@codfish/actions 0.0.0-PR-92--d5c21f1 → 0.0.0-PR-90--2cf8276

package/README.md

@@ -119,7 +119,7 @@ intelligent caching, and version detection via input, .node-version, .nvmrc, or
 | `install-options`   | Extra command-line options to pass to npm/pnpm/yarn install.                                                                                                                                                                                                                                                    | No       | -       |
 | `working-directory` | Directory containing package.json and lockfile.                                                                                                                                                                                                                                                                 | No       | `.`     |
 | `registry-url`      | Optional registry URL to configure for publishing (e.g. "https://registry.npmjs.org/"). Creates .npmrc with NODE_AUTH_TOKEN placeholder. NOT recommended if using semantic-release (it handles auth independently). Only needed for publishing with manual npm publish or other non-semantic-release workflows. | No       | -       |
-| `upgrade-npm`       | Whether to upgrade npm to v11.5.1. This is required for OIDC trusted publishing but can be disabled if you want to shave off some run time and you are still using token-based authentication.                                                                                                                  | No       | -       |
+| `upgrade-npm`       | Whether to upgrade npm to v11.5.1. This is required for OIDC trusted publishing but can be disabled if you want to shave off some run time and you are still using token-based authentication.                                                                                                                  | No       | `true`  |
 
 **Outputs:**
 

package/comment/action.yml

@@ -46,7 +46,7 @@ runs:
     - name: Check existing comments
       id: check-comments
       if: inputs.upsert == 'true'
-      uses: actions/github-script@v8
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
       with:
         script: |
           try {
@@ -69,7 +69,7 @@ runs:
 
     - name: Update existing comment
       if: steps.check-comments.outputs.comment-id != null
-      uses: actions/github-script@v8
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
       with:
         script: |
           try {
@@ -86,7 +86,7 @@ runs:
 
     - name: Create new comment
       if: steps.check-comments.outputs.comment-id == null
-      uses: actions/github-script@v8
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
       with:
         script: |
           try {

package/npm-publish-pr/action.yml

@@ -42,7 +42,7 @@ runs:
   using: composite
 
   steps:
-    - uses: codfish/actions/comment@v3
+    - uses: codfish/actions/comment@a5d670e3eacf83aa1e1f906b86b04b8215c17e99 # v3
       if: inputs.comment == 'true'
       with:
         message: ⏳ Publishing PR version...
@@ -332,7 +332,7 @@ runs:
         PR: ${{ github.event.number }}
         SHA: ${{ github.event.pull_request.head.sha }}
 
-    - uses: codfish/actions/comment@v3
+    - uses: codfish/actions/comment@a5d670e3eacf83aa1e1f906b86b04b8215c17e99 # v3
       if: failure() && inputs.comment == 'true'
       with:
         message: |
@@ -344,7 +344,7 @@ runs:
         upsert: true
         tag: ${{ inputs.comment-tag }}
 
-    - uses: codfish/actions/comment@v3
+    - uses: codfish/actions/comment@a5d670e3eacf83aa1e1f906b86b04b8215c17e99 # v3
       if: success() && inputs.comment == 'true'
       with:
         message: |

package/package.json

@@ -4,7 +4,7 @@
   "description": "Composite GitHub Actions for my projects.",
   "author": "Chris O'Donnell <chris@codfish.dev>",
   "license": "MIT",
-  "version": "0.0.0-PR-92--d5c21f1",
+  "version": "0.0.0-PR-90--2cf8276",
   "repository": {
     "type": "git",
     "url": "https://github.com/codfish/actions.git"
@@ -21,13 +21,13 @@
   ],
   "devDependencies": {
     "@codfish/eslint-config": "13.1.2",
-    "bats": "^1.13.0",
-    "doctoc": "^2.3.0",
-    "eslint": "^10.0.3",
-    "husky": "^9.1.7",
-    "js-yaml": "^4.1.0",
-    "lint-staged": "^16.3.2",
-    "prettier": "^3.8.1"
+    "bats": "1.13.0",
+    "doctoc": "2.3.0",
+    "eslint": "10.1.0",
+    "husky": "9.1.7",
+    "js-yaml": "4.1.1",
+    "lint-staged": "16.4.0",
+    "prettier": "3.8.1"
   },
   "commitlint": {
     "extends": [

package/setup-node-and-install/README.md

@@ -91,7 +91,7 @@ When multiple version specification methods are present, the action uses this pr
 | `install-options`   | Extra command-line options to pass to npm/pnpm/yarn install.                                                                                                                                                                                                                                                    | No       | -       |
 | `working-directory` | Directory containing package.json and lockfile.                                                                                                                                                                                                                                                                 | No       | `.`     |
 | `registry-url`      | Optional registry URL to configure for publishing (e.g. "https://registry.npmjs.org/"). Creates .npmrc with NODE_AUTH_TOKEN placeholder. NOT recommended if using semantic-release (it handles auth independently). Only needed for publishing with manual npm publish or other non-semantic-release workflows. | No       | -       |
-| `upgrade-npm`       | Whether to upgrade npm to v11.5.1. This is required for OIDC trusted publishing but can be disabled if you want to shave off some run time and you are still using token-based authentication.                                                                                                                  | No       | -       |
+| `upgrade-npm`       | Whether to upgrade npm to v11.5.1. This is required for OIDC trusted publishing but can be disabled if you want to shave off some run time and you are still using token-based authentication.                                                                                                                  | No       | `true`  |
 
 <!-- end inputs -->
 

package/setup-node-and-install/action.yml

@@ -83,7 +83,7 @@ runs:
 
     - name: Install pnpm
       if: steps.detect-package-manager.outputs.package-manager == 'pnpm'
-      uses: pnpm/action-setup@v5
+      uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
       id: pnpm-setup
       with:
         run_install: false
@@ -128,7 +128,7 @@ runs:
         INPUT_NODE_VERSION: ${{ inputs.node-version }}
 
     - name: Setup Node.js
-      uses: actions/setup-node@v6
+      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
       id: setup-node
       with:
         # use detected package manager cache
@@ -156,7 +156,7 @@ runs:
       if:
         steps.detect-package-manager.outputs.lockfile-exists == 'true' &&
         steps.detect-package-manager.outputs.package-manager == 'npm'
-      uses: actions/cache@v5
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
       id: cache
       with:
         path: ${{ inputs.working-directory }}/node_modules