Bump the actions group with 4 updates#1
Closed
dependabot[bot] wants to merge 14 commits into
Closed
Conversation
Base install (parser + JCL/JSON/YAML/CSV serializers) is unchanged from
0.2.0 in terms of public API.
New optional extra `pip install fromjcl[zoau]` adds:
- --to zoau: translate steps into ZOAU 1.x shell (dtouch, drm, dcp,
dgrep, dsed, dzip/dunzip, dmv, mls, ...)
- --to mvscmd: lower-level mvscmd/mvscmdauth fallback for steps without
an opinionated ZOAU mapping
- bashlex-based validator: every flag in the emitted script is checked
against a frozen 55-verb / 493-flag ZOAU manpage table; warnings
surface as `# WARNING:` lines and exit non-zero in --strict (default)
- Every emitted shell script carries an EXPERIMENTAL banner
Also:
- IF/THEN/ELSE translation: JCL conditionals become bash `if (( ... ))`
guards. ABEND/RUN get best-effort approximations with explicit warnings.
- Corpus grows 50 -> 55 samples (IBM bucket 14 -> 19) with new coverage
for JES2 /*JOBPARM + /*OUTPUT referbacks, JES3 /*SETUP + /*MESSAGE,
JCLLIB ORDER=, PROC step DD overrides, BPXBATCH inline shell.
- New combinatoric roundtrip matrix test:
JCL -> {JSON,YAML,CSV} -> JCL -> Job IR fixed-point under dataclass
equality. Two pre-existing bugs are pinned as xfail with explicit
fix-locations: IF re-emission exceeds 71-col limit; CSV drops job
SET symbols.
- Two parser limitations surfaced by the expanded corpus are filed as
TODOs in _scanner.py: /*-control statements drop cols 73-80;
trailing \x1a EOF triggers spurious synthetic SYSIN.
Audit pass per stackoverflow.blog/2021/12/23/best-practices-for-writing-code-comments:
- Rewrote tests/test_cli_gate.py — it had been 100% silently skipped
because it `importorskip`ed ansible, which the OSS slice does not
ship. Now exercises the zoau gate honestly (added 5 tests).
- Removed duplicate / magic-number comments (yaml.py, jcl.py).
- Added defensive comments for C-port parity (_scanner.py), domain
decisions (common.py program lists, classify.py DISP semantics),
and the bash truthy idiom in _conditions.py.
- TODOs added for silent lossy defaults in rejcl.py.
Punted to a local `dev` branch (not pushed): the Ansible converters
(zos_core, zos_mvs_raw), the z/OSMF converter, the Makefile converter,
and the dep/conditions graph utilities that depend on them.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Audit against peers (ibm_zos_core, Zowe CLI, MikeFultonDev/JCLParser, ibmruntimes/zoslib, zopencommunity/meta) surfaced a small set of gaps in the disclosure stack ahead of publishing 0.3.0. - Add NOTICE consolidating attribution for the JCLParser port and the IBM/IBM-Z-zOS vendored samples; include it in pyproject license-files so it ships in the sdist/wheel. - Tighten the README Trademarks section: drop "JCL" (generic technical term, not on IBM's published trademark register), expand ZOAU to "Z Open Automation Utilities (ZOAU)", cite ibm.com/legal/copytrade, add the IBM standard "Other product and service names ..." sentence. Keep the "independent community effort, not affiliated" sentence — fromjcl is the only audited project that needs this, since the peers are either IBM-led or under a foundation umbrella. - Add CONTRIBUTING.md requiring DCO sign-off (matches Zowe/zopen), documents the test-corpus convention. - Add SECURITY.md with private reporting via GitHub Security tab + email. - Add CODE_OF_CONDUCT.md (Contributor Covenant 2.1 verbatim) with the maintainer email as enforcement contact. - Add `# SPDX-License-Identifier: Apache-2.0` header to every src/fromjcl/*.py (22 files). Matches the per-file licensing posture of Zowe, zoslib, and IBM-Z-zOS. Deferred to a follow-up commit: replacing the 9 IBM-Redbook-transcribed JCL samples (DFSMS / MVS-JCL-Reference / MVS-JCL-User's-Guide) with hand-authored paraphrases. The current SOURCES.md "fair use" framing is the only piece of the audit that none of the peer projects do — clean room paraphrases remove the exposure entirely. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…BM-Redbook examples
CORPUS
- ibm/ grows from 14 to 47 samples by pulling from github.com/IBM/* and
zowe/* (Apache-2.0 / MIT only). Coverage now spans BCPii SYSAFF=,
CICS DFHCSDUP, DB2 utilities, DBB COBOL/PL/I, ICSF SORT+REXX,
CustomPac SMP/E, Open Enterprise SDK for Apache Kafka, zOS Client
Web Enablement Toolkit, ansible-collections samples, RACF/SAF
PassTicket, CA-Top Secret, Z Open Editor ALLOCATE/PLIALLOC/ASMALLOC/
REXALLOC/RUN/INCLUDE, multi-step PROC with PEND, and a real-world
844-line DB2 install job. Triage rejected templated files with
jinja {{ }} placeholders and one source-malformed file with non-space
data in col 72 of a JOB card.
- Replace 9 IBM-Redbook-transcribed samples (DFSMS AMS, MVS JCL
Reference, MVS JCL User's Guide) with hand-authored paraphrases that
exercise the same parser constructs. SOURCES.md no longer claims
fair use on any sample — only Apache-2.0 / MIT GitHub vendoring and
clean-room paraphrases.
PARSER FIXES (driven by samples the agent rejected during corpus pull)
- Bare `/*` end-of-data delimiters between DD blocks (not after an
in-stream DD) were silently appended as a continuation record of the
previous statement and re-emitted as `//`. They now get their own
/* statement; `_reconstruct_jes2` truncates to the recorded record
length so the original `/*\n` survives byte-exact.
- Trailing EBCDIC `\x1a` EOF sentinel triggered a spurious synthetic
`//SYSIN DD *` to hold the byte. `_records_from_bytes` now strips
at and after the sentinel.
- `INCLUDE` statements were dropping their `MEMBER=` parameter because
`INCLUDE` was missing from `_dispatch`'s `with_params` allowlist.
- Multi-line IF conditions continued across records joined adjacent
fragments without a separator (`OR\n COND` became `ORCOND`). Now
joins with a space. The 71-col multi-line IF re-emission gap stays
documented in `_REJCL_XFAIL`.
SERIALIZER FIXES (rejcl roundtrip path)
- Blank lines inside in-stream `DD *` blocks now survive the synthesis
path. The `if line:` filter in `_emit_dd_with_instream` was dropping
them; switched to `splitlines()`.
- The instream cleanup in `serialize/__init__.py:remove_nulls` strips
at most one terminating newline, so trailing blank lines (encoded as
`\n\n`) survive JSON/YAML/CSV roundtrip.
Tests: 652 passing, 20 xfailed. The xfails document three remaining
limitations: multi-line IF re-emission exceeds the 71-col limit; CSV
has no column for job-level SET symbols; PARM with a paren-list
containing a quoted token over-escapes through the rejcl path. Two
parser limitations stay filed as in-code TODOs: cols 73-80 dropped on
`/*` JES2/3 statements; `//*` comment inside a continuation chain
crashes or corrupts (affects SMP/E samples — gimzip/PTF@/PTFMERGE
remain rejected from the corpus).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Keeping a CHANGELOG ahead of any release just creates rot. Start one when there is a v0.3.0 tag to be the "before" line. Also drops the matching CHANGELOG reference from README and the "keep the changelog current" line from CONTRIBUTING. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Behaviour is preserved: same positional input, same options (--rejcl, --from, --to, -o/--output, --strict/--no-strict), same exit codes, same gate semantics. main() still returns int so the test harness (which calls cli.main() directly under monkeypatched argv) is unchanged. What we gain in exchange for the typer dependency: - Rich-formatted --help with per-option type annotations. - Bad enum values get a structured error box instead of a one-line argparse error. - Argument/option semantics are declared with type hints, which shortens the file from ~150 to ~180 lines but moves all the "what's allowed" knowledge into typing. OutputFormat / InputFormat StrEnums replace string choices lists; the few places that compared `fmt == "zoau"` now compare against the enum member. typer pulls in click, rich, shellingham — pure Python wheels, all install on z/OS via IBM Open Enterprise Python. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Comment audit (against the Stack Overflow 9 rules) flagged four small items in serialize/jcl.py and _scanner.py: - serialize/jcl.py:_format_param — drop two redundant comments around the PARM-already-quoted branch (rule 1); the conditional is self-explanatory. - serialize/jcl.py:_emit_quoted_parm — rewrite docstring to say what the "incomplete final line" actually is (rule 4) and drop the inline comments that duplicated it (rule 1). - _scanner.py — _blank_record and _blank_after_prefix were byte-identical; collapse to one (_blank_after_prefix wins because its name describes what it actually checks: cols 3..71, not the full record). OSS readiness audit returned READY with five optional polish items. Adopting two now: - .github/workflows/ci.yml — checkout, uv setup on Python 3.12, uv sync --all-groups, install bashlex (the [zoau] extra), run tests/check.sh, build wheel + sdist, upload artifacts. Makes the "CI runs the same pipeline" line in CONTRIBUTING.md real. - tests/jcl_samples/zoau/SOURCES.md — one-line note explaining the .jcl / .zoau twin pairs and the oracle test that consumes them. Skipping the audit's other three suggestions: - Inline "Vendored from <URL>, Apache-2.0" markers on the 8 vendored-from-Apache-source samples would break byte-exact roundtrip; SOURCES.md attribution is already authoritative. - PyPI install-verification badge is premature before the first release. - Tag-and-push v0.3.0 is a release step for the maintainer. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PARSER + SERIALIZER
Previously the test report showed 20 xfailed. Three root causes
addressed so the report is now 672 passed / 0 xfailed / 0 failed.
- serialize/jcl.py:_format_param. PARM=(token,token,'spaced') is a
paren-list, not a quoted string. Pass it through unchanged instead
of wrapping the whole value in single quotes and doubling inner
apostrophes. Resolves the 3 asm_lked_go_cond rejcl-matrix entries.
- serialize/csv.py. Add a `symbols` column that flattens job-level
SET symbols to `name=value;name=value`. rejcl reverses on read.
Resolves 14 csv-only rejcl-matrix entries.
- serialize/csv.py:_format_instream. Old code used `.strip("\\n")`
which strips any trailing chars in the set {backslash, n} and ate
trailing blank lines. Mirror the rule already in remove_nulls:
strip exactly one terminator if the last line has content; keep
trailing blank lines.
- serialize/jcl.py:_emit_if. Long IF conditions (composite "(NOT A)
AND (B)" forms that rejcl reconstructs from nested IF/ELSE) now
break across continuation records at whitespace, with the
continuation starting at col 11 to mirror the scanner's join
behavior. Resolves the 3 if_nested_procs rejcl-matrix entries.
VOICE
- Em dashes removed across docs and source comments (CONTRIBUTING.md,
6 source files, 5 test files). Replaced with periods, colons,
parentheses, or commas as fits the sentence.
- The one fixable "not just" in classify.py rewritten. The instance
in CODE_OF_CONDUCT.md stays as part of the verbatim Contributor
Covenant 2.1 text.
README
- Mention typer in the runtime dep list (was wrong before).
- Note the 83-sample corpus and where it came from.
- Add an extra jq query example and a one-line dataclasses note for
the Python-API section.
- Add CI workflow callout in Development.
- Cross-link CONTRIBUTING and SECURITY in Docs.
PYPI
- `twine check dist/*` PASSED on both wheel and sdist.
- METADATA is PEP 639 (License-Expression: Apache-2.0) and includes
LICENSE + NOTICE under License-File.
- 30-file wheel, 170 KB; sdist ships LICENSE, NOTICE, PKG-INFO,
README, pyproject, src/.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
REGRESSION COVERAGE Three test files cover gaps the corpus tests missed: - test_golden_conversions.py: 10 tests. The json_samples/ and yml_samples/ goldens (5 paired with JCL inputs) were sitting unused; this wires them in. Catches semantic drift (field rename, value normalisation) that the matrix tests miss because the matrix only checks "non-empty steps". Goldens were regenerated to reflect the current YAML block-scalar representer and trailing-newline rule; any future serializer change that drifts from them fails here. - test_cli_smoke.py: 7 tests. Spawns the installed `fromjcl` entry point via subprocess and exercises --to yaml, --to json, --to jcl byte-exact, stdin input, --rejcl through a temp file, bad-format rejection, and --help. The existing test_cli_gate.py monkeypatches sys.argv and calls main() directly so cannot catch [project.scripts] wiring bugs. This file does. - test_models.py: 19 tests. Direct unit coverage for Disposition, Space, and DCB factory methods, including the None / empty / referback (`*.STEP.DD`) / malformed-numeric / unrecognised-key branches the corpus tests do not reach. Total: 672 -> 708 tests, still 0 failures / 0 xfails. pyproject.toml now adds S603 (subprocess-in-tests) to the tests/** ruff-lint ignore list; we trust our own binary on known inputs. COMMENTS Pass over every multi-line comment block added in the recent fix commits. Removed narrative bloat. New rule of thumb in this codebase: if the comment runs 3+ lines, either the code needs to be rewritten to be self-explanatory or the comment is over-explaining. Defenders of unidiomatic code stay (rule 5 of the SO guide), but they are now one or two lines, not five. Trimmed blocks in: _scanner.py (ScanState enum, Stmt dataclass, JES2/3 cols-73-80 TODO, \\x1a EOF strip, bare /* dispatch, IF continuation join, conditional_col, JCLCMD body capture), serialize/__init__.py (remove_nulls), serialize/csv.py (_step_base symbols, _format_instream), serialize/jcl.py (_format_param PARM shapes, _emit_if continuation, _emit_dd_with_instream blank lines, _reconstruct_jes2 trim), converters/common.py (program lists, STEPLIB insert, DIRBLKS), converters/classify.py (IEFBR14 DISP, matcher order), converters/_conditions.py (ABENDCC), converters/shell/zoau.py (type_map, ISRSUPC dispatch), rejcl.py (CSV JOB-fields, DLM TODO, removed a duplicated block), models.py (DD concatenation, bare-token-as-PROC), cli.py (main() docstring), _validate.py (flag tokens, # banner strip). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
typer.echo() appends a trailing newline beyond what the serializer emits. Concretely, `fromjcl --to jcl` piped to stdout produced `...text\n\n` while `--to jcl -o file` produced `...text\n`. The file-output path was right; only stdout was off by one byte. _write_output now ensures exactly one trailing newline on both paths by writing the same normalized text via sys.stdout.write for stdout and Path.write_text for files. `fromjcl --to jcl | diff - input.jcl` is now empty. Found during a fresh-install smoke check against `dist/fromjcl-0.3.0-py3-none-any.whl` from a clean venv. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
LIBRARY API
Until now `from fromjcl import ...` exposed only `parse` and `Job`.
Everything else (serializers, model dataclasses, the reverse path)
was reachable but underground. Promote them:
from fromjcl import (
parse, parse_bytes,
Job, Step, DD, Dataset, Disposition, Space, DCB,
to_json, to_yaml, to_csv, to_jcl, to_raw,
from_dump,
)
Anything under `fromjcl._*` or `fromjcl.converters.*` stays internal
and may change without a deprecation cycle. README has a new Python
API section with examples and a name table. test_public_api.py locks
the surface in (5 tests) so accidental additions or removals fail
the build.
SECURITY / COMPLIANCE
Per a fresh comparison with ibm_zos_core, zowe-cli, IBM/zoslib, and
MikeFultonDev/JCLParser, three P0 gaps closed and one piece of
ceremony dropped:
- .github/workflows/release.yml uses PyPI Trusted Publishing
(id-token: write, pypa/gh-action-pypi-publish), so releases get
PEP 740 attestations automatically and there is no long-lived API
token in GitHub secrets. Triggers on `v*` tags or manual dispatch;
runs the full quality gate, then twine check, then publish.
- .github/dependabot.yml configures weekly github-actions updates.
(pip ecosystem dropped per scope discussion: too noisy for a
single-maintainer project; pip-audit in CI already catches CVEs.)
- ci.yml gains bandit + pip-audit + twine check.
- bandit, pip-audit, twine moved into the dev dep group.
- Dev-dep CVEs in pytest (CVE-2025-71176) and pygments
(CVE-2026-4539) pinned to fixed versions. PYSEC-2022-42969 in `py`
is documented as not-applicable (`py.path.svnwc` not invoked).
- CODEOWNERS deleted as solo-maintainer ceremony with no signal.
DOCS + DEMO
- docs/demo.tape + docs/demo.gif: a VHS recording of the CLI walking
through `--to yaml`, `--to zoau`, `jq` querying, and byte-exact
roundtrip. README embeds the gif under the lead snippet.
- docs/sample.jcl: tiny self-contained JCL used by the demo so the
recording does not depend on the test corpus.
- docs/marp/visual.md + fromjcl-before-after.png: a 16:9 slide built
with the neobrutalism marp theme (thick borders, offset shadows,
yellow accent badge). Shows JCL on the left and YAML + ZOAU shell
on the right. Suitable for a LinkedIn share.
ATTRIBUTION
- _scanner.py module docstring now cites Mike Fulton's JCLParser
by name with the URL and Apache 2.0. Earlier audit confirmed
fromjcl's attribution stack (NOTICE, README, ARCHITECTURE,
parser_edge_cases/SOURCES.md) already exceeds what JCLParser
itself requires (no NOTICE upstream; LICENSE is just the 11-line
Apache trailer).
Tests: 708 -> 713 (added 5 in test_public_api.py).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- .gitignore: docs/marp/ excluded going forward. - Untracked: visual.md, .marprc.js, theme CSS, and the rendered PNG. Files stay on disk so the deck can still be re-rendered locally. - Updated visual: 16:10 aspect (1280x800, was 1280x720), coral accent (#ff5b3a) instead of yellow, tighter top padding, larger code font, footer band with `pip install fromjcl` and the repo URL. The docs/demo.gif stays tracked since it is embedded in the README and shows visiting users what the CLI does. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Missed in 2b79300; the docs/marp/ delete made it into that commit but the gitignore line that prevents re-tracking did not. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…hed ARCHITECTURE README - PyPI version, Python versions, license, and CI status badges. These only become useful once we are on PyPI; that happened today. - Docs section gains a link to CHANGELOG.md. CHANGELOG.md - v0.3.0 entry written now that the release is live on PyPI. The earlier commit dropped the file because no release existed yet to anchor it; now there is one. docs/ARCHITECTURE.md - Rewritten to match the actual OSS slice. The previous version still referenced _ansible_modules.py, converters/ansible/, converters/zosmf.py, converters/makefile.py, converters/_deps.py, and argparse, none of which ship. Module map and intent table now reflect what is actually in src/. - Added a Public API section that mirrors fromjcl/__init__.py and the test_public_api.py contract. - Bumped corpus count from 50 to 83. - Added a rejcl-matrix section under "Roundtrip guarantees" so the semantic-equivalence contract is documented next to the byte-exact one. .github/ - ISSUE_TEMPLATE/bug_report.md and feature_request.md so first-time reporters know what to include (JCL repro, version, [zoau] yes/no). - pull_request_template.md reminds contributors to run tests/check.sh, update the corpus for parser changes, update test_public_api.py when adding or removing public names, and sign off commits. Tests still 713 / 0 failed / 0 xfailed. Wheel + sdist rebuilt and twine check PASSED. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bumps the actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) Updates `astral-sh/setup-uv` from 5 to 7 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@v5...v7) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v7) Updates `actions/download-artifact` from 4 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v8) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: astral-sh/setup-uv dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Contributor
Author
|
Looks like these dependencies are updatable in another way, so this is no longer needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the actions group with 4 updates: actions/checkout, astral-sh/setup-uv, actions/upload-artifact and actions/download-artifact.
Updates
actions/checkoutfrom 4 to 6Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
de0fac2Fix tag handling: preserve annotations and explicit fetch-tags (#2356)064fe7fAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)08c6903Prepare v5.0.0 release (#2238)Updates
astral-sh/setup-uvfrom 5 to 7Release notes
Sourced from astral-sh/setup-uv's releases.
... (truncated)
Commits
37802adFetch uv from Astral's mirror by default (#809)9f00d18chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 (#808)fd8f376Switch to ESM for source and test, use CommonJS for dist (#806)f9070deBump deps (#805)cadb67bchore: update known checksums for 0.10.10 (#804)e06108dUse astral-sh/versions as primary version provider (#802)0f6ec07docs: replace copilot instructions with AGENTS.md (#794)821e5c9docs: add cross-client dependabot rollup skill (#793)6ee6290chore(deps): bump versions (#792)9f332a1Add riscv64 architecture support to platform detection (#791)Updates
actions/upload-artifactfrom 4 to 7Release notes
Sourced from actions/upload-artifact's releases.
... (truncated)
Commits
043fb46Merge pull request #797 from actions/yacaovsnc/update-dependency634250cInclude changes in typespec/ts-http-runtime 0.3.5e454baaReadme: bump all the example versions to v7 (#796)74fad66Update the readme with direct upload details (#795)bbbca2dSupport direct file uploads (#764)589182cUpgrade the module to ESM and bump dependencies (#762)47309c9Merge pull request #754 from actions/Link-/add-proxy-integration-tests02a8460Add proxy integration testb7c566aMerge pull request #745 from actions/upload-artifact-v6-releasee516bc8docs: correct description of Node.js 24 support in READMEUpdates
actions/download-artifactfrom 4 to 8Release notes
Sourced from actions/download-artifact's releases.
... (truncated)
Commits
3e5f45bAdd regression tests for CJK characters (#471)e6d03f6Add a regression test for artifact name + content-type mismatches (#472)70fc10cMerge pull request #461 from actions/danwkennedy/digest-mismatch-behaviorf258da9Add change docsccc058eFix linting issuesbd7976bAdd a setting to specify what to do on hash mismatch and default it toerrorac21fcfMerge pull request #460 from actions/danwkennedy/download-no-unzip15999bfAdd note about package bumps974686eBump the version tov8and add release notesfbe48b1Update test names to make it clearer what they doDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions