include python version in PyPy python-version output by
@cdce8pin actions/setup-python#1110- Update docs: clarification on pip authentication with setup-python by
@priya-kinthaliin actions/setup-python#1156Dependency updates:
- Upgrade idna from 2.9 to 3.7 in /tests/data by
@dependabot[bot] in actions/setup-python#843- Upgrade form-data to fix critical vulnerabilities #182 & #183 by
@aparnajyothi-yin actions/setup-python#1163- Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by
@aparnajyothi-yin actions/setup-python#1165- Upgrade actions/checkout from 4 to 5 by
@dependabot[bot] in actions/setup-python#1181- Upgrade
@actions/tool-cachefrom 2.0.1 to 2.0.2 by@dependabot[bot] in actions/setup-python#1095New Contributors
@krystof-kmade their first contribution in actions/setup-python#787@cdce8pmade their first contribution in actions/setup-python#1110@aradkdjmade their first contribution in actions/setup-python#1067Full Changelog: https://github.com/actions/setup-python/compare/v5...v6.0.0
v5.6.0
What's Changed
- Workflow updates related to Ubuntu 20.04 by
@aparnajyothi-yin actions/setup-python#1065- Fix for Candidate Not Iterable Error by
@aparnajyothi-yin actions/setup-python#1082- Upgrade semver and
@types/semverby@dependabotin actions/setup-python#1091- Upgrade prettier from 2.8.8 to 3.5.3 by
@dependabotin actions/setup-python#1046- Upgrade ts-jest from 29.1.2 to 29.3.2 by
@dependabotin actions/setup-python#1081Full Changelog: https://github.com/actions/setup-python/compare/v5...v5.6.0
v5.5.0
What's Changed
Enhancements:
- Support free threaded Python versions like '3.13t' by
@colesburyin actions/setup-python#973- Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade
@action/cachefrom 4.0.0 to 4.0.3 by@priya-kinthaliin actions/setup-python#1056- Add support for .tool-versions file in setup-python by
@mahabaleshwarsin actions/setup-python#1043Bug fixes:
- Fix architecture for pypy on Linux ARM64 by
@mayeutin actions/setup-python#1011 This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.
... (truncated)
Commits
e797f83Upgrade to node 24 (#1164)3d1e2d2Revert "Enhance cache-dependency-path handling to support files outside the w...65b0712Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...5b668cfBump actions/checkout from 4 to 5 (#1181)f62a0e2Change missing cache directory error to warning (#1182)9322b3cUpgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...fbeb884Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)03bb615Bump idna from 2.9 to 3.7 in /tests/data (#843)36da51dAdd version parsing from Pipfile (#1067)3c6f142update documentation (#1156)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-python's releases.
v6.0.0
What's Changed
Breaking Changes
- Upgrade to node 24 by
@salmanmkcin actions/setup-python#1164Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes
Enhancements:
- Add support for
pip-versionby@priyagupta108in actions/setup-python#1129- Enhance reading from .python-version by
@krystof-kin actions/setup-python#787- Add version parsing from Pipfile by
@aradkdjin actions/setup-python#1067Bug fixes:
- Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by
@aparnajyothi-yin actions/setup-python#1183- Change missing cache directory error to warning by
@aparnajyothi-yin actions/setup-python#1182- Add Architecture-Specific PATH Management for Python with --user Flag on Windows by
@aparnajyothi-yin actions/setup-python#1122- Include python version in PyPy python-version output by
@cdce8pin actions/setup-python#1110- Update docs: clarification on pip authentication with setup-python by
@priya-kinthaliin actions/setup-python#1156Dependency updates:
- Upgrade idna from 2.9 to 3.7 in /tests/data by
@dependabot[bot] in actions/setup-python#843- Upgrade form-data to fix critical vulnerabilities #182 & #183 by
@aparnajyothi-yin actions/setup-python#1163- Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by
@aparnajyothi-yin actions/setup-python#1165- Upgrade actions/checkout from 4 to 5 by
@dependabot[bot] in actions/setup-python#1181- Upgrade
@actions/tool-cachefrom 2.0.1 to 2.0.2 by@dependabot[bot] in actions/setup-python#1095New Contributors
@krystof-kmade their first contribution in actions/setup-python#787@cdce8pmade their first contribution in actions/setup-python#1110@aradkdjmade their first contribution in actions/setup-python#1067Full Changelog: https://github.com/actions/setup-python/compare/v5...v6.0.0
v5.6.0
What's Changed
- Workflow updates related to Ubuntu 20.04 by
@aparnajyothi-yin actions/setup-python#1065- Fix for Candidate Not Iterable Error by
@aparnajyothi-yin actions/setup-python#1082- Upgrade semver and
@types/semverby@dependabotin actions/setup-python#1091- Upgrade prettier from 2.8.8 to 3.5.3 by
@dependabotin actions/setup-python#1046- Upgrade ts-jest from 29.1.2 to 29.3.2 by
@dependabotin actions/setup-python#1081Full Changelog: https://github.com/actions/setup-python/compare/v5...v5.6.0
v5.5.0
What's Changed
Enhancements:
- Support free threaded Python versions like '3.13t' by
@colesburyin actions/setup-python#973- Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade
@action/cachefrom 4.0.0 to 4.0.3 by@priya-kinthaliin actions/setup-python#1056- Add support for .tool-versions file in setup-python by
@mahabaleshwarsin actions/setup-python#1043Bug fixes:
- Fix architecture for pypy on Linux ARM64 by
@mayeutin actions/setup-python#1011 This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.
... (truncated)
Commits
e797f83Upgrade to node 24 (#1164)3d1e2d2Revert "Enhance cache-dependency-path handling to support files outside the w...65b0712Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...5b668cfBump actions/checkout from 4 to 5 (#1181)f62a0e2Change missing cache directory error to warning (#1182)9322b3cUpgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...fbeb884Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)03bb615Bump idna from 2.9 to 3.7 in /tests/data (#843)36da51dAdd version parsing from Pipfile (#1067)3c6f142update documentation (#1156)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Changelog
Sourced from sha.js's changelog.
v2.4.12 - 2025-07-01
Commits
- [eslint] switch to eslint
7acadfb- [meta] add
auto-changelogb46e711- [eslint] fix package.json indentation
df9d521- [Tests] migrate from travis to GHA
c43c64a- [Fix] support multi-byte wide typed arrays
f2a258e- [meta] reorder package.json
d8d77c0- [meta] add
npmignore35aec35- [Tests] avoid console logs
73e33ae- [Tests] fix tests run in batch
2629130- [Tests] drop node requirement to 0.10
00c7f23- [Dev Deps] update
buffer,hash-test-vectors,standard,tape,typedarray92b5de5- [Tests] drop node requirement to v3
9b5eca8- [meta] set engines to
>= 4807084c- Only apps should have lockfiles
c72789c- [Deps] update
inherits,safe-buffer5428cfc- [Dev Deps] update
@ljharb/eslint-config2dbe0aa- update README to reflect LICENSE
8938256- [Dev Deps] add missing peer dep
d528896- [Dev Deps] remove unused
bufferdep94ca724
Commits
eb4ea2fv2.4.12d8d77c0[meta] reorder package.jsondf9d521[eslint] fix package.json indentation35aec35[meta] addnpmignored528896[Dev Deps] add missing peer depb46e711[meta] addauto-changelog94ca724[Dev Deps] remove unusedbufferdep2dbe0aa[Dev Deps] update@ljharb/eslint-config73e33ae[Tests] avoid console logsf2a258e[Fix] support multi-byte wide typed arrays- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by ljharb, a new releaser for sha.js since your current version.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-node's releases.
v6.0.0
What's Changed
Breaking Changes
- Limit automatic caching to npm, update workflows and documentation by
@priyagupta108in actions/setup-node#1374Dependency Upgrades
- Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by
@dependabot[bot] in #1336- Upgrade prettier from 2.8.8 to 3.6.2 by
@dependabot[bot] in #1334- Upgrade actions/publish-action from 0.3.0 to 0.4.0 by
@dependabot[bot] in #1362Full Changelog: https://github.com/actions/setup-node/compare/v5...v6.0.0
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-node's releases.
v6.0.0
What's Changed
Breaking Changes
- Limit automatic caching to npm, update workflows and documentation by
@priyagupta108in actions/setup-node#1374Dependency Upgrades
- Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by
@dependabot[bot] in #1336- Upgrade prettier from 2.8.8 to 3.6.2 by
@dependabot[bot] in #1334- Upgrade actions/publish-action from 0.3.0 to 0.4.0 by
@dependabot[bot] in #1362Full Changelog: https://github.com/actions/setup-node/compare/v5...v6.0.0
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/upload-artifact's releases.
v5.0.0
What's Changed
BREAKING CHANGE: this update supports Node
v24.x. This is not a breaking change per-se but we're treating it as such.
- Update README.md by
@GhadimiRin actions/upload-artifact#681- Update README.md by
@nebuk89in actions/upload-artifact#712- Readme: spell out the first use of GHES by
@danwkennedyin actions/upload-artifact#727- Update GHES guidance to include reference to Node 20 version by
@patrikpolyakin actions/upload-artifact#725- Bump
@actions/artifacttov4.0.0- Prepare
v5.0.0by@danwkennedyin actions/upload-artifact#734New Contributors
@GhadimiRmade their first contribution in actions/upload-artifact#681@nebuk89made their first contribution in actions/upload-artifact#712@danwkennedymade their first contribution in actions/upload-artifact#727@patrikpolyakmade their first contribution in actions/upload-artifact#725Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v5.0.0
v4.6.2
What's Changed
- Update to use artifact 2.3.2 package & prepare for new upload-artifact release by
@salmanmkcin actions/upload-artifact#685New Contributors
@salmanmkcmade their first contribution in actions/upload-artifact#685Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.6.2
v4.6.1
What's Changed
- Update to use artifact 2.2.2 package by
@yacaovsncin actions/upload-artifact#673Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.6.1
v4.6.0
What's Changed
- Expose env vars to control concurrency and timeout by
@yacaovsncin actions/upload-artifact#662Full Changelog: https://github.com/actions/upload-artifact/compare/v4...v4.6.0
v4.5.0
What's Changed
- fix: deprecated
Node.jsversion in action by@hamirmahalin actions/upload-artifact#578- Add new
artifact-digestoutput by@bdehamerin actions/upload-artifact#656New Contributors
@hamirmahalmade their first contribution in actions/upload-artifact#578
... (truncated)
Commits
330a01cMerge pull request #734 from actions/danwkennedy/prepare-5.0.003f2824Updategithub.dep.yml905a1ecPreparev5.0.02d9f9cdMerge pull request #725 from patrikpolyak/patch-19687587Merge branch 'main' into patch-12848b2cMerge pull request #727 from danwkennedy/patch-19b51177Spell out the first use of GHEScd231caUpdate GHES guidance to include reference to Node 20 versionde65e23Merge pull request #712 from actions/nebuk89-patch-18747d8cUpdate README.md- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Commits
f421a232.1.4c412fa1refactor to same pattern as v3- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from peter-evans/find-comment's releases.
Find Comment v4.0.0
⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.
What's Changed
- build(deps-dev): bump
@types/nodefrom 18.19.28 to 18.19.30 by@dependabot[bot] in peter-evans/find-comment#301- build(deps-dev): bump
@types/nodefrom 18.19.30 to 18.19.31 by@dependabot[bot] in peter-evans/find-comment#302- build(deps-dev): bump
@types/nodefrom 18.19.31 to 18.19.33 by@dependabot[bot] in peter-evans/find-comment#303- build(deps-dev): bump prettier from 3.2.5 to 3.3.0 by
@dependabot[bot] in peter-evans/find-comment#304- build(deps-dev): bump prettier from 3.3.0 to 3.3.1 by
@dependabot[bot] in peter-evans/find-comment#305- build(deps-dev): bump
@types/nodefrom 18.19.33 to 18.19.34 by@dependabot[bot] in peter-evans/find-comment#306- build(deps-dev): bump prettier from 3.3.1 to 3.3.2 by
@dependabot[bot] in peter-evans/find-comment#307- build(deps-dev): bump braces from 3.0.2 to 3.0.3 by
@dependabot[bot] in peter-evans/find-comment#308- build(deps-dev): bump ws from 7.5.9 to 7.5.10 by
@dependabot[bot] in peter-evans/find-comment#309- build(deps-dev): bump
@types/nodefrom 18.19.34 to 18.19.39 by@dependabot[bot] in peter-evans/find-comment#310- build(deps-dev): bump prettier from 3.3.2 to 3.3.3 by
@dependabot[bot] in peter-evans/find-comment#311- build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by
@dependabot[bot] in peter-evans/find-comment#312- build(deps-dev): bump
@types/nodefrom 18.19.39 to 18.19.41 by@dependabot[bot] in peter-evans/find-comment#313- build(deps-dev): bump
@types/nodefrom 18.19.41 to 18.19.42 by@dependabot[bot] in peter-evans/find-comment#314- build(deps-dev): bump
@types/nodefrom 18.19.42 to 18.19.43 by@dependabot[bot] in peter-evans/find-comment#315- build(deps-dev): bump
@types/nodefrom 18.19.43 to 18.19.44 by@dependabot[bot] in peter-evans/find-comment#316- build(deps-dev): bump
@types/nodefrom 18.19.44 to 18.19.45 by@dependabot[bot] in peter-evans/find-comment#317- build(deps-dev): bump
@types/nodefrom 18.19.45 to 18.19.47 by@dependabot[bot] in peter-evans/find-comment#318- build(deps): bump peter-evans/create-pull-request from 6 to 7 by
@dependabot[bot] in peter-evans/find-comment#319- build(deps-dev): bump
@types/nodefrom 18.19.47 to 18.19.50 by@dependabot[bot] in peter-evans/find-comment#320- build(deps-dev): bump eslint from 8.57.0 to 8.57.1 by
@dependabot[bot] in peter-evans/find-comment#321- build(deps-dev): bump
@vercel/nccfrom 0.38.1 to 0.38.2 by@dependabot[bot] in peter-evans/find-comment#322- build(deps-dev): bump
@types/nodefrom 18.19.50 to 18.19.54 by@dependabot[bot] in peter-evans/find-comment#323- Update distribution by
@actions-botin peter-evans/find-comment#324- build(deps): bump
@actions/corefrom 1.10.1 to 1.11.1 by@dependabot[bot] in peter-evans/find-comment#325- Update distribution by
@actions-botin peter-evans/find-comment#326- build(deps-dev): bump
@types/nodefrom 18.19.54 to 18.19.55 by@dependabot[bot] in peter-evans/find-comment#327- build(deps-dev): bump
@types/nodefrom 18.19.55 to 18.19.57 by@dependabot[bot] in peter-evans/find-comment#328- build(deps-dev): bump
@types/nodefrom 18.19.57 to 18.19.59 by@dependabot[bot] in peter-evans/find-comment#329- build(deps-dev): bump
@types/nodefrom 18.19.59 to 18.19.63 by@dependabot[bot] in peter-evans/find-comment#330- build(deps-dev): bump
@types/nodefrom 18.19.63 to 18.19.64 by@dependabot[bot] in peter-evans/find-comment#331- build(deps-dev): bump
@vercel/nccfrom 0.38.2 to 0.38.3 by@dependabot[bot] in peter-evans/find-comment#332- build(deps-dev): bump
@types/nodefrom 18.19.64 to 18.19.65 by@dependabot[bot] in peter-evans/find-comment#333- build(deps-dev): bump
@types/nodefrom 18.19.65 to 18.19.67 by@dependabot[bot] in peter-evans/find-comment#334- build(deps-dev): bump prettier from 3.3.3 to 3.4.1 by
@dependabot[bot] in peter-evans/find-comment#335- build(deps-dev): bump prettier from 3.4.1 to 3.4.2 by
@dependabot[bot] in peter-evans/find-comment#336- build(deps-dev): bump
@types/nodefrom 18.19.67 to 18.19.68 by@dependabot[bot] in peter-evans/find-comment#337- build(deps-dev): bump
@types/nodefrom 18.19.68 to 18.19.69 by@dependabot[bot] in peter-evans/find-comment#338- build(deps-dev): bump
@types/nodefrom 18.19.69 to 18.19.70 by@dependabot[bot] in peter-evans/find-comment#339- build(deps-dev): bump eslint-plugin-prettier from 5.2.1 to 5.2.3 by
@dependabot[bot] in peter-evans/find-comment#340- build(deps-dev): bump
@types/nodefrom 18.19.70 to 18.19.71 by@dependabot[bot] in peter-evans/find-comment#341- build(deps-dev): bump
@types/nodefrom 18.19.71 to 18.19.74 by@dependabot[bot] in peter-evans/find-comment#342- build(deps-dev): bump
@types/nodefrom 18.19.74 to 18.19.75 by@dependabot[bot] in peter-evans/find-comment#343- build(deps-dev): bump prettier from 3.4.2 to 3.5.1 by
@dependabot[bot] in peter-evans/find-comment#344- build(deps-dev): bump
@types/nodefrom 18.19.75 to 18.19.76 by@dependabot[bot] in peter-evans/find-comment#345- build(deps): bump
@octokit/request-errorand@actions/githubby@dependabot[bot] in peter-evans/find-comment#346
... (truncated)
Commits
b30e6a3feat: v4 (#389)b4929e7build(deps-dev): bump@types/nodefrom 18.19.124 to 18.19.127 (#388)1f47d94build(deps-dev): bump@vercel/nccfrom 0.38.3 to 0.38.4 (#387)a723a15build(deps): bump actions/setup-node from 4 to 5 (#386)8bacb1bbuild(deps-dev): bump@types/nodefrom 18.19.123 to 18.19.124 (#385)048de65build(deps): bump actions/checkout from 4 to 5 (#384)c02750fbuild(deps-dev): bump@types/nodefrom 18.19.122 to 18.19.123 (#383)092c582build(deps): bump actions/download-artifact from 4 to 5 (#382)c115bb0build(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4 (#381)8d3be5dbuild(deps-dev): bump@types/nodefrom 18.19.121 to 18.19.122 (#380)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Changelog
Sourced from tomli's changelog.
2.3.0
- Added
- Binary wheels for Python 3.14 (also free-threaded)
- Performance
- Reduced import time
Commits
3fccd16Bump version: 2.2.1 → 2.3.06504016Add 2.3.0 changelog0bc66fcRemove now off-by-default PyPy from cibuildwheel skip list0aa242fUpdate license metadata to appease PEP 639a18221eBump GitHub CI actions6fa4d90[pre-commit.ci] pre-commit autoupdate (#260)b974fa1[pre-commit.ci] pre-commit autoupdate (#248)f574f36Update mypy to 1.15 and use--strictmode (#257)1da01efReduce import time by removingtypingimport (#251)4188188Reduce import time by removingstringandtomli._typesimports- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-node's releases.
v6.0.0
What's Changed
Breaking Changes
- Limit automatic caching to npm, update workflows and documentation by
@priyagupta108in actions/setup-node#1374Dependency Upgrades
- Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by
@dependabot[bot] in #1336- Upgrade prettier from 2.8.8 to 3.6.2 by
@dependabot[bot] in #1334- Upgrade actions/publish-action from 0.3.0 to 0.4.0 by
@dependabot[bot] in #1362Full Changelog: https://github.com/actions/setup-node/compare/v5...v6.0.0
v5.0.0
What's Changed
Breaking Changes
- Enhance caching in setup-node with automatic package manager detection by
@priya-kinthaliin actions/setup-node#1348This update, introduces automatic caching when a valid
packageManagerfield is present in yourpackage.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, setpackage-manager-cache: falsesteps: - uses: actions/checkout@v5 - uses: actions/setup-node@v5 with: package-manager-cache: false
- Upgrade action to use node24 by
@salmanmkcin actions/setup-node#1325Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes
Dependency Upgrades
- Upgrade
@octokit/request-errorand@actions/githubby@dependabot[bot] in actions/setup-node#1227- Upgrade uuid from 9.0.1 to 11.1.0 by
@dependabot[bot] in actions/setup-node#1273- Upgrade undici from 5.28.5 to 5.29.0 by
@dependabot[bot] in actions/setup-node#1295- Upgrade form-data to bring in fix for critical vulnerability by
@gowridurgadin actions/setup-node#1332- Upgrade actions/checkout from 4 to 5 by
@dependabot[bot] in actions/setup-node#1345New Contributors
@priya-kinthalimade their first contribution in actions/setup-node#1348@salmanmkcmade their first contribution in actions/setup-node#1325Full Changelog: https://github.com/actions/setup-node/compare/v4...v5.0.0
v4.4.0
... (truncated)
Commits
2028fbcLimit automatic caching to npm, update workflows and documentation (#1374)1342781Bump actions/publish-action from 0.3.0 to 0.4.0 (#1362)89d709dBump prettier from 2.8.8 to 3.6.2 (#1334)cd2651cBump ts-jest from 29.1.2 to 29.4.1 (#1336)a0853c2Bump actions/checkout from 4 to 5 (#1345)b7234ccUpgrade action to use node24 (#1325)d7a1131Enhance caching in setup-node with automatic package manager detection (#1348)5e2628cBumps form-data (#1332)65becefBump undici from 5.28.5 to 5.29.0 (#1295)7e24a65Bump uuid from 9.0.1 to 11.1.0 (#1273)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Original prompt
fantastic analysis. Please implement this and keep in mind all this context you have; both how this should be done, what should be changed, and how tests are impacted1. Conversation Overview: - Primary Objectives: The user aimed to discuss issue #25592, focusing on making TestClass items runnable by providing them with a location. The user also sought to understand the risks and necessary test updates related to this change. - Session Context: The conversation flowed from discussing the issue, analyzing risks, and finally requesting implementation of the proposed changes. - User Intent Evolution: The user transitioned from seeking information and analysis to requesting concrete implementation of the discussed changes. 2. Technical Foundation: - Repository: vscode-python - Current Branch: supposed-spoonbill - Default Branch: main - Active Pull Request: support extra patching for doctest (https://github.com/microsoft/vscode-python/pull/25591) 3. Codebase Status: - No specific files were modified or discussed in detail, but the focus was on the functionality of TestClass items. 4. Problem Resolution: - Issues Encountered: The need for TestClass items to have a location for proper functionality. - Solutions Implemented: Analysis of the issue and identification of necessary changes were completed, but implementation is pending. - Debugging Context: No ongoing troubleshooting efforts were mentioned. - Lessons Learned: Understanding the implications of changes on existing functionality and tests is crucial. 5. Progress Tracking: - Completed Tasks: Analysis of the issue and identification of necessary changes. - Partially Complete Work: Implementation of the discussed changes is pending. - Validated Outcomes: None yet, as implementation has not been executed. 6. Active Work State: - Current Focus: The user was focused on implementing changes related to issue #25592. - Recent Context: The last few exchanges involved discussing the issue, analyzing risks, and planning for implementation. - Working Code: No specific code snippets were discussed recently. - Immediate Context: The specific problem being addressed was the need for TestClass items to have a locat...
Changelog
Sourced from js-yaml's changelog.
[3.14.2] - 2025-11-15
Security
- Backported v4.1.1 fix to v3
[4.1.1] - 2025-11-12
Security
- Fix prototype pollution issue in yaml merge (<<) operator.
[4.1.0] - 2021-04-15
Added
- Types are now exported as
yaml.types.XXX.- Every type now has
optionsproperty with original arguments kept as they were (seeyaml.types.int.optionsas an example).Changed
Schema.extend()now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered asabcdinstead ofcbad).[4.0.0] - 2021-01-03
Changed
- Check migration guide to see details for all breaking changes.
- Breaking: "unsafe" tags
!!js/function,!!js/regexp,!!js/undefinedare moved to js-yaml-js-types package.- Breaking: removed
safe*functions. Useload,loadAll,dumpinstead which are all now safe by default.yaml.DEFAULT_SAFE_SCHEMAandyaml.DEFAULT_FULL_SCHEMAare removed, useyaml.DEFAULT_SCHEMAinstead.yaml.Schema.create(schema, tags)is removed, useschema.extend(tags)instead.!!binarynow always mapped toUint8Arrayon load.- Reduced nesting of
/libfolder.- Parse numbers according to YAML 1.2 instead of YAML 1.1 (
01234is now decimal,0o1234is octal,1:23is parsed as string instead of base60).dump()no longer quotes:,[,],(,)except when necessary, #470, #557.- Line and column in exceptions are now formatted as
(X:Y)instead ofat line X, column Y(also present in compact format), #332.- Code snippet created in exceptions now contains multiple lines with line numbers.
dump()now serializesundefinedasnullin collections and removes keys withundefinedin mappings, #571.dump()withskipInvalid=truenow serializes invalid items in collections as null.- Custom tags starting with
!are now dumped as!taginstead of!<!tag>, #576.- Custom tags starting with
tag:yaml.org,2002:are now shorthanded using!!, #258.Added
... (truncated)
Commits
9963d363.14.2 released10d3c8edist rebuild5278870fix prototype pollution in merge (<<) (#731)37caaad3.14.1 released094c0f7dist rebuild9586ebeAvoid calling hasOwnProperty of user-controlled objects34e50723.14.0 released7b25c83Browser files rebuild6f73473Dev deps bump0c29349Travis-CI: drop old nodejs versions- Additional commits viewable in compare view
Updates `js-yaml` from 4.1.0 to 4.1.1
Changelog
Sourced from js-yaml's changelog.
[3.14.2] - 2025-11-15
Security
- Backported v4.1.1 fix to v3
[4.1.1] - 2025-11-12
Security
- Fix prototype pollution issue in yaml merge (<<) operator.
[4.1.0] - 2021-04-15
Added
- Types are now exported as
yaml.types.XXX.- Every type now has
optionsproperty with original arguments kept as they were (seeyaml.types.int.optionsas an example).Changed
Schema.extend()now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered asabcdinstead ofcbad).[4.0.0] - 2021-01-03
Changed
- Check migration guide to see details for all breaking changes.
- Breaking: "unsafe" tags
!!js/function,!!js/regexp,!!js/undefinedare moved to js-yaml-js-types package.- Breaking: removed
safe*functions. Useload,loadAll,dumpinstead which are all now safe by default.yaml.DEFAULT_SAFE_SCHEMAandyaml.DEFAULT_FULL_SCHEMAare removed, useyaml.DEFAULT_SCHEMAinstead.yaml.Schema.create(schema, tags)is removed, useschema.extend(tags)instead.!!binarynow always mapped toUint8Arrayon load.- Reduced nesting of
/libfolder.- Parse numbers according to YAML 1.2 instead of YAML 1.1 (
01234is now decimal,0o1234is octal,1:23is parsed as string instead of base60).dump()no longer quotes:,[,],(,)except when necessary, #470, #557.- Line and column in exceptions are now formatted as
(X:Y)instead ofat line X, column Y(also present in compact format), #332.- Code snippet created in exceptions now contains multiple lines with line numbers.
dump()now serializesundefinedasnullin collections and removes keys withundefinedin mappings, #571.dump()withskipInvalid=truenow serializes invalid items in collections as null.- Custom tags starting with
!are now dumped as!taginstead of!<!tag>, #576.- Custom tags starting with
tag:yaml.org,2002:are now shorthanded using!!, #258.Added
... (truncated)
Commits
9963d363.14.2 released10d3c8edist rebuild5278870fix prototype pollution in merge (<<) (#731)37caaad3.14.1 released094c0f7dist rebuild9586ebeAvoid calling hasOwnProperty of user-controlled objects34e50723.14.0 released7b25c83Browser files rebuild6f73473Dev deps bump0c29349Travis-CI: drop old nodejs versions- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/checkout's releases.
v6.0.0
What's Changed
- Update README to include Node.js 24 support details and requirements by
@salmanmkcin actions/checkout#2248- Persist creds to a separate file by
@ericsciplein actions/checkout#2286- v6-beta by
@ericsciplein actions/checkout#2298- update readme/changelog for v6 by
@ericsciplein actions/checkout#2311Full Changelog: https://github.com/actions/checkout/compare/v5.0.0...v6.0.0
v6-beta
What's Changed
Updated persist-credentials to store the credentials under
$RUNNER_TEMPinstead of directly in the local git config.This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.
v5.0.1
What's Changed
- Port v6 cleanup to v5 by
@ericsciplein actions/checkout#2301Full Changelog: https://github.com/actions/checkout/compare/v5...v5.0.1
Changelog
Sourced from actions/checkout's changelog.
Changelog
V6.0.0
- Persist creds to a separate file by
@ericsciplein actions/checkout#2286- Update README to include Node.js 24 support details and requirements by
@salmanmkcin actions/checkout#2248V5.0.1
- Port v6 cleanup to v5 by
@ericsciplein actions/checkout#2301V5.0.0
- Update actions checkout to use node 24 by
@salmanmkcin actions/checkout#2226V4.3.1
- Port v6 cleanup to v4 by
@ericsciplein actions/checkout#2305V4.3.0
- docs: update README.md by
@motssin actions/checkout#1971- Add internal repos for checking out multiple repositories by
@mouismailin actions/checkout#1977- Documentation update - add recommended permissions to Readme by
@benwellsin actions/checkout#2043- Adjust positioning of user email note and permissions heading by
@joshmgrossin actions/checkout#2044- Update README.md by
@nebuk89in actions/checkout#2194- Update CODEOWNERS for actions by
@TingluoHuangin actions/checkout#2224- Update package dependencies by
@salmanmkcin actions/checkout#2236v4.2.2
url-helper.tsnow leverages well-known environment variables by@jww3in actions/checkout#1941- Expand unit test coverage for
isGhesby@jww3in actions/checkout#1946v4.2.1
- Check out other refs/* by commit if provided, fall back to ref by
@orhantoyin actions/checkout#1924v4.2.0
- Add Ref and Commit outputs by
@lucacomein actions/checkout#1180- Dependency updates by
@dependabot- actions/checkout#1777, actions/checkout#1872v4.1.7
- Bump the minor-npm-dependencies group across 1 directory with 4 updates by
@dependabotin actions/checkout#1739- Bump actions/checkout from 3 to 4 by
@dependabotin actions/checkout#1697- Check out other refs/* by commit by
@orhantoyin actions/checkout#1774- Pin actions/checkout's own workflows to a known, good, stable version. by
@jww3in actions/checkout#1776v4.1.6
- Check platform to set archive extension appropriately by
@cory-millerin actions/checkout#1732v4.1.5
- Update NPM dependencies by
@cory-millerin actions/checkout#1703- Bump github/codeql-action from 2 to 3 by
@dependabotin actions/checkout#1694- Bump actions/setup-node from 1 to 4 by
@dependabotin actions/checkout#1696- Bump actions/upload-artifact from 2 to 4 by
@dependabotin actions/checkout#1695
... (truncated)
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from jws's releases.
v3.2.3
Changed
- Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
- Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.
Changelog
Sourced from jws's changelog.
[3.2.3]
Changed
- Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
- Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.
[3.0.0]
Changed
- BREAKING:
jwt.verifynow requires analgorithmparameter, andjws.createVerifyrequires analgorithmoption. The"alg"field signature headers is ignored. This mitigates a critical security flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted byjwt.verify. See https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ for details.2.0.0 - 2015-01-30
Changed
BREAKING: Default payload encoding changed from
binarytoutf8.utf8is a is a more sensible default thanbinarybecause many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (6b6de48)Code reorganization, thanks
@fearphage! (7880050)Added
- Option in all relevant methods for
encoding. For those few users that might be depending on abinaryencoding of the messages, this is for them. (6b6de48)
Commits
Maintainer changes
This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.
Updates `jws` from 4.0.0 to 4.0.1
Release notes
Sourced from jws's releases.
v3.2.3
Changed
- Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
- Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.
Changelog
Sourced from jws's changelog.
[3.2.3]
Changed
- Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
- Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.
[3.0.0]
Changed
- BREAKING:
jwt.verifynow requires analgorithmparameter, andjws.createVerifyrequires analgorithmoption. The"alg"field signature headers is ignored. This mitigates a critical security flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted byjwt.verify. See https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ for details.2.0.0 - 2015-01-30
Changed
BREAKING: Default payload encoding changed from
binarytoutf8.utf8is a is a more sensible default thanbinarybecause many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (6b6de48)Code reorganization, thanks
@fearphage! (7880050)Added
- Option in all relevant methods for
encoding. For those few users that might be depending on abinaryencoding of the messages, this is for them. (6b6de48)
Commits
Maintainer changes
This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show