actions-up 1.14.2 → 1.15.0

package/dist/cli/anchor-directory-inputs.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Options for anchoring directory inputs at the repository root.
+ */
+interface AnchorDirectoryInputsOptions {
+    /**
+     * Raw --dir value(s), or undefined when the flag was not provided.
+     */
+    dir?: string[] | string;
+    /**
+     * Repository root detected by walking up, or null when none was found.
+     */
+    root: string | null;
+    /**
+     * Current working directory the CLI was invoked from.
+     */
+    cwd: string;
+}
+/**
+ * Anchors relative scan directories at the detected repository root.
+ *
+ * When the CLI runs from a nested subdirectory, the default `.github` and any
+ * simple relative `--dir` values are resolved against the repository root
+ * instead of the current directory. Absolute and parent-relative (`..`) values
+ * are intentional and left untouched.
+ *
+ * @param options - Detected root, current directory, and raw --dir value(s).
+ * @returns The directory input(s) to feed into resolveScanDirectories.
+ */
+export declare function anchorDirectoryInputs(options: AnchorDirectoryInputsOptions): undefined | string[] | string;
+export {};

package/dist/cli/anchor-directory-inputs.js

@@ -0,0 +1,13 @@
+import { GITHUB_DIRECTORY as e } from "../core/constants.js";
+import { isAbsolute as t, join as n } from "node:path";
+function r(r) {
+	let { root: i, cwd: a, dir: o } = r;
+	if (!i || i === a) return o;
+	let s = [];
+	return Array.isArray(o) ? s.push(...o) : typeof o == "string" && s.push(o), s.length === 0 && (s = ["."]), s.map((r) => {
+		if (t(r) || r.startsWith("..")) return r;
+		let a = n(i, r);
+		return a === i ? n(i, e) : a;
+	});
+}
+export { r as anchorDirectoryInputs };

package/dist/cli/index.js

@@ -6,203 +6,218 @@ import { getCompatibleUpdate as i } from "../core/api/get-compatible-update.js";
 import { createGitHubClient as a } from "../core/api/create-github-client.js";
 import { resolveScanDirectories as o } from "./resolve-scan-directories.js";
 import { getUpdateLevel as s } from "../core/versions/get-update-level.js";
-import { applyUpdates as c } from "../core/ast/update/apply-updates.js";
-import { normalizeUpdateStyle as l } from "./normalize-update-style.js";
-import { printSkippedWarning as u } from "./print-skipped-warning.js";
-import { normalizeUpdateMode as d } from "./normalize-update-mode.js";
-import { validateCliOptions as f } from "./validate-cli-options.js";
-import { shouldIgnore as p } from "../core/ignore/should-ignore.js";
-import { checkUpdates as m } from "../core/api/check-updates.js";
-import { mergeScanResults as h } from "./merge-scan-results.js";
-import { printModeWarning as g } from "./print-mode-warning.js";
-import { scanRecursive as _ } from "../core/scan-recursive.js";
-import { buildJsonReport as v } from "./build-json-report.js";
-import { scanGitHubActions as y } from "../core/scan-github-actions.js";
+import { anchorDirectoryInputs as c } from "./anchor-directory-inputs.js";
+import { applyUpdates as l } from "../core/ast/update/apply-updates.js";
+import { normalizeUpdateStyle as u } from "./normalize-update-style.js";
+import { printSkippedWarning as d } from "./print-skipped-warning.js";
+import { normalizeUpdateMode as f } from "./normalize-update-mode.js";
+import { validateCliOptions as p } from "./validate-cli-options.js";
+import { shouldIgnore as m } from "../core/ignore/should-ignore.js";
+import { findRepoRoot as h } from "../core/fs/find-repo-root.js";
+import { checkUpdates as g } from "../core/api/check-updates.js";
+import { mergeScanResults as _ } from "./merge-scan-results.js";
+import { printModeWarning as v } from "./print-mode-warning.js";
+import { scanRecursive as y } from "../core/scan-recursive.js";
+import { buildJsonReport as b } from "./build-json-report.js";
+import { parseArguments as x } from "./parse-arguments.js";
+import { scanGitHubActions as S } from "../core/scan-github-actions.js";
 import "../core/index.js";
-import { version as b } from "../package.js";
-import { createSpinner as x } from "nanospinner";
-import { resolve as S } from "node:path";
+import { version as C } from "../package.js";
+import { createSpinner as w } from "nanospinner";
+import { resolve as T } from "node:path";
 import "node:worker_threads";
-import C from "picocolors";
-import w from "cac";
-function T() {
-	let T = w("actions-up");
-	T.help().version(b).option("--dir <directory>", "Directory to scan (repeatable). Default: .github, or . with --recursive").option("--dry-run", "Preview changes without applying them").option("--exclude <regex>", "Exclude actions by regex (repeatable)").option("--include-branches", "Also check actions pinned to branches (default: false)").option("--json", "Output update information as machine-readable JSON").option("--min-age <days>", "Minimum age in days for updates (default: 0)", { default: 0 }).option("--mode <mode>", "Update mode: major, minor, or patch (default: major)", { default: "major" }).option("--style <style>", "Update style: sha or preserve (default: sha)", { default: "sha" }).option("--recursive, -r", "Recursively scan directories for YAML files").option("--yes, -y", "Skip all confirmations").command("", "Update GitHub Actions").action(async (b) => {
-		let w = b.json ?? !1, T = null, E = o({
-			recursive: b.recursive,
-			cwd: process.cwd(),
-			dir: b.dir
-		}), D = E.map(({ root: e, dir: t }) => S(e, t)), O = b.includeBranches ?? !1, k = d(b.mode), A = l(b.style), j = [];
-		Array.isArray(b.exclude) ? j.push(...b.exclude) : typeof b.exclude == "string" && j.push(b.exclude);
-		let M = j.flatMap((e) => e.split(",")).map((e) => e.trim()).filter(Boolean);
-		try {
-			f({
-				yes: b.yes,
-				json: w
-			}), w || (console.info(C.cyan("\n🚀 Actions Up!\n")), T = x("Scanning GitHub Actions...").start());
-			function o({ actionsToCheckCount: e, blockedByMode: t = [], outdated: n = [], skipped: r = [], scanResult: i, status: a }) {
-				process.stdout.write(`${JSON.stringify(v({
-					recursive: b.recursive ?? !1,
-					excludePatterns: M,
-					directories: D,
-					minAge: b.minAge,
-					actionsToCheckCount: e,
-					includeBranches: O,
-					blockedByMode: t,
-					scanResult: i,
-					outdated: n,
-					skipped: r,
-					status: a,
-					style: A,
-					mode: k
-				}), null, 2)}\n`);
-			}
-			let l = h(b.recursive ? await Promise.all(E.map(({ root: e, dir: t }) => _(e, t))) : await Promise.all(E.map(({ root: e, dir: t }) => y(e, t)))), d = l.actions.length, S = l.workflows.size, j = l.compositeActions.size;
-			if (T?.success(`Found ${C.yellow(d)} actions in ${C.yellow(S)} workflows and ${C.yellow(j)} composite actions`), d === 0) {
-				if (w) {
-					o({
-						status: "no-actions-found",
-						actionsToCheckCount: 0,
-						scanResult: l
-					});
-					return;
-				}
-				console.info(C.green("\n✨ No GitHub Actions found in this repository"));
+import E from "picocolors";
+function D() {
+	let e = x(process.argv.slice(2), C);
+	if (e.kind === "help" || e.kind === "version") {
+		console.info(e.text);
+		return;
+	}
+	e.kind === "error" && (console.error(E.redBright("\nError:"), e.message), process.exit(1)), O(e.options);
+}
+async function O(x) {
+	let C = x.json ?? !1, D = x.quiet ?? !1, O = null, k = process.cwd(), A = x.recursive ? null : await h(k), j = o({
+		dir: c({
+			dir: x.dir,
+			root: A,
+			cwd: k
+		}),
+		recursive: x.recursive,
+		cwd: k
+	}), M = j.map(({ root: e, dir: t }) => T(e, t)), N = x.includeBranches ?? !1, P = f(x.mode), F = u(x.style), I = [];
+	Array.isArray(x.exclude) ? I.push(...x.exclude) : typeof x.exclude == "string" && I.push(x.exclude);
+	let L = I.flatMap((e) => e.split(",")).map((e) => e.trim()).filter(Boolean);
+	try {
+		p({
+			yes: x.yes,
+			json: C
+		}), C || (console.info(E.cyan("\n🚀 Actions Up!\n")), O = w("Scanning GitHub Actions...").start());
+		function o({ actionsToCheckCount: e, blockedByMode: t = [], outdated: n = [], skipped: r = [], scanResult: i, status: a }) {
+			process.stdout.write(`${JSON.stringify(b({
+				recursive: x.recursive ?? !1,
+				excludePatterns: L,
+				directories: M,
+				minAge: x.minAge,
+				actionsToCheckCount: e,
+				includeBranches: N,
+				blockedByMode: t,
+				scanResult: i,
+				outdated: n,
+				skipped: r,
+				status: a,
+				style: F,
+				mode: P
+			}), null, 2)}\n`);
+		}
+		let c = _(x.recursive ? await Promise.all(j.map(({ root: e, dir: t }) => y(e, t))) : await Promise.all(j.map(({ root: e, dir: t }) => S(e, t)))), u = c.actions.length, f = c.workflows.size, h = c.compositeActions.size;
+		if (O?.success(`Found ${E.yellow(u)} actions in ${E.yellow(f)} workflows and ${E.yellow(h)} composite actions`), u === 0) {
+			if (C) {
+				o({
+					status: "no-actions-found",
+					actionsToCheckCount: 0,
+					scanResult: c
+				});
 				return;
 			}
-			let N = l.actions;
-			if (M.length > 0) {
-				let { parseExcludePatterns: e } = await import("../core/filters/parse-exclude-patterns.js"), t = e(M);
-				t.length > 0 && (N = N.filter((e) => {
-					let { name: n } = e;
-					for (let e of t) if (e.test(n)) return !1;
-					return !0;
-				}));
-			}
-			if (w || (T = x("Checking for updates...").start()), N.length === 0) {
-				if (T?.success("No actions to check after excludes"), w) {
-					o({
-						status: "nothing-to-check",
-						actionsToCheckCount: 0,
-						scanResult: l
-					});
-					return;
-				}
-				console.info(C.green("\n✨ Nothing to check after excludes\n"));
+			console.info(E.green("\n✨ No GitHub Actions found in this repository"));
+			return;
+		}
+		let T = c.actions;
+		if (L.length > 0) {
+			let { parseExcludePatterns: e } = await import("../core/filters/parse-exclude-patterns.js"), t = e(L);
+			t.length > 0 && (T = T.filter((e) => {
+				let { name: n } = e;
+				for (let e of t) if (e.test(n)) return !1;
+				return !0;
+			}));
+		}
+		if (C || (O = w("Checking for updates...").start()), T.length === 0) {
+			if (O?.success("No actions to check after excludes"), C) {
+				o({
+					status: "nothing-to-check",
+					actionsToCheckCount: 0,
+					scanResult: c
+				});
 				return;
 			}
-			let P = process.env.GITHUB_TOKEN, F = a(P), I = await m(N, P, {
-				client: F,
-				includeBranches: O,
-				style: A
-			}), L = [];
-			await Promise.all(I.map(async (e) => {
-				await p(e.action.file, e.action.line) || L.push(e);
-			}));
-			let R = L.filter((e) => e.status === "skipped"), z = L.filter((e) => e.hasUpdate), B = b.minAge * 24 * 60 * 60 * 1e3, V = Date.now();
-			z = z.filter((e) => e.publishedAt ? V - e.publishedAt.getTime() >= B : !0);
-			let H = [];
-			if (k !== "major") {
-				let n = /* @__PURE__ */ new Map(), r = /* @__PURE__ */ new Map(), a = /* @__PURE__ */ new Map(), o = await Promise.all(z.map(async (n) => {
-					let r = n.currentVersion;
-					if (t(n.currentVersion)) {
-						let t = await e(n.action.file, n.action.line, a);
-						t && (r = t);
-					}
-					let i = s(r, n.latestVersion);
-					return {
-						effectiveCurrentVersion: r,
-						allowed: k === "minor" ? i === "minor" || i === "patch" || i === "none" : i === "patch" || i === "none",
-						update: n
-					};
-				})), c = [], l = await Promise.all(o.map(async (e) => {
-					if (e.allowed) return { update: e.update };
-					let t = await i(F, {
-						currentVersion: e.effectiveCurrentVersion,
-						actionName: e.update.action.name,
-						tagsCache: n,
-						shaCache: r,
-						mode: k
-					});
-					return t ? { update: {
-						...e.update,
-						latestVersion: t.version,
-						latestSha: t.sha,
-						isBreaking: !1,
-						hasUpdate: !0
-					} } : { blocked: e.update };
-				}));
-				for (let e of l) {
-					if (e.update) {
-						c.push(e.update);
-						continue;
-					}
-					H.push(e.blocked);
+			console.info(E.green("\n✨ Nothing to check after excludes\n"));
+			return;
+		}
+		let k = process.env.GITHUB_TOKEN, A = a(k), I = await g(T, k, {
+			client: A,
+			includeBranches: N,
+			style: F
+		}), R = [];
+		await Promise.all(I.map(async (e) => {
+			await m(e.action.file, e.action.line) || R.push(e);
+		}));
+		let z = R.filter((e) => e.status === "skipped"), B = R.filter((e) => e.hasUpdate), V = x.minAge * 24 * 60 * 60 * 1e3, H = Date.now();
+		B = B.filter((e) => e.publishedAt ? H - e.publishedAt.getTime() >= V : !0);
+		let U = [];
+		if (P !== "major") {
+			let n = /* @__PURE__ */ new Map(), r = /* @__PURE__ */ new Map(), a = /* @__PURE__ */ new Map(), o = await Promise.all(B.map(async (n) => {
+				let r = n.currentVersion;
+				if (t(n.currentVersion)) {
+					let t = await e(n.action.file, n.action.line, a);
+					t && (r = t);
 				}
-				z = c;
-			}
-			z = z.map((e) => r(e, A));
-			let U = z.filter((e) => !e.targetRef).map((e) => ({
-				...e,
-				skipReason: "unsupported-style",
-				status: "skipped",
-				hasUpdate: !1
+				let i = s(r, n.latestVersion), o = (P === "minor" ? [
+					"minor",
+					"patch",
+					"none"
+				] : ["patch", "none"]).includes(i);
+				return {
+					effectiveCurrentVersion: r,
+					allowed: o,
+					update: n
+				};
+			})), c = [], l = await Promise.all(o.map(async (e) => {
+				if (e.allowed) return { update: e.update };
+				let t = await i(A, {
+					currentVersion: e.effectiveCurrentVersion,
+					actionName: e.update.action.name,
+					tagsCache: n,
+					shaCache: r,
+					mode: P
+				});
+				return t ? { update: {
+					...e.update,
+					latestVersion: t.version,
+					latestSha: t.sha,
+					isBreaking: !1,
+					hasUpdate: !0
+				} } : { blocked: e.update };
 			}));
-			R.push(...U), z = z.filter((e) => e.targetRef);
-			let W = z.filter((e) => e.isBreaking);
-			if (z.length === 0) {
-				if (T?.success("All actions are up to date!"), w) {
-					o({
-						actionsToCheckCount: N.length,
-						status: "up-to-date",
-						blockedByMode: H,
-						scanResult: l,
-						skipped: R
-					});
-					return;
+			for (let e of l) {
+				if (e.update) {
+					c.push(e.update);
+					continue;
 				}
-				R.length > 0 && u(R, O, A), H.length > 0 && g(H, k), console.info(C.green("\n✨ Everything is already at the latest version!\n"));
-				return;
+				U.push(e.blocked);
 			}
-			if (T?.success(`Found ${C.yellow(z.length)} updates available${W.length > 0 ? ` (${C.redBright(W.length)} breaking)` : ""}`), w) {
+			B = c;
+		}
+		B = B.map((e) => r(e, F));
+		let W = B.filter((e) => !e.targetRef).map((e) => ({
+			...e,
+			skipReason: "unsupported-style",
+			status: "skipped",
+			hasUpdate: !1
+		}));
+		if (z.push(...W), B = B.filter((e) => e.targetRef), B.length === 0) {
+			if (O?.success("All actions are up to date!"), C) {
 				o({
-					actionsToCheckCount: N.length,
-					status: "updates-available",
-					blockedByMode: H,
-					scanResult: l,
-					outdated: z,
-					skipped: R
+					actionsToCheckCount: T.length,
+					status: "up-to-date",
+					blockedByMode: U,
+					scanResult: c,
+					skipped: z
 				});
 				return;
 			}
-			if (R.length > 0 && u(R, O, A), H.length > 0 && g(H, k), b.dryRun) {
-				console.info(C.yellow("\n📋 Dry Run - No changes will be made\n"));
-				for (let e of z) {
-					let t = e.targetRefStyle === "sha" && e.targetRef ? `${e.latestVersion} ${C.gray(`(${e.targetRef.slice(0, 7)})`)}` : e.targetRef ?? e.latestVersion;
-					console.info(`${C.cyan(e.action.file ?? "unknown")}:\n${e.action.name}: ${C.redBright(e.currentVersion)} → ${C.green(t)}\n`);
-				}
-				console.info(C.gray(`\n${z.length} actions would be updated\n`));
+			!D && z.length > 0 && d(z, N, F), !D && U.length > 0 && v(U, P), console.info(E.green("\n✨ Everything is already at the latest version!\n"));
+			return;
+		}
+		let G = B.filter((e) => e.isBreaking);
+		if (O?.success(`Found ${E.yellow(B.length)} updates available${G.length > 0 ? ` (${E.redBright(G.length)} breaking)` : ""}`), C) {
+			o({
+				actionsToCheckCount: T.length,
+				status: "updates-available",
+				blockedByMode: U,
+				scanResult: c,
+				outdated: B,
+				skipped: z
+			});
+			return;
+		}
+		if (!D && z.length > 0 && d(z, N, F), !D && U.length > 0 && v(U, P), x.dryRun) {
+			console.info(E.yellow("\n📋 Dry Run - No changes will be made\n"));
+			for (let e of B) {
+				let t = e.targetRefStyle === "sha" && e.targetRef ? `${e.latestVersion} ${E.gray(`(${e.targetRef.slice(0, 7)})`)}` : e.targetRef ?? e.latestVersion;
+				console.info(`${E.cyan(e.action.file ?? "unknown")}:\n${e.action.name}: ${E.redBright(e.currentVersion)} → ${E.green(t)}\n`);
+			}
+			console.info(E.gray(`\n${B.length} actions would be updated\n`));
+			return;
+		}
+		if (x.yes) {
+			let e = B.filter((e) => e.targetRef);
+			if (e.length === 0) {
+				console.info(E.yellow("\n⚠️ No actionable updates available\n"));
 				return;
 			}
-			if (b.yes) {
-				let e = z.filter((e) => e.targetRef);
-				if (e.length === 0) {
-					console.info(C.yellow("\n⚠️ No actionable updates available\n"));
-					return;
-				}
-				console.info(C.yellow(`\n🔄 Updating ${e.length} actions...\n`)), await c(e), console.info(C.green("\n✓ Updates applied successfully!"));
-			} else {
-				(R.length > 0 || H.length > 0) && console.info("");
-				let e = await n(z, { showAge: b.minAge > 0 });
-				if (!e || e.length === 0) {
-					console.info(C.gray("\nNo updates applied"));
-					return;
-				}
-				console.info(C.yellow(`\n🔄 Updating ${e.length} selected actions...\n`)), await c(e), console.info(C.green("\n✓ Updates applied successfully!"));
+			console.info(E.yellow(`\n🔄 Updating ${e.length} actions...\n`)), await l(e);
+		} else {
+			!D && (z.length > 0 || U.length > 0) && console.info("");
+			let e = await n(B, { showAge: x.minAge > 0 });
+			if (!e || e.length === 0) {
+				console.info(E.gray("\nNo updates applied"));
+				return;
 			}
-		} catch (e) {
-			T?.error("Failed"), e instanceof Error && e.name === "GitHubRateLimitError" ? (console.error(C.yellow("\n⚠️ Rate Limit Exceeded\n")), console.error(e.message), console.error(C.gray("\nExample: GITHUB_TOKEN=ghp_xxxx actions-up\n"))) : console.error(C.redBright("\nError:"), e instanceof Error ? e.message : String(e)), process.exit(1);
+			console.info(E.yellow(`\n🔄 Updating ${e.length} selected actions...\n`)), await l(e);
 		}
-	}), T.parse();
+		console.info(E.green("\n✓ Updates applied successfully!"));
+	} catch (e) {
+		O?.error("Failed"), e instanceof Error && e.name === "GitHubRateLimitError" ? (console.error(E.yellow("\n⚠️ Rate Limit Exceeded\n")), console.error(e.message), console.error(E.gray("\nExample: GITHUB_TOKEN=ghp_xxxx actions-up\n"))) : console.error(E.redBright("\nError:"), e instanceof Error ? e.message : String(e)), process.exit(1);
+	}
 }
-export { T as run };
+export { D as run };

package/dist/cli/normalize-update-mode.js

@@ -1,6 +1,10 @@
 function e(e) {
 	let t = (e ?? "major").toLowerCase();
-	if (t === "major" || t === "minor" || t === "patch") return t;
+	if ([
+		"major",
+		"minor",
+		"patch"
+	].includes(t)) return t;
 	throw Error(`Invalid mode "${e}". Expected "major", "minor", or "patch".`);
 }
 export { e as normalizeUpdateMode };

package/dist/cli/parse-arguments.d.ts

@@ -0,0 +1,78 @@
+/**
+ * CLI Options.
+ */
+export interface CLIOptions {
+    /**
+     * Regex patterns to exclude actions by name (repeatable).
+     */
+    exclude?: string[] | string;
+    /**
+     * Whether to include branch references in update checks.
+     */
+    includeBranches?: boolean;
+    /**
+     * Custom directory name (e.g., '.gitea' instead of '.github').
+     */
+    dir?: string[] | string;
+    /**
+     * Recursively scan directories for YAML files.
+     */
+    recursive?: boolean;
+    /**
+     * Suppress skipped and blocked-update warnings.
+     */
+    quiet?: boolean;
+    /**
+     * Preview changes without applying them.
+     */
+    dryRun: boolean;
+    /**
+     * Update style (sha or preserve).
+     */
+    style?: string;
+    /**
+     * Output a machine-readable JSON report.
+     */
+    json?: boolean;
+    /**
+     * Minimum age in days for updates.
+     */
+    minAge: number;
+    /**
+     * Update mode (major, minor, patch).
+     */
+    mode?: string;
+    /**
+     * Skip all confirmations.
+     */
+    yes: boolean;
+}
+/**
+ * Result of parsing CLI arguments. `kind` discriminates what the caller should
+ * do next.
+ */
+export type ParseArgumentsResult = {
+    options: CLIOptions;
+    kind: 'options';
+} | {
+    message: string;
+    kind: 'error';
+} | {
+    kind: 'version';
+    text: string;
+} | {
+    kind: 'help';
+    text: string;
+};
+/**
+ * Parse CLI arguments into normalized options.
+ *
+ * Reproduces the previous cac behavior without its runtime magic: numeric
+ * coercion for `--min-age` and the option defaults are applied manually here,
+ * and kebab-case flags are mapped to the camelCase option shape.
+ *
+ * @param argv - Raw arguments, typically `process.argv.slice(2)`.
+ * @param appVersion - Version string used for `--version`.
+ * @returns A discriminated result describing what the caller should do.
+ */
+export declare function parseArguments(argv: string[], appVersion: string): ParseArgumentsResult;

package/dist/cli/parse-arguments.js

@@ -0,0 +1,81 @@
+import { parseArgs as e } from "node:util";
+var t = "Usage:\n  $ actions-up [options]\n\nOptions:\n  --dir <directory>   Directory to scan (repeatable). Default: .github, or . with --recursive\n  --dry-run           Preview changes without applying them\n  --exclude <regex>   Exclude actions by regex (repeatable)\n  --include-branches  Also check actions pinned to branches (default: false)\n  --json              Output update information as machine-readable JSON\n  --min-age <days>    Minimum age in days for updates (default: 0)\n  --mode <mode>       Update mode: major, minor, or patch (default: major)\n  --style <style>     Update style: sha or preserve (default: sha)\n  -r, --recursive     Recursively scan directories for YAML files\n  -y, --yes           Skip all confirmations\n  -q, --quiet         Suppress skipped/blocked warnings\n  -h, --help          Display this message\n  -v, --version       Display version number", n = {
+	exclude: {
+		type: "string",
+		multiple: !0
+	},
+	recursive: {
+		type: "boolean",
+		short: "r"
+	},
+	version: {
+		type: "boolean",
+		short: "v"
+	},
+	"include-branches": { type: "boolean" },
+	dir: {
+		type: "string",
+		multiple: !0
+	},
+	quiet: {
+		type: "boolean",
+		short: "q"
+	},
+	help: {
+		type: "boolean",
+		short: "h"
+	},
+	yes: {
+		type: "boolean",
+		short: "y"
+	},
+	"dry-run": { type: "boolean" },
+	"min-age": { type: "string" },
+	style: { type: "string" },
+	json: { type: "boolean" },
+	mode: { type: "string" }
+};
+function r(r, i) {
+	try {
+		let { values: a } = e({
+			allowPositionals: !1,
+			options: n,
+			strict: !0,
+			args: r
+		});
+		if (a.help) return {
+			text: t,
+			kind: "help"
+		};
+		if (a.version) return {
+			text: `actions-up/${i} ${process.platform}-${process.arch} node-${process.version}`,
+			kind: "version"
+		};
+		let o = a["min-age"], s = o === void 0 ? 0 : Number(o);
+		return !Number.isFinite(s) || s < 0 ? {
+			message: `Invalid --min-age "${o}". Expected a non-negative number.`,
+			kind: "error"
+		} : {
+			options: {
+				includeBranches: a["include-branches"],
+				dryRun: a["dry-run"] ?? !1,
+				style: a.style ?? "sha",
+				mode: a.mode ?? "major",
+				recursive: a.recursive,
+				yes: a.yes ?? !1,
+				exclude: a.exclude,
+				quiet: a.quiet,
+				json: a.json,
+				dir: a.dir,
+				minAge: s
+			},
+			kind: "options"
+		};
+	} catch (e) {
+		return {
+			message: e.message,
+			kind: "error"
+		};
+	}
+}
+export { r as parseArguments };

package/dist/core/api/check-updates.js

@@ -3,173 +3,183 @@ import { preserveTagFormat as t } from "../versions/preserve-tag-format.js";
 import { normalizeVersion as n } from "../versions/normalize-version.js";
 import { createGitHubClient as r } from "./create-github-client.js";
 import i from "semver";
-async function a(t, a, s) {
-	let d = s?.client ?? r(a), f = s?.includeBranches ?? !1, p = s?.style ?? "sha", m = t.filter((e) => e.type === "external" || e.type === "reusable-workflow");
-	if (m.length === 0) return [];
-	let h = /* @__PURE__ */ new Map();
-	for (let e of m) {
-		let t = h.get(e.name) ?? [];
-		t.push(e), h.set(e.name, t);
+var a = class extends Error {
+	constructor(e, t) {
+		super(e, t), this.name = "GitHubRateLimitError";
 	}
-	let g = {
+};
+async function o(t, o, c) {
+	let f = c?.client ?? r(o), p = c?.includeBranches ?? !1, m = c?.style ?? "sha", h = t.filter((e) => e.type === "external" || e.type === "reusable-workflow");
+	if (h.length === 0) return [];
+	let g = /* @__PURE__ */ new Map();
+	for (let e of h) {
+		let t = g.get(e.name) ?? [];
+		t.push(e), g.set(e.name, t);
+	}
+	let _ = {
 		rateLimitError: null,
 		rateLimitHit: !1
-	}, _ = await [...h.keys()].reduce((t, r) => t.then(async (t) => {
-		if (g.rateLimitHit) return [...t, {
+	}, v = [];
+	async function y(t) {
+		if (_.rateLimitHit) return {
 			currentRefType: "unknown",
 			publishedAt: null,
 			version: null,
-			actionName: r,
+			actionName: t,
 			sha: null
-		}];
-		let a = r.split("/");
-		if (a.length < 2) return [...t, {
+		};
+		let r = t.split("/");
+		if (r.length < 2) return {
 			currentRefType: "unknown",
 			publishedAt: null,
 			version: null,
-			actionName: r,
+			actionName: t,
 			sha: null
-		}];
-		let [o, s] = a;
-		if (!o || !s) return [...t, {
+		};
+		let [a, o] = r;
+		if (!a || !o) return {
 			currentRefType: "unknown",
 			publishedAt: null,
 			version: null,
-			actionName: r,
+			actionName: t,
 			sha: null
-		}];
+		};
 		try {
-			let a = h.get(r)[0]?.version, p = l(a);
-			if (a && !c(a) && !e(a)) {
-				let e = await d.getRefType(o, s, a);
-				if (p = e === "branch" || e === "tag" ? e : p, e === "branch" && !f) return [...t, {
-					currentRefType: p,
+			let r = g.get(t)[0]?.version, s = u(r);
+			if (r && !l(r) && !e(r)) {
+				let e = await f.getRefType(a, o, r);
+				if (s = e === "branch" || e === "tag" ? e : s, e === "branch" && !p) return {
+					currentRefType: s,
 					skipReason: "branch",
 					status: "skipped",
 					publishedAt: null,
 					version: null,
-					actionName: r,
+					actionName: t,
 					sha: null
-				}];
+				};
 			}
-			let m = await d.getLatestRelease(o, s);
-			if (!m) {
-				let e = await d.getAllReleases(o, s, 1);
-				m = e.find((e) => !e.isPrerelease) ?? e[0] ?? null;
+			let c = await f.getLatestRelease(a, o);
+			if (!c) {
+				let e = await f.getAllReleases(a, o, 1);
+				c = e.find((e) => !e.isPrerelease) ?? e[0] ?? null;
 			}
-			if (m) {
-				let { publishedAt: a, version: c, sha: l } = m, f = !1;
+			if (c) {
+				let { publishedAt: r, version: l, sha: u } = c, p = !1;
 				{
-					let t = n(c), r = !!(c && c.trim() !== ""), a = r && /^v?\d+$/u.test(c.trim()), o = i.valid(t);
-					f = !r || a || !o || !e(c);
+					let t = n(l), r = !!(l && l.trim() !== ""), a = r && /^v?\d+$/u.test(l.trim()), o = i.valid(t);
+					p = !r || a || !o || !e(l);
 				}
-				if (f) {
-					let a = await d.getAllTags(o, s, 30);
-					if (a.length > 0) {
-						let l = a.filter((t) => e(t.tag)).map((e) => ({
+				if (p) {
+					let r = await f.getAllTags(a, o, 30);
+					if (r.length > 0) {
+						let c = r.filter((t) => e(t.tag)).map((e) => ({
 							v: i.valid(n(e.tag)),
 							raw: e
 						}));
-						if (l.length > 0) {
-							l.sort((e, t) => {
+						if (c.length > 0) {
+							c.sort((e, t) => {
 								let n = i.rcompare(e.v, t.v);
 								if (n !== 0) return n;
 								let r = +!!/\d+\.\d+/u.test(e.raw.tag);
 								return +!!/\d+\.\d+/u.test(t.raw.tag) - r;
 							});
-							let e = l[0].raw, a = i.valid(n(c) ?? void 0);
-							if (!a || i.gt(l[0].v, a) || i.eq(l[0].v, a) && /\d+\.\d+/u.test(e.tag)) {
-								let n = e.tag, i = e.sha?.length ? e.sha : null;
-								if (!i && n) try {
-									i = await d.getTagSha(o, s, n);
+							let e = c[0].raw, r = i.valid(n(l) ?? void 0);
+							if (!r || i.gt(c[0].v, r) || i.eq(c[0].v, r) && /\d+\.\d+/u.test(e.tag)) {
+								let n = e.tag, r = e.sha?.length ? e.sha : null;
+								if (!r && n) try {
+									r = await f.getTagSha(a, o, n);
 								} catch (e) {
-									if (u(e)) throw e;
+									if (d(e)) throw e;
 								}
-								return [...t, {
-									currentRefType: p,
+								return {
+									currentRefType: s,
 									version: n,
 									publishedAt: null,
-									sha: i,
-									actionName: r
-								}];
+									sha: r,
+									actionName: t
+								};
 							}
 						}
 					}
 				}
-				if (c) {
-					let e = l;
+				if (l) {
+					let e = u;
 					try {
-						l = await d.getTagSha(o, s, c) ?? e;
+						u = await f.getTagSha(a, o, l) ?? e;
 					} catch (t) {
-						if (u(t)) throw t;
-						l = e;
+						if (d(t)) throw t;
+						u = e;
 					}
 				}
-				return [...t, {
-					currentRefType: p,
+				return {
+					currentRefType: s,
 					status: "ok",
-					publishedAt: a,
-					actionName: r,
-					version: c,
-					sha: l
-				}];
+					publishedAt: r,
+					actionName: t,
+					version: l,
+					sha: u
+				};
 			}
-			let g = await d.getAllTags(o, s, 30);
-			if (g.length > 0) {
-				let a = g.filter((t) => e(t.tag)).map((e) => ({
+			let m = await f.getAllTags(a, o, 30);
+			if (m.length > 0) {
+				let r = m.filter((t) => e(t.tag)).map((e) => ({
 					v: i.valid(n(e.tag)),
 					raw: e
 				})), c;
-				a.length > 0 ? (a.sort((e, t) => {
+				r.length > 0 ? (r.sort((e, t) => {
 					let n = i.rcompare(e.v, t.v);
 					if (n !== 0) return n;
 					let r = +!!/\d+\.\d+/u.test(e.raw.tag);
 					return +!!/\d+\.\d+/u.test(t.raw.tag) - r;
-				}), c = a[0].raw) : c = g[0];
-				let l = c.tag, f = c.sha?.length ? c.sha : null;
-				if (!f && l) try {
-					f = await d.getTagSha(o, s, l);
+				}), c = r[0].raw) : c = m[0];
+				let l = c.tag, u = c.sha?.length ? c.sha : null;
+				if (!u && l) try {
+					u = await f.getTagSha(a, o, l);
 				} catch (e) {
-					if (u(e)) throw e;
+					if (d(e)) throw e;
 				}
-				return [...t, {
-					currentRefType: p,
+				return {
+					currentRefType: s,
 					status: "ok",
 					publishedAt: null,
-					actionName: r,
+					actionName: t,
 					version: l,
-					sha: f
-				}];
+					sha: u
+				};
 			}
-			return [...t, {
-				currentRefType: p,
+			return {
+				currentRefType: s,
 				publishedAt: null,
 				version: null,
-				actionName: r,
+				actionName: t,
 				sha: null
-			}];
+			};
 		} catch (e) {
-			return e instanceof Error && e.name === "GitHubRateLimitError" ? (g.rateLimitHit = !0, g.rateLimitError = e, [...t, {
+			return e instanceof Error && e.name === "GitHubRateLimitError" ? (_.rateLimitHit = !0, _.rateLimitError = e, {
 				currentRefType: "unknown",
 				publishedAt: null,
 				version: null,
-				actionName: r,
+				actionName: t,
 				sha: null
-			}]) : (console.warn(`Failed to check ${r}:`, e), [...t, {
+			}) : (console.warn(`Failed to check ${t}:`, e), {
 				currentRefType: "unknown",
 				publishedAt: null,
 				version: null,
-				actionName: r,
+				actionName: t,
 				sha: null
-			}]);
+			});
 		}
-	}), Promise.resolve([]));
-	if (g.rateLimitError) {
-		let e = !!(a ?? process.env.GITHUB_TOKEN), t = `${g.rateLimitError.message || "GitHub API rate limit exceeded."}\n${e ? "Wait for reset or reduce request rate." : "Please set GITHUB_TOKEN environment variable to increase the limit.\nSee: https://github.com/azat-io/actions-up?tab=readme-ov-file#github-token"}`, n = Error(t);
-		throw n.name = "GitHubRateLimitError", n;
 	}
-	let v = /* @__PURE__ */ new Map();
-	for (let e of _) v.set(e.actionName, {
+	async function b(e) {
+		let t = e.next();
+		t.done || (v.push(await y(t.value)), await b(e));
+	}
+	if (await b(g.keys()), _.rateLimitError) {
+		let e = !!(o ?? process.env.GITHUB_TOKEN);
+		throw new a(`${_.rateLimitError.message || "GitHub API rate limit exceeded."}\n${e ? "Wait for reset or reduce request rate." : "Please set GITHUB_TOKEN environment variable to increase the limit.\nSee: https://github.com/azat-io/actions-up?tab=readme-ov-file#github-token"}`);
+	}
+	let x = /* @__PURE__ */ new Map();
+	for (let e of v) x.set(e.actionName, {
 		currentRefType: e.currentRefType,
 		publishedAt: e.publishedAt,
 		actionName: e.actionName,
@@ -178,10 +188,10 @@ async function a(t, a, s) {
 		status: e.status,
 		sha: e.sha
 	});
-	let y = [];
-	for (let e of m) {
-		let t = v.get(e.name);
-		t ? y.push(o(e, {
+	let S = [];
+	for (let e of h) {
+		let t = x.get(e.name);
+		t ? S.push(s(e, {
 			publishedAt: t.publishedAt,
 			version: t.version,
 			sha: t.sha
@@ -189,20 +199,20 @@ async function a(t, a, s) {
 			currentRefType: t.currentRefType,
 			skipReason: t.skipReason,
 			status: t.status,
-			style: p
-		})) : y.push(o(e, {
+			style: m
+		})) : S.push(s(e, {
 			publishedAt: null,
 			version: null,
 			sha: null
 		}, {
-			currentRefType: l(e.version),
-			style: p
+			currentRefType: u(e.version),
+			style: m
 		}));
 	}
-	return y;
+	return S;
 }
-function o(e, r, a) {
-	let { version: o, sha: l, publishedAt: u } = r, d = e.version ?? "unknown", f = n(d), p = a.currentRefType, { style: m } = a, h = (m === "preserve" && p === "tag" ? t(d, o) : null) ?? o, g = h ? n(h) : null, _ = a.status ?? "ok", v = a.skipReason, y = !1, b = !1;
+function s(e, r, a) {
+	let { version: o, sha: s, publishedAt: u } = r, d = e.version ?? "unknown", f = n(d), p = a.currentRefType, { style: m } = a, h = (m === "preserve" && p === "tag" ? t(d, o) : null) ?? o, g = h ? n(h) : null, _ = a.status ?? "ok", v = a.skipReason;
 	if (_ === "skipped") return {
 		currentRefType: p,
 		currentVersion: d,
@@ -211,11 +221,12 @@ function o(e, r, a) {
 		latestVersion: o,
 		publishedAt: u,
 		skipReason: v,
-		latestSha: l,
+		latestSha: s,
 		action: e,
 		status: _
 	};
-	if (f && c(f)) l ? y = !s(f, l) : g && (y = !0);
+	let y = !1, b = !1;
+	if (f && l(f)) s ? y = !c(f, s) : g && (y = !0);
 	else if (f && g) {
 		let t = i.valid(f), n = i.valid(g);
 		if (t && n) {
@@ -223,7 +234,7 @@ function o(e, r, a) {
 				let e = i.major(t);
 				b = i.major(n) > e;
 			}
-			!y && i.eq(t, n) && !c(e.version) && l && m === "sha" && (y = !0, b = !1);
+			!y && i.eq(t, n) && !l(e.version) && s && m === "sha" && (y = !0, b = !1);
 		} else f !== g && (y = !0);
 	}
 	return {
@@ -233,25 +244,25 @@ function o(e, r, a) {
 		publishedAt: u,
 		isBreaking: b,
 		skipReason: v,
-		latestSha: l,
+		latestSha: s,
 		hasUpdate: y,
 		action: e,
 		status: _
 	};
 }
-function s(e, t) {
+function c(e, t) {
 	let n = e.replace(/^v/u, ""), r = t.replace(/^v/u, ""), i = Math.min(n.length, r.length);
 	return i < 7 ? !1 : n.slice(0, Math.max(0, i)).toLowerCase() === r.slice(0, Math.max(0, i)).toLowerCase();
 }
-function c(e) {
+function l(e) {
 	if (!e) return !1;
 	let t = e.replace(/^v/u, "");
 	return /^[0-9a-f]{7,40}$/iu.test(t);
 }
-function l(t) {
-	return t ? c(t) ? "sha" : e(t) ? "tag" : "unknown" : "unknown";
+function u(t) {
+	return t ? l(t) ? "sha" : e(t) ? "tag" : "unknown" : "unknown";
 }
-function u(e) {
+function d(e) {
 	return e instanceof Error && e.name === "GitHubRateLimitError";
 }
-export { a as checkUpdates };
+export { o as checkUpdates };

package/dist/core/api/internal-rate-limit-error.d.ts

@@ -1,3 +1,3 @@
 export declare class GitHubRateLimitError extends Error {
-    constructor(resetAt: Date);
+    constructor(resetAt: Date, options?: ErrorOptions);
 }

package/dist/core/api/internal-rate-limit-error.js

@@ -1,7 +1,7 @@
 var e = class extends Error {
-	constructor(e) {
-		let t = e.toLocaleTimeString();
-		super(`GitHub API rate limit exceeded. Resets at ${t}`), this.name = "GitHubRateLimitError";
+	constructor(e, t) {
+		let n = e.toLocaleTimeString();
+		super(`GitHub API rate limit exceeded. Resets at ${n}`, t), this.name = "GitHubRateLimitError";
 	}
 };
 export { e as GitHubRateLimitError };

package/dist/core/api/make-request.js

@@ -9,8 +9,7 @@ async function t(t, n, r = {}) {
 	let a = await fetch(`${t.baseUrl}${n}`, {
 		...r,
 		headers: i
-	}), o = {};
-	for (let [e, t] of a.headers.entries()) o[e] = t;
+	}), o = Object.fromEntries(a.headers.entries());
 	if (e(t, o), !a.ok) {
 		let e = /* @__PURE__ */ Error(`GitHub API error: ${a.status} ${a.statusText}`);
 		if (e.status = a.status, a.status === 403) {

package/dist/core/api/resolve-github-token-sync.js

@@ -31,8 +31,7 @@ function r() {
 			if (i === "github") {
 				let e = t.match(/^(?:oauth-token|token)\s*=\s*(?<val>\S[^\n\r]*)$/u);
 				if (e?.groups?.val) return e.groups.val.trim();
-			}
-			if (i === "hub") {
+			} else if (i === "hub") {
 				let e = t.match(/^oauthtoken\s*=\s*(?<val>\S[^\n\r]*)$/u);
 				if (e?.groups?.val) return e.groups.val.trim();
 			}

package/dist/core/ast/update/apply-updates.js

@@ -7,7 +7,7 @@ async function n(n) {
 		let n = i.get(t) ?? [];
 		n.push(e), i.set(t, n);
 	}
-	let a = [...i.entries()].map(async ([n, i]) => {
+	let a = [...i].map(async ([n, i]) => {
 		let a = await e(n, "utf8");
 		for (let e of i) {
 			let t = e.targetRef ?? e.latestSha, n = e.targetRefStyle ?? (e.latestSha ? "sha" : null);
@@ -15,11 +15,12 @@ async function n(n) {
 			function i(e) {
 				return e.replaceAll(/[$()*+\-./?[\\\]^{|}]/gu, String.raw`\$&`);
 			}
-			let o = i(e.action.name), s = e.currentVersion ? i(e.currentVersion) : "", c = s ? String.raw`(?=(?:['"]|[ \t\]}{,#]|$))` : "";
+			let o = i(e.action.name);
 			if (o.includes("\n") || o.includes("\r")) {
 				console.error(`Invalid action name: ${e.action.name}`);
 				continue;
 			}
+			let s = e.currentVersion ? i(e.currentVersion) : "";
 			if (s && (s.includes("\n") || s.includes("\r"))) {
 				console.error(`Invalid version: ${e.currentVersion}`);
 				continue;
@@ -32,7 +33,7 @@ async function n(n) {
 				console.error(`Invalid SHA format: ${t}`);
 				continue;
 			}
-			let l = String.raw`['"]?\buses\b['"]?\s*:\s*`, u = String.raw`(?:^[^\S\n]*(?:-[^\S\n]*)?|[{\[,][^\S\n]*)` + l, d = new RegExp(String.raw`(?<prefix>${u})` + String.raw`(?<quote>['"]?)` + String.raw`(?<name>${o})@${s}${c}` + String.raw`\k<quote>` + String.raw`(?<after>[ \t\]}{,]*)` + String.raw`(?<comment>[^\S\r\n]*#[^\r\n]*)?`, "gm");
+			let c = s ? String.raw`(?=(?:['"]|[ \t\]}{,#]|$))` : "", l = String.raw`['"]?\buses\b['"]?\s*:\s*`, u = String.raw`(?:^[^\S\n]*(?:-[^\S\n]*)?|[{\[,][^\S\n]*)` + l, d = RegExp(`(?<prefix>${u})(?<quote>['"]?)(?<name>${o})@${s}${c}${String.raw`\k<quote>`}${String.raw`(?<after>[ \t\]}{,]*)`}${String.raw`(?<comment>[^\S\r\n]*#[^\r\n]*)?`}`, "gm");
 			a = a.replace(d, (i, ...a) => {
 				let o = a.at(-3), c = a.at(-2), l = a.at(-1), u = c.indexOf("\n", o + i.length), d = (u === -1 ? c.slice(o + i.length) : c.slice(o + i.length, u)).trim().length > 0, f = l.after.endsWith(" ") ? "" : " ", p = "";
 				if (n === "sha") p = d && !l.comment && s !== "" ? "" : `${f}# ${e.latestVersion}`;

package/dist/core/fs/find-repo-root.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Walks up from a starting directory to find the repository root.
+ *
+ * The root is the nearest ancestor (including the start) that contains a `.git`
+ * entry — a directory in a normal clone or a file in a git worktree — or, as a
+ * fallback for non-git checkouts, a `.github` directory. Returns null when no
+ * such ancestor exists up to the filesystem root.
+ *
+ * @param startDirectory - Absolute path to start searching from.
+ * @returns The repository root directory, or null when none is found.
+ */
+export declare function findRepoRoot(startDirectory: string): Promise<string | null>;

package/dist/core/fs/find-repo-root.js

@@ -0,0 +1,17 @@
+import "../constants.js";
+import { dirname as e, join as t, resolve as n } from "node:path";
+import { stat as r } from "node:fs/promises";
+async function i(r) {
+	let o = n(r);
+	if (await a(t(o, ".git")) || await a(t(o, ".github"))) return o;
+	let s = e(o);
+	return s === o ? null : await i(s);
+}
+async function a(e) {
+	try {
+		return await r(e), !0;
+	} catch {
+		return !1;
+	}
+}
+export { i as findRepoRoot };

package/dist/core/interactive/format-version.js

@@ -4,7 +4,7 @@ function n(n, a) {
 	if (!n) return e.gray("unknown");
 	let o = t.parse(n), s = a ? t.parse(r(a)) : null;
 	if (!s || !o) return n;
-	let c = t.diff(r(a), n), l = s.major === 0 ? e.yellowBright : e.gray, u = [
+	let c = t.diff(r(a), n), l = e[s.major === 0 ? "yellowBright" : "gray"], u = [
 		o.major,
 		o.minor,
 		o.patch

package/dist/core/interactive/prompt-update-selection.js

@@ -43,13 +43,13 @@ async function p(p, T = {}) {
 	for (let [e, n] of D.entries()) {
 		let r = n.action.name, o = k[e], c = o.display, l = n.action.job ?? "–";
 		if (j = Math.max(j, r.length), M = Math.max(M, i(c).length, o.versionForPadding && o.shortSha ? i(`${a(o.versionForPadding, P + 1)}${s.gray(`(${o.shortSha})`)}`).length : 0), N = Math.max(N, l.length), n.latestVersion) {
-			let r = t(n.targetRefStyle === "tag" && n.targetRef ? n.targetRef : n.latestVersion, k[e]?.effectiveForDiff ?? n.currentVersion);
-			P = Math.max(P, i(r).length);
+			let r = n[n.targetRefStyle === "tag" && n.targetRef ? "targetRef" : "latestVersion"], a = t(r, k[e]?.effectiveForDiff ?? n.currentVersion);
+			P = Math.max(P, i(a).length);
 		}
 		let u = k[e]?.versionForPadding;
 		u && (P = Math.max(P, i(u).length)), n.publishedAt && (F = !0);
 	}
-	let I = Math.max(j, l), L = Math.max(M, d), R = Math.max(N, u), z = Math.min(P, f), B = z + 1 + 9, V = E && F ? 6 : 0, H = [...O.keys()].toSorted();
+	let I = Math.max(j, l), L = Math.max(M, d), R = Math.max(N, u), z = Math.min(P, f), B = z + 1 + 9, V = E && F ? 6 : 0, H = O.keys().toArray().toSorted();
 	for (let [e, n] of H.entries()) {
 		let r = O.get(n);
 		if (!r) {
@@ -129,7 +129,7 @@ async function p(p, T = {}) {
 		let e = {
 			indicator(e, t) {
 				if (t.isGroupLabel) {
-					let e = (t.choices ?? []).filter((e) => !("role" in e)), n = e.length, r = e.filter((e) => !!e.enabled).length === n ? "●" : "○";
+					let e = (t.choices ?? []).filter((e) => !("role" in e)), n = e.length, r = e.filter((e) => e.enabled).length === n ? "●" : "○";
 					return ` ${s.gray(r)}`;
 				}
 				return `   ${t.enabled ? "●" : "○"}`;
@@ -215,7 +215,7 @@ function S(e) {
 	return e.targetRef ? e.targetRef : e.latestSha;
 }
 function C() {
-	console.info(`\r\u001B[K${s.yellow("Selection cancelled")}`);
+	console.info(`\r\u{1B}[K${s.yellow("Selection cancelled")}`);
 }
 function w(e) {
 	return !!S(e);

package/dist/core/scan-github-actions.js

@@ -110,7 +110,9 @@ async function p(u = process.cwd(), p = t) {
 			}
 			async function r() {
 				if (n.length === 0) return;
-				let i = n.splice(0), o = await Promise.all(i.map(async (n) => {
+				let i = [...n];
+				n.length = 0;
+				let o = await Promise.all(i.map(async (n) => {
 					try {
 						let r = s(n, "action.yml"), i = s(n, "action.yaml"), o = r;
 						try {

package/dist/core/scan-recursive.js

@@ -33,14 +33,17 @@ async function l(l, d) {
 		} catch {}
 		return null;
 	}), _ = await Promise.all(g);
-	for (let e of _) if (e) if (e.type === "workflow") f.workflows.set(e.path, e.actions), f.actions.push(...e.actions);
-	else {
-		let t = o(e.path), n = t === "." || t === "" ? e.path : t;
-		f.compositeActions.set(n, e.path), f.actions.push(...e.actions);
+	for (let e of _) if (e) {
+		if (e.type === "workflow") f.workflows.set(e.path, e.actions);
+		else {
+			let t = o(e.path), n = t === "." || t === "" ? e.path : t;
+			f.compositeActions.set(n, e.path);
+		}
+		f.actions.push(...e.actions);
 	}
 	return f;
 }
 function u(e, t) {
-	return typeof e == "object" && !!e && t in e;
+	return typeof e == "object" && !!e && Object.hasOwn(e, t);
 }
 export { l as scanRecursive };

package/dist/package.js

@@ -1,2 +1,2 @@
-var e = "1.14.2";
+var e = "1.15.0";
 export { e as version };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "actions-up",
-  "version": "1.14.2",
+  "version": "1.15.0",
   "description": "Interactive CLI tool to update GitHub Actions with SHA pinning or preserved refs",
   "keywords": [
     "github-actions",
@@ -36,14 +36,13 @@
     "./dist"
   ],
   "dependencies": {
-    "cac": "^7.0.0",
     "enquirer": "^2.4.1",
     "nanospinner": "^1.2.2",
     "picocolors": "^1.1.1",
-    "semver": "^7.8.0",
+    "semver": "^7.8.5",
     "yaml": "^2.9.0"
   },
   "engines": {
-    "node": "^18.0.0 || >=20.0.0"
+    "node": "^18.3.0 || >=20.0.0"
   }
 }

package/readme.md

@@ -187,6 +187,16 @@ skipped to avoid changing intentionally floating references. Skipped entries are
 listed in the output. To include them in update checks, pass
 `--include-branches`.
 
+### Quiet Mode
+
+Use `--quiet` (`-q`) to hide the skipped and blocked-update warnings (for
+example, actions intentionally pinned to branches). Other output — results,
+applied updates, and errors — is unchanged.
+
+```bash
+npx actions-up --yes --quiet
+```
+
 ### Update Mode
 
 By default, Actions Up allows major updates. Use `--mode` to limit updates: