From 437a4c39c7a169d3ebc939eb94be91725c8b9dd5 Mon Sep 17 00:00:00 2001 From: Raj-StepSecurity Date: Wed, 28 Jan 2026 10:08:10 +0530 Subject: [PATCH] feat: version upgrade of node from 20 to 24 --- .github/workflows/actions_release.yaml | 6 ++++++ .github/workflows/audit-package.yml | 7 +++++++ .github/workflows/auto_cherry_pick.yml | 6 ++++++ action.yml | 2 +- dist/index.js | 27 ++++++++++++-------------- package-lock.json | 18 ++++++++--------- package.json | 4 ++-- tsconfig.json | 2 +- 8 files changed, 44 insertions(+), 28 deletions(-) diff --git a/.github/workflows/actions_release.yaml b/.github/workflows/actions_release.yaml index 5e52aee..37ce198 100644 --- a/.github/workflows/actions_release.yaml +++ b/.github/workflows/actions_release.yaml @@ -11,6 +11,11 @@ on: required: false type: string default: "npm run all" + node_version: + description: "Specify Node.js version" + required: false + type: string + default: "24" permissions: contents: read @@ -25,3 +30,4 @@ jobs: with: tag: "${{ github.event.inputs.tag }}" script: "${{ github.event.inputs.script }}" + node_version: ${{ github.event.inputs.node_version }} diff --git a/.github/workflows/audit-package.yml b/.github/workflows/audit-package.yml index 86b7123..784256d 100644 --- a/.github/workflows/audit-package.yml +++ b/.github/workflows/audit-package.yml @@ -14,6 +14,12 @@ on: script: required: false default: "npm run all" + node_version: + description: "Specify Node.js version" + required: false + type: string + default: "24" + schedule: - cron: "0 0 * * 1" @@ -24,6 +30,7 @@ jobs: force: ${{ inputs.force || false }} base_branch: ${{ inputs.base_branch || 'main' }} script: ${{ inputs.script || 'npm run all'}} + node_version: ${{ inputs.node_version || '24' }} permissions: contents: write diff --git a/.github/workflows/auto_cherry_pick.yml b/.github/workflows/auto_cherry_pick.yml index 93844d1..fb377f7 100644 --- a/.github/workflows/auto_cherry_pick.yml +++ b/.github/workflows/auto_cherry_pick.yml @@ -10,6 +10,11 @@ on: script: required: false default: "npm run all" + node_version: + description: "Specify Node.js version (e.g., '18', '20', 'lts/*')" + required: false + type: string + default: "24" permissions: contents: write @@ -25,3 +30,4 @@ jobs: repo-name: "paths-filter" base_branch: ${{ inputs.base_branch }} script: ${{ inputs.script }} + node_version: ${{ inputs.node_version || '24' }} diff --git a/action.yml b/action.yml index e3df97c..f57ea2c 100644 --- a/action.yml +++ b/action.yml @@ -47,7 +47,7 @@ outputs: changes: description: JSON array with names of all filters matching any of changed files runs: - using: 'node20' + using: 'node24' main: 'dist/index.js' branding: color: blue diff --git a/dist/index.js b/dist/index.js index 6f27bd1..08a8278 100644 --- a/dist/index.js +++ b/dist/index.js @@ -97,10 +97,11 @@ function isPredicateQuantifier(x) { } exports.isPredicateQuantifier = isPredicateQuantifier; class Filter { + filterConfig; + rules = {}; // Creates instance of Filter and load rules from YAML if it's provided constructor(yaml, filterConfig) { this.filterConfig = filterConfig; - this.rules = {}; if (yaml) { this.load(yaml); } @@ -126,11 +127,10 @@ class Filter { return result; } isMatch(file, patterns) { - var _a; const aPredicate = (rule) => { return (rule.status === undefined || rule.status.includes(file.status)) && rule.isMatch(file.filename); }; - if (((_a = this.filterConfig) === null || _a === void 0 ? void 0 : _a.predicateQuantifier) === 'every') { + if (this.filterConfig?.predicateQuantifier === 'every') { return patterns.every(aPredicate); } else { @@ -272,14 +272,14 @@ async function getChangesSinceMergeBase(base, head, initialFetchDepth) { if (!(await hasMergeBase())) { await (0, exec_1.getExecOutput)('git', ['fetch', '--no-tags', `--depth=${initialFetchDepth}`, 'origin', base, head]); if (baseRef === undefined || headRef === undefined) { - baseRef = baseRef !== null && baseRef !== void 0 ? baseRef : (await getLocalRef(base)); - headRef = headRef !== null && headRef !== void 0 ? headRef : (await getLocalRef(head)); + baseRef = baseRef ?? (await getLocalRef(base)); + headRef = headRef ?? (await getLocalRef(head)); if (baseRef === undefined || headRef === undefined) { await (0, exec_1.getExecOutput)('git', ['fetch', '--tags', '--depth=1', 'origin', base, head], { ignoreReturnCode: true // returns exit code 1 if tags on remote were updated - we can safely ignore it }); - baseRef = baseRef !== null && baseRef !== void 0 ? baseRef : (await getLocalRef(base)); - headRef = headRef !== null && headRef !== void 0 ? headRef : (await getLocalRef(head)); + baseRef = baseRef ?? (await getLocalRef(base)); + headRef = headRef ?? (await getLocalRef(head)); if (baseRef === undefined) { throw new Error(`Could not determine what is ${base} - fetch works but it's not a branch, tag or commit SHA`); } @@ -411,7 +411,7 @@ async function getLocalRef(shortName) { .split(/\r?\n/g) .map(l => l.match(/refs\/(?:(?:heads)|(?:tags)|(?:remotes\/origin))\/(.*)$/)) .filter(match => match !== null && match[1] === shortName) - .map(match => { var _a; return (_a = match === null || match === void 0 ? void 0 : match[0]) !== null && _a !== void 0 ? _a : ''; }); // match can't be null here but compiler doesn't understand that + .map(match => match?.[0] ?? ''); // match can't be null here but compiler doesn't understand that if (refs.length === 0) { return undefined; } @@ -563,13 +563,12 @@ const git = __importStar(__nccwpck_require__(3374)); const shell_escape_1 = __nccwpck_require__(4613); const csv_escape_1 = __nccwpck_require__(7402); async function validateSubscription() { - var _a; const API_URL = `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/subscription`; try { await axios_1.default.get(API_URL, { timeout: 3000 }); } catch (error) { - if ((0, axios_1.isAxiosError)(error) && ((_a = error.response) === null || _a === void 0 ? void 0 : _a.status) === 403) { + if ((0, axios_1.isAxiosError)(error) && error.response?.status === 403) { core.error('Subscription is not valid. Reach out to support@stepsecurity.io'); process.exit(1); } @@ -626,7 +625,6 @@ function getConfigFileContent(configPath) { return fs.readFileSync(configPath, { encoding: 'utf8' }); } async function getChangedFiles(token, base, ref, initialFetchDepth) { - var _a, _b; // if base is 'HEAD' only local uncommitted changes will be detected // This is the simplest case as we don't need to fetch more commits or evaluate current/before refs if (base === git.HEAD) { @@ -654,8 +652,8 @@ async function getChangedFiles(token, base, ref, initialFetchDepth) { throw new Error(`'token' input parameter is required if action is triggered by 'pull_request_target' event`); } core.info('Github token is not available - changes will be detected using git diff'); - const baseSha = (_a = github.context.payload.pull_request) === null || _a === void 0 ? void 0 : _a.base.sha; - const defaultBranch = (_b = github.context.payload.repository) === null || _b === void 0 ? void 0 : _b.default_branch; + const baseSha = github.context.payload.pull_request?.base.sha; + const defaultBranch = github.context.payload.repository?.default_branch; const currentRef = await git.getCurrentRef(); return await git.getChanges(base || baseSha || defaultBranch, currentRef); } @@ -664,8 +662,7 @@ async function getChangedFiles(token, base, ref, initialFetchDepth) { } } async function getChangedFilesFromGit(base, head, initialFetchDepth) { - var _a; - const defaultBranch = (_a = github.context.payload.repository) === null || _a === void 0 ? void 0 : _a.default_branch; + const defaultBranch = github.context.payload.repository?.default_branch; const beforeSha = github.context.eventName === 'push' ? github.context.payload.before : null; const currentRef = await git.getCurrentRef(); head = git.getShortName(head || github.context.ref || currentRef); diff --git a/package-lock.json b/package-lock.json index 401b740..c2fe98f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -19,7 +19,7 @@ "@octokit/webhooks-types": "^7.3.1", "@types/jest": "^29.5.11", "@types/js-yaml": "^4.0.9", - "@types/node": "^20.11.6", + "@types/node": "^24.0.0", "@types/picomatch": "^2.3.3", "@typescript-eslint/eslint-plugin": "^6.19.1", "@typescript-eslint/parser": "^6.19.1", @@ -35,7 +35,7 @@ "typescript": "^5.3.3" }, "engines": { - "node": ">= 20" + "node": ">= 24" } }, "node_modules/@aashutoshrathi/word-wrap": { @@ -1596,12 +1596,12 @@ "dev": true }, "node_modules/@types/node": { - "version": "20.11.6", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.6.tgz", - "integrity": "sha512-+EOokTnksGVgip2PbYbr3xnR7kZigh4LbybAfBAw5BpnQ+FqBYUsvCEjYd70IXKlbohQ64mzEYmMtlWUY8q//Q==", + "version": "24.10.9", + "resolved": "https://registry.npmjs.org/@types/node/-/node-24.10.9.tgz", + "integrity": "sha512-ne4A0IpG3+2ETuREInjPNhUGis1SFjv1d5asp8MzEAGtOZeTeHVDOYqOgqfhvseqg/iXty2hjBf1zAOb7RNiNw==", "dev": true, "dependencies": { - "undici-types": "~5.26.4" + "undici-types": "~7.16.0" } }, "node_modules/@types/picomatch": { @@ -7017,9 +7017,9 @@ } }, "node_modules/undici-types": { - "version": "5.26.5", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", - "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==", + "version": "7.16.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz", + "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==", "dev": true }, "node_modules/universal-user-agent": { diff --git a/package.json b/package.json index 1b20cee..50db801 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "paths-filter", "version": "1.0.0", "engines": { - "node": ">= 20" + "node": ">= 24" }, "private": true, "description": "Execute your workflow steps only if relevant files are modified.", @@ -38,7 +38,7 @@ "@octokit/webhooks-types": "^7.3.1", "@types/jest": "^29.5.11", "@types/js-yaml": "^4.0.9", - "@types/node": "^20.11.6", + "@types/node": "^24.0.0", "@types/picomatch": "^2.3.3", "@typescript-eslint/eslint-plugin": "^6.19.1", "@typescript-eslint/parser": "^6.19.1", diff --git a/tsconfig.json b/tsconfig.json index fa74d55..6b0de4c 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -1,6 +1,6 @@ { "compilerOptions": { - "target": "es2019", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */ + "target": "ES2022", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019', 'ES2020', 'ES2021', 'ES2022' or 'ESNEXT'. */ "module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */ "outDir": "./lib", /* Redirect output structure to the directory. */ "rootDir": "./src", /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */