In scope of this release, the filter was removed within the cache-save step by @dmitry-shibanov in actions/setup-node#831. It is filtered and checked in the toolkit/cache library.
use validated package.json version for comparisons (#147), closes #139
v2.2.1
Bug Fixes
action: update semver dep, esbuild and vitest dev deps (#114)
npm: do not assume error code is a string (#120), closes #119
v2.2.0
Features
Allow --ignore-scripts to be disabled in order to support publish lifecycle hooks (#102)
v2.1.0
Features
Add explicit support for --provenance (#92), closes #88
Bug Fixes
Handle missing latest tag during version check (#90), closes #89
v2.0.0
Welcome to v2 of JS-DevTools/npm-publish! We've been doing some spring cleaning to fix all our (known) bugs and knock out some longstanding feature requests. This release has some breaking changes, so please read carefully!
BREAKING CHANGES
The type output is now an empty string instead of none when no release occurs
Added support NPM's --tag argument, which allows packages to be published to a named tag that can then be installed using npm install <package-name>@<tag>
Added support for NPM's --access argument, which controls whether scoped packages are publicly accessible, or restricted to members of your NPM organization
NPM-Publish can now successfully publish a brand-new package to NPM. Previously it failed because it couldn't determine the previous package version. ([PR #12](JS-DevTools/npm-publish#12) from @ZitRos)
FIX: The configured NPM registry and token are now used all NPM commands, not just for publishing. This ensures that npm-publish works with private packages and custom registries
The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.
ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.
The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.
ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.
Fixed a bug in Node16 where if an HTTP download finished too quickly (<1ms, e.g. when it's mocked) we attempt to delete a temp file that has not been created yet actions/toolkit#1278
⚙️ Fixes an issue where updating a pull request leads to the error Cannot read properties of undefined (reading 'number'). This was likely caused by GitHub fixing a long standing bug with an API endpoint, resulting in a breaking change.
The default values for author and committer have changed. See "What's new" below for details. If you are overriding the default values you will not be affected by this change.
On completion, the action now removes the temporary git remote configuration it adds when using push-to-fork. This should not affect you unless you were using the temporary configuration for some other purpose after the action completes.
What's new
Updated runtime to Node.js 20
The action now requires a minimum version of v2.308.0 for the Actions runner. Update self-hosted runners to v2.308.0 or later to ensure compatibility.
The default value for author has been changed to ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>. The change adds the ${{ github.actor_id }}+ prefix to the email address to align with GitHub's standard format for the author email address.
The default value for committer has been changed to github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>. This is to align with the default GitHub Actions bot user account.
Adds input git-token, the Personal Access Token (PAT) that the action will use for git operations. This input defaults to the value of token. Use this input if you would like the action to use a different token for git operations than the one used for the GitHub API.
push-to-fork now supports pushing to sibling repositories in the same network.
Previously, when using push-to-fork, the action did not remove temporary git remote configuration it adds during execution. This has been fixed and the configuration is now removed when the action completes.
If the pull request body is truncated due to exceeding the maximum length, the action will now suffix the body with the message "...[Pull request body truncated]" to indicate that the body has been truncated.
The action now uses --unshallow only when necessary, rather than as a default argument of git fetch. This should improve performance, particularly for large git repositories with extensive commit history.
... (truncated)
Commits
70a41ab perf: shallow fetch the actual base when rebasing from working base (#2816)
57a1014 build(deps-dev): bump @types/node from 18.19.21 to 18.19.23 (#2811)
b3a2c5d build(deps-dev): bump @types/node from 18.19.18 to 18.19.21 (#2798)
02c7da5 build(deps-dev): bump eslint-plugin-github from 4.10.1 to 4.10.2 (#2797)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the github-actions group with 6 updates:
2
4
3
4
1
3
2
4
2
4
4.0.4
6.0.2
Updates
actions/checkout
from 2 to 4Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
b4ffde6
Link to release page from what's new section (#1514)8530928
Correct link to GitHub Docs (#1511)7cdaf2f
Update CODEOWNERS to Launch team (#1510)8ade135
Prepare 4.1.0 release (#1496)c533a0a
Add support for partial checkout filters (#1396)72f2cec
Update README.md for V4 (#1452)3df4ab1
Release 4.0.0 (#1447)8b5e8b7
Support fetching without the --progress option (#1067)97a652b
Update default runtime to node20 (#1436)f43a0e5
Release 3.6.0 (#1437)Updates
actions/setup-node
from 3 to 4Release notes
Sourced from actions/setup-node's releases.
... (truncated)
Commits
60edb5d
Add support for arm64 Windows (#927)d86ebcd
Add support forvolta.extends
(#921)b39b52d
Fix node-version-file interprets entire package.json as a version (#865)7247617
Addpackage.json
tonode-version-file
list of examples. (#879)f3ec4ca
Fix README.md (#898)ec97f37
Add fix for cache (#917)5ef044f
Update reusable workflows to use Node.js v20 (#889)c45882a
update to setup-node@v4 in docs (#884)ee36e8b
Ignore engines check in Yarn 1 e2e-cache tests (#882)8f152de
Update actions/checkout for documentation and yaml (#876)Updates
JS-DevTools/npm-publish
from 1 to 3Release notes
Sourced from JS-DevTools/npm-publish's releases.
... (truncated)
Changelog
Sourced from JS-DevTools/npm-publish's changelog.
Commits
19c28f1
chore(release): 3.1.11e4a74d
fix: include registry URL pathname in npm config (#186)79051c0
chore(release): 3.1.0aa4addf
feat(dry-run): always print publish results in dry run (#185)126874f
chore(deps): bump the production group with 2 updates (#180)71fdf93
chore(deps-dev): bump the lint group with 9 updates (#183)e19e66c
chore(deps-dev): bump the development group with 3 updates (#181)9c9fb62
chore(deps-dev): bump the lint group with 10 updates (#178)2e9724f
chore(deps-dev): bump the development group with 5 updates (#176)fe58a59
chore(deps): bump actions/upload-artifact from 3 to 4 (#172)Updates
actions/upload-artifact
from 2 to 4Release notes
Sourced from actions/upload-artifact's releases.
... (truncated)
Commits
5d5d22a
Merge pull request #515 from actions/eggyhead/update-artifact-v2.1.1f1e993d
update artifact license4881bfd
updating dist:a30777e
@eggyhead
3a80482
Merge pull request #511 from actions/robherley/migration-docs-typo9d63e3f
Merge branch 'main' into robherley/migration-docs-typodfa1ab2
fix typo with v3 artifact downloads in migration guided00351b
Merge pull request #509 from markmssd/patch-1707f5a7
Update limitation of10
artifacts upload to500
26f96df
Merge pull request #505 from actions/robherley/merge-artifactsUpdates
actions/download-artifact
from 2 to 4Release notes
Sourced from actions/download-artifact's releases.
... (truncated)
Commits
c850b93
Merge pull request #307 from bethanyj28/main6fd111f
update@actions/artifact
87c5514
Merge pull request #303 from bethanyj28/main47f9ce6
update@actions/artifact
127824d
Merge pull request #299 from bethanyj28/main6dd49bf
licensed only artifactf71c0e3
Revert "licensed"7c63dfd
licensed67d37cd
Update toolkit3487549
Update release-new-action-version.yml (#292)Updates
peter-evans/create-pull-request
from 4.0.4 to 6.0.2Release notes
Sourced from peter-evans/create-pull-request's releases.
... (truncated)
Commits
70a41ab
perf: shallow fetch the actual base when rebasing from working base (#2816)57a1014
build(deps-dev): bump@types/node
from 18.19.21 to 18.19.23 (#2811)b3a2c5d
build(deps-dev): bump@types/node
from 18.19.18 to 18.19.21 (#2798)02c7da5
build(deps-dev): bump eslint-plugin-github from 4.10.1 to 4.10.2 (#2797)bac6da8
docs: update description of delete-brancha4f52f8
fix: list pulls using the correct head format (#2792)853c071
build(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#2781)d2c126e
build(deps-dev): bump@types/node
from 18.19.17 to 18.19.18 (#2780)43d39c6
build(deps-dev): bump@types/node
from 18.19.15 to 18.19.17 (#2768)5a9d206
build(deps-dev): bump eslint-plugin-jest from 27.6.3 to 27.9.0 (#2769)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show