Sync: actions/setup-java@baa1691#7
Open
forklebot[bot] wants to merge 17 commits into
Open
Conversation
…ons#989) * Refactor error handling for version not found cases across multiple installers * Mock core.error in tests to suppress error logs * fix(graalvm): improve error messages for EA version not found scenarios * refactor(tests): update error messages for version not found scenarios * fix(graalvm): enhance error messages for version not found scenarios * fix(graalvm): improve error messages for version not found scenarios with updated download URL * fix(graalvm): improve error handling for EA version not found scenarios with clearer messages
… tool-cache, xmlbuilder2) (actions#999) * chore: upgrade dependencies and update license cache Agent-Logs-Url: https://github.com/actions/setup-java/sessions/55ba1e4b-a515-4177-8a35-44bffa4ad0c0 Co-authored-by: lmvysakh <187510632+lmvysakh@users.noreply.github.com> * chore: upgrade @actions/exec ^1.0.4→^2.0.0 and @actions/io ^1.0.2→^2.0.0 Agent-Logs-Url: https://github.com/actions/setup-java/sessions/8be3df50-f347-42da-9734-73f71bf89d40 Co-authored-by: lmvysakh <187510632+lmvysakh@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: lmvysakh <187510632+lmvysakh@users.noreply.github.com>
* note for oracle jdk17. in Readme.md * docs: fix Oracle JDK 17 NOTE * docs: fix duplicate NOTE prefix and improve Oracle JDK 17 license link phrasing in READMEn
temurin: add support for Alpine Linux
…ml-parser (actions#1015) * fix: update dependency license records and resolve npm audit vulnerabilities - Bump fast-xml-builder 1.1.4 → 1.2.0 (GHSA-5wm8-gmm8-39j9) - Bump fast-xml-parser 5.5.10 → 5.8.0 (GHSA-gh4j-gqv2-49f6) - Bump strnum 2.2.3 → 2.4.0 - Bump path-expression-matcher 1.4.0 → 1.5.0 - Add license records for new deps @nodable/entities and xml-naming * fix: add anynum license record and rebuild dist * re-run licensed
) Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.35.1 to 8.46.2. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.2/packages/eslint-plugin) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.46.2 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) from 8.10.0 to 10.1.8. - [Release notes](https://github.com/prettier/eslint-config-prettier/releases) - [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md) - [Commits](prettier/eslint-config-prettier@v8.10.0...v10.1.8) --- updated-dependencies: - dependency-name: eslint-config-prettier dependency-version: 10.1.8 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) * Bump picomatch, @types/jest, jest, jest-circus and ts-jest Bumps [picomatch](https://github.com/micromatch/picomatch) to 4.0.4 and updates ancestor dependencies [picomatch](https://github.com/micromatch/picomatch), [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest), [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest), [jest-circus](https://github.com/jestjs/jest/tree/HEAD/packages/jest-circus) and [ts-jest](https://github.com/kulshekhar/ts-jest). These dependencies need to be updated together. Updates `picomatch` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.3...4.0.4) Updates `@types/jest` from 29.5.14 to 30.0.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest) Updates `jest` from 29.7.0 to 30.4.2 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest) Updates `jest-circus` from 29.7.0 to 30.4.2 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest-circus) Updates `ts-jest` from 29.3.0 to 29.4.11 - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md) - [Commits](kulshekhar/ts-jest@v29.3.0...v29.4.11) --- updated-dependencies: - dependency-name: "@types/jest" dependency-version: 30.0.0 dependency-type: direct:development - dependency-name: jest dependency-version: 30.4.2 dependency-type: direct:development - dependency-name: jest-circus dependency-version: 30.4.2 dependency-type: direct:development - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect - dependency-name: ts-jest dependency-version: 29.4.11 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * run licensed and update dist --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: George Adams <georgeadams1995@gmail.com>
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.1.0 to 25.9.3. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.9.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ns#1014) * Use Link headers for Adoptium pagination * Fix nullable pagination URL types and rebuild dist * Add 1000-page safeguard for JetBrains pagination * Adjust plan for pagination safeguard scope * Move pagination safeguard to non-JetBrains installers * Add 1000-page safeguard to Adopt Temurin and Semeru pagination * Fix Prettier formatting in adopt, semeru, and temurin installer files * Fix CI audit failure by updating vulnerable transitive deps * Address PR review: RFC-compliant Link parsing, SSRF validation, centralized constant - Make getNextPageUrlFromLinkHeader RFC 8288 compliant by splitting link-values and checking for rel=next anywhere in the parameters, not just as the first parameter after the semicolon. - Add validatePaginationUrl utility to reject pagination URLs that point to unexpected origins (SSRF mitigation). - Centralize MAX_PAGINATION_PAGES in util.ts instead of duplicating across Adopt, Semeru, and Temurin installers. - Add tests for rel not being the first parameter, and for URL origin validation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address code review feedback on pagination implementation - Tighten rel regex with word boundary to prevent false positives (e.g., rel="nextsomething" no longer matches). - Use parsed.origin comparison in validatePaginationUrl to correctly handle explicit default ports (e.g., :443 for HTTPS). - Fix pagination safeguard tests to use same-origin URLs so they actually exercise the 1000-page limit instead of being rejected by origin validation on the first request. - Add test for rel="nextsomething" not matching. - Add test for explicit default port acceptance. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix prettier formatting in util.test.ts * Rebuild dist/ to fix check-dist CI failure --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
… latest assets (actions#522) * Make the Adoptopenjdk package type look at the Temurin repo first for latest assets * Address Copilot code review comments - Use strict equality (===, !==) instead of loose equality (==, !=) for all comparisons - Properly handle caught errors with instanceof type narrowing before accessing properties - Only fall back to legacy AdoptOpenJDK for specific version-not-found errors - Rethrow unexpected errors to avoid masking real issues (network failures, rate limits, etc.) - Fix error message check to match actual error text ('No matching version found') - Remove unnecessary undefined check since method return type is never undefined - Add @internal JSDoc annotation to TemurinDistribution.findPackageForDownload() - Update tests to properly mock Temurin lookup failures for fallback behavior testing - Rebuild dist files * Always fall back to legacy AdoptOpenJDK but log all Temurin failures - Change error handling to gracefully fall back for all errors, not just version-not-found - Log version-not-found errors as notices with migration guidance - Log other Temurin failures as debug messages for troubleshooting - Improves resilience: users always get a result even if Temurin API has issues - Maintains visibility: failures are still logged for debugging * Fixes from review * Fixes from review * Fixes from review * Regenerate dist
* Bump @vercel/ncc from 0.38.1 to 0.44.0 Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.44.0. - [Release notes](https://github.com/vercel/ncc/releases) - [Commits](vercel/ncc@0.38.1...0.44.0) --- updated-dependencies: - dependency-name: "@vercel/ncc" dependency-version: 0.44.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * recompile dist --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: George Adams <georgeadams1995@gmail.com>
* Bump @typescript-eslint/parser from 8.48.0 to 8.61.1 Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.48.0 to 8.61.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.1/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-version: 8.61.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * run licensed and update dist --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: George Adams <georgeadams1995@gmail.com>
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
…ons#1009) Distributions like JetBrains Runtime publish 4-segment versions such as '17.0.8.1+1080.1' that the semver package rejects. Both compareBuild and satisfies throw on these, which surfaced to users as "Error: Invalid Version: 17.0.8.1+1080.1" and aborted the whole install when any available version was non-semver. Guard with an early semver.valid check so unparseable versions are treated as a non-match. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sync Upstream Changes
This pull request applies all changes from the upstream repository
actions/setup-javaup to and including commitbaa1691.This ensures that
rmd-actions/setup-javais up to date with the latest changes from upstream.🤖 This pull request was managed through automation. Please do not modify or close this PR manually.