Bump the github-actions group with 6 updates

[dependabot]

Bumps the github-actions group with 6 updates:

Package	From	To
actions/checkout	2	4
actions/setup-node	3	4
JS-DevTools/npm-publish	1	3
actions/upload-artifact	2	4
actions/download-artifact	2	4
peter-evans/create-pull-request	4.0.4	6.0.2

Updates actions/checkout from 2 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

• Update default runtime to node20 by @​takost in actions/checkout#1436
• Support fetching without the --progress option by @​simonbaird in actions/checkout#1067
• Release 4.0.0 by @​takost in actions/checkout#1447

New Contributors

• @​takost made their first contribution in actions/checkout#1436
• @​simonbaird made their first contribution in actions/checkout#1067

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

• Mark test scripts with Bash'isms to be run via Bash by @​dscho in actions/checkout#1377
• Add option to fetch tags even if fetch-depth > 0 by @​RobertWieczoreck in actions/checkout#579
• Release 3.6.0 by @​luketomlinson in actions/checkout#1437

New Contributors

• @​RobertWieczoreck made their first contribution in actions/checkout#579
• @​luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

• Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @​megamanics in actions/checkout#1196
• Fix typos found by codespell by @​DimitriPapadopoulos in actions/checkout#1287
• Add support for sparse checkouts by @​dscho and @​dfdez in actions/checkout#1369
• Release v3.5.3 by @​TingluoHuang in actions/checkout#1376

New Contributors

• @​megamanics made their first contribution in actions/checkout#1196
• @​DimitriPapadopoulos made their first contribution in actions/checkout#1287
• @​dfdez made their first contribution in actions/checkout#1369

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

• Fix: Use correct API url / endpoint in GHES by @​fhammerl in actions/checkout#1289 based on #1286 by @​1newsr

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

• Improve checkout performance on Windows runners by upgrading @​actions/github dependency by @​BrettDong in actions/checkout#1246

New Contributors

• @​BrettDong made their first contribution in actions/checkout#1246

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.2

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
• Link to release page from what's new section by @​cory-miller in actions/checkout#1514

v4.1.0

• Add support for partial checkout filters

v4.0.0

• Support fetching without the --progress option
• Update to node20

v3.6.0

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

• Fix api endpoint for GHES

v3.5.1

• Fix slow checkout on Windows

v3.5.0

• Add new public key for known_hosts

v3.4.0

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

v3.3.0

• Implement branch list using callbacks from exec function
• Add in explicit reference to private checkout options
• [Fix comment typos (that got added in #770)](actions/checkout#1057)

v3.2.0

• Add GitHub Action to perform release
• Fix status badge
• Replace datadog/squid with ubuntu/squid Docker image
• Wrap pipeline commands for submoduleForeach in quotes
• Update @​actions/io to 1.1.2

... (truncated)

Commits

• b4ffde6 Link to release page from what's new section (#1514)
• 8530928 Correct link to GitHub Docs (#1511)
• 7cdaf2f Update CODEOWNERS to Launch team (#1510)
• 8ade135 Prepare 4.1.0 release (#1496)
• c533a0a Add support for partial checkout filters (#1396)
• 72f2cec Update README.md for V4 (#1452)
• 3df4ab1 Release 4.0.0 (#1447)
• 8b5e8b7 Support fetching without the --progress option (#1067)
• 97a652b Update default runtime to node20 (#1436)
• f43a0e5 Release 3.6.0 (#1437)
• Additional commits viewable in compare view

Updates actions/setup-node from 3 to 4

Release notes

Sourced from actions/setup-node's releases.

v4.0.0

What's Changed

In scope of this release we changed version of node runtime for action from node16 to node20 and updated dependencies in actions/setup-node#866

Besides, release contains such changes as:

• Upgrade actions/checkout to v4 by @​gmembre-zenika in actions/setup-node#868
• Update actions/checkout for documentation and yaml by @​dmitry-shibanov in actions/setup-node#876

New Contributors

• @​gmembre-zenika made their first contribution in actions/setup-node#868

Full Changelog: actions/setup-node@v3...v4.0.0

v3.8.2

What's Changed

• Update semver by @​dmitry-shibanov in actions/setup-node#861
• Update temp directory creation by @​nikolai-laevskii in actions/setup-node#859
• Bump @​babel/traverse from 7.15.4 to 7.23.2 by @​dependabot in actions/setup-node#870
• Add notice about binaries not being updated yet by @​nikolai-laevskii in actions/setup-node#872
• Update toolkit cache and core by @​dmitry-shibanov and @​seongwon-privatenote in actions/setup-node#875

Full Changelog: actions/setup-node@v3...v3.8.2

v3.8.1

What's Changed

In scope of this release, the filter was removed within the cache-save step by @​dmitry-shibanov in actions/setup-node#831. It is filtered and checked in the toolkit/cache library.

Full Changelog: actions/setup-node@v3...v3.8.1

v3.8.0

What's Changed

Bug fixes:

• Add check for existing paths by @​dmitry-shibanov in actions/setup-node#803
• Resolve SymbolicLink by @​dmitry-shibanov in actions/setup-node#809
• Change passing logic for cache input by @​dmitry-shibanov in actions/setup-node#816
• Fix armv7 cache issue by @​louislam in actions/setup-node#794
• Update check-dist workflow name by @​sinchang in actions/setup-node#710

Feature implementations:

• feat: handling the case where "node" is used for tool-versions file. by @​xytis in actions/setup-node#812

Documentation changes:

• Refer to semver package name in README.md by @​olleolleolle in actions/setup-node#808

Update dependencies:

• Update toolkit cache to fix zstd by @​dmitry-shibanov in actions/setup-node#804
• Bump tough-cookie and @​azure/ms-rest-js by @​dependabot in actions/setup-node#802
• Bump semver from 6.1.2 to 6.3.1 by @​dependabot in actions/setup-node#807

... (truncated)

Commits

• 60edb5d Add support for arm64 Windows (#927)
• d86ebcd Add support for volta.extends (#921)
• b39b52d Fix node-version-file interprets entire package.json as a version (#865)
• 7247617 Add package.json to node-version-file list of examples. (#879)
• f3ec4ca Fix README.md (#898)
• ec97f37 Add fix for cache (#917)
• 5ef044f Update reusable workflows to use Node.js v20 (#889)
• c45882a update to setup-node@v4 in docs (#884)
• ee36e8b Ignore engines check in Yarn 1 e2e-cache tests (#882)
• 8f152de Update actions/checkout for documentation and yaml (#876)
• Additional commits viewable in compare view

Updates JS-DevTools/npm-publish from 1 to 3

Release notes

Sourced from JS-DevTools/npm-publish's releases.

v3.0.0

The v3 release updates the action's runtime to Node.js v20, but otherwise, there are no public API changes.

BREAKING CHANGES

• The action will now run on Node.js v20 instead of v16

Bug fixes

• action: update runtime to Node.js v20 (#150)

v2.2.2

Bug Fixes

• use validated package.json version for comparisons (#147), closes #139

v2.2.1

Bug Fixes

• action: update semver dep, esbuild and vitest dev deps (#114)
• npm: do not assume error code is a string (#120), closes #119

v2.2.0

Features

• Allow --ignore-scripts to be disabled in order to support publish lifecycle hooks (#102)

v2.1.0

Features

• Add explicit support for --provenance (#92), closes #88

Bug Fixes

• Handle missing latest tag during version check (#90), closes #89

v2.0.0

Welcome to v2 of JS-DevTools/npm-publish! We've been doing some spring cleaning to fix all our (known) bugs and knock out some longstanding feature requests. This release has some breaking changes, so please read carefully!

BREAKING CHANGES

• The type output is now an empty string instead of none when no release occurs

  - - if: ${{ steps.publish.outputs.type != 'none' }}
  + - if: ${{ steps.publish.outputs.type }}
      run:  echo "Version changed!"

• The check-version and greater-version-only options have been removed and replaced with strategy.
  • Use strategy: all (default) to publish all versions that do not yet exist in the registry.

... (truncated)

Changelog

Sourced from JS-DevTools/npm-publish's changelog.

v1.4.0 (2020-10-02)

• Added support NPM's --tag argument, which allows packages to be published to a named tag that can then be installed using npm install <package-name>@<tag>

• Added support for NPM's --access argument, which controls whether scoped packages are publicly accessible, or restricted to members of your NPM organization

Full Changelog

v1.3.0 (2020-10-01)

• NPM-Publish can now successfully publish a brand-new package to NPM. Previously it failed because it couldn't determine the previous package version. ([PR #12](JS-DevTools/npm-publish#12) from @​ZitRos)

Full Changelog

v1.2.0 (2020-07-23)

• Added support for running NPM in "dry run" mode, which doesn't actually publish, but reports details of what would have been published.

Full Changelog

v1.1.0 (2020-03-29)

• FIX: The configured NPM registry and token are now used all NPM commands, not just for publishing. This ensures that npm-publish works with private packages and custom registries

Full Changelog

v1.0.0 (2020-01-21)

Initial release 🎉

Commits

• 19c28f1 chore(release): 3.1.1
• 1e4a74d fix: include registry URL pathname in npm config (#186)
• 79051c0 chore(release): 3.1.0
• aa4addf feat(dry-run): always print publish results in dry run (#185)
• 126874f chore(deps): bump the production group with 2 updates (#180)
• 71fdf93 chore(deps-dev): bump the lint group with 9 updates (#183)
• e19e66c chore(deps-dev): bump the development group with 3 updates (#181)
• 9c9fb62 chore(deps-dev): bump the lint group with 10 updates (#178)
• 2e9724f chore(deps-dev): bump the development group with 5 updates (#176)
• fe58a59 chore(deps): bump actions/upload-artifact from 3 to 4 (#172)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 2 to 4

Release notes

Sourced from actions/upload-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

1. The changelog post.
2. The README.
3. The migration documentation.
4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

• @​vmjoseph made their first contribution in actions/upload-artifact#464

Full Changelog: actions/upload-artifact@v3...v4.0.0

v3.1.3

What's Changed

• chore(github): remove trailing whitespaces by @​ljmf00 in actions/upload-artifact#313
• Bump @​actions/artifact version to v1.1.2 by @​bethanyj28 in actions/upload-artifact#436

Full Changelog: actions/upload-artifact@v3...v3.1.3

v3.1.2

• Update all @actions/* NPM packages to their latest versions- #374
• Update all dev dependencies to their most recent versions - #375

v3.1.1

• Update actions/core package to latest version to remove set-output deprecation warning #351

v3.1.0

What's Changed

• Bump @​actions/artifact to v1.1.0 (actions/upload-artifact#327)
  • Adds checksum headers on artifact upload (actions/toolkit#1095) (actions/toolkit#1063)

v3.0.0

What's Changed

• Update default runtime to node16 (#293)
• Update package-lock.json file version to 2 (#302)

Breaking Changes

With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

v2.3.1

Fix for empty fails on Windows failing on upload #281

v2.3.0 Upload Artifact

... (truncated)

Commits

• 5d5d22a Merge pull request #515 from actions/eggyhead/update-artifact-v2.1.1
• f1e993d update artifact license
• 4881bfd updating dist:
• a30777e @​eggyhead
• 3a80482 Merge pull request #511 from actions/robherley/migration-docs-typo
• 9d63e3f Merge branch 'main' into robherley/migration-docs-typo
• dfa1ab2 fix typo with v3 artifact downloads in migration guide
• d00351b Merge pull request #509 from markmssd/patch-1
• 707f5a7 Update limitation of 10 artifacts upload to 500
• 26f96df Merge pull request #505 from actions/robherley/merge-artifacts
• Additional commits viewable in compare view

Updates actions/download-artifact from 2 to 4

Release notes

Sourced from actions/download-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

1. The changelog post.
2. The README.
3. The migration documentation.
4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

• @​bflad made their first contribution in actions/download-artifact#194

Full Changelog: actions/download-artifact@v3...v4.0.0

v3.0.2

• Bump @actions/artifact to v1.1.1 - actions/download-artifact#195
• Fixed a bug in Node16 where if an HTTP download finished too quickly (<1ms, e.g. when it's mocked) we attempt to delete a temp file that has not been created yet Migrate dev environment and workflows to node16  actions/toolkit#1278

v3.0.1

• Bump @​actions/core to 1.10.0

v3.0.0

What's Changed

• Update default runtime to node16 (actions/download-artifact#134)
• Update package-lock.json file version to 2 (actions/download-artifact#136)

Breaking Changes

With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

v2.1.1

• Bump @actions/core to the latest version to prevent breaking changes once set-output and save-state commands are deprecated #21

v2.1.0 Download Artifact

• Improved output & logging
• Fixed issue where downloading all artifacts could cause display percentages to be over 100%
• Various small bug fixes & improvements

v2.0.10

• Retry on HTTP 500 responses from the service

v2.0.9

• Fixes to proxy related issues

v2.0.8

• Improvements to retryability if an error is encountered during artifact download

... (truncated)

Commits

• c850b93 Merge pull request #307 from bethanyj28/main
• 6fd111f update @​actions/artifact
• 87c5514 Merge pull request #303 from bethanyj28/main
• 47f9ce6 update @​actions/artifact
• 127824d Merge pull request #299 from bethanyj28/main
• 6dd49bf licensed only artifact
• f71c0e3 Revert "licensed"
• 7c63dfd licensed
• 67d37cd Update toolkit
• 3487549 Update release-new-action-version.yml (#292)
• Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 4.0.4 to 6.0.2

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v6.0.2

⚡ Improves performance in some cases where the action rebases changes on to the specified base.

What's Changed

• build(deps-dev): bump eslint-plugin-github from 4.10.1 to 4.10.2 by @​dependabot in peter-evans/create-pull-request#2797
• build(deps-dev): bump @​types/node from 18.19.18 to 18.19.21 by @​dependabot in peter-evans/create-pull-request#2798
• build(deps-dev): bump @​types/node from 18.19.21 to 18.19.23 by @​dependabot in peter-evans/create-pull-request#2811
• perf: shallow fetch the actual base when rebasing from working base by @​peter-evans in peter-evans/create-pull-request#2816

New Contributors

• @​webmonarch made their first contribution in peter-evans/create-pull-request#2816

Full Changelog: peter-evans/create-pull-request@v6.0.1...v6.0.2

Create Pull Request v6.0.1

⚙️ Fixes an issue where updating a pull request leads to the error Cannot read properties of undefined (reading 'number'). This was likely caused by GitHub fixing a long standing bug with an API endpoint, resulting in a breaking change.

What's Changed

• build(deps-dev): bump @​types/jest from 29.5.11 to 29.5.12 by @​dependabot in peter-evans/create-pull-request#2730
• build(deps-dev): bump prettier from 3.2.4 to 3.2.5 by @​dependabot in peter-evans/create-pull-request#2731
• build(deps-dev): bump @​types/node from 18.19.10 to 18.19.14 by @​dependabot in peter-evans/create-pull-request#2732
• build(deps): bump peter-evans/slash-command-dispatch from 3 to 4 by @​dependabot in peter-evans/create-pull-request#2748
• build(deps): bump peter-evans/create-pull-request from 5 to 6 by @​dependabot in peter-evans/create-pull-request#2747
• build(deps-dev): bump @​types/node from 18.19.14 to 18.19.15 by @​dependabot in peter-evans/create-pull-request#2759
• build(deps-dev): bump eslint-plugin-jest from 27.6.3 to 27.9.0 by @​dependabot in peter-evans/create-pull-request#2769
• build(deps-dev): bump @​types/node from 18.19.15 to 18.19.17 by @​dependabot in peter-evans/create-pull-request#2768
• build(deps-dev): bump @​types/node from 18.19.17 to 18.19.18 by @​dependabot in peter-evans/create-pull-request#2780
• build(deps-dev): bump eslint from 8.56.0 to 8.57.0 by @​dependabot in peter-evans/create-pull-request#2781
• fix: list pulls using the correct head format by @​peter-evans in peter-evans/create-pull-request#2792

Full Changelog: peter-evans/create-pull-request@v6.0.0...v6.0.1

Create Pull Request v6.0.0

Behaviour changes

• The default values for author and committer have changed. See "What's new" below for details. If you are overriding the default values you will not be affected by this change.
• On completion, the action now removes the temporary git remote configuration it adds when using push-to-fork. This should not affect you unless you were using the temporary configuration for some other purpose after the action completes.

What's new

• Updated runtime to Node.js 20
  • The action now requires a minimum version of v2.308.0 for the Actions runner. Update self-hosted runners to v2.308.0 or later to ensure compatibility.
• The default value for author has been changed to ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>. The change adds the ${{ github.actor_id }}+ prefix to the email address to align with GitHub's standard format for the author email address.
• The default value for committer has been changed to github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>. This is to align with the default GitHub Actions bot user account.
• Adds input git-token, the Personal Access Token (PAT) that the action will use for git operations. This input defaults to the value of token. Use this input if you would like the action to use a different token for git operations than the one used for the GitHub API.
• push-to-fork now supports pushing to sibling repositories in the same network.
• Previously, when using push-to-fork, the action did not remove temporary git remote configuration it adds during execution. This has been fixed and the configuration is now removed when the action completes.
• If the pull request body is truncated due to exceeding the maximum length, the action will now suffix the body with the message "...[Pull request body truncated]" to indicate that the body has been truncated.
• The action now uses --unshallow only when necessary, rather than as a default argument of git fetch. This should improve performance, particularly for large git repositories with extensive commit history.

... (truncated)

Commits

• 70a41ab perf: shallow fetch the actual base when rebasing from working base (#2816)
• 57a1014 build(deps-dev): bump @​types/node from 18.19.21 to 18.19.23 (#2811)
• b3a2c5d build(deps-dev): bump @​types/node from 18.19.18 to 18.19.21 (#2798)
• 02c7da5 build(deps-dev): bump eslint-plugin-github from 4.10.1 to 4.10.2 (#2797)
• bac6da8 docs: update description of delete-branch
• a4f52f8 fix: list pulls using the correct head format (#2792)
• 853c071 build(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#2781)
• d2c126e build(deps-dev): bump @​types/node from 18.19.17 to 18.19.18 (#2780)
• 43d39c6 build(deps-dev): bump @​types/node from 18.19.15 to 18.19.17 (#2768)
• 5a9d206 build(deps-dev): bump eslint-plugin-jest from 27.6.3 to 27.9.0 (#2769)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions