From cb32f28c40331cf48e26e278b88577581d27b3c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Dec 2025 07:00:53 +0000 Subject: [PATCH 1/2] Bump semver and @types/semver Bumps [semver](https://github.com/npm/node-semver) and [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver). These dependencies needed to be updated together. Updates `semver` from 7.7.2 to 7.7.3 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v7.7.2...v7.7.3) Updates `@types/semver` from 7.5.8 to 7.7.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver) --- updated-dependencies: - dependency-name: semver dependency-version: 7.7.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: "@types/semver" dependency-version: 7.7.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package-lock.json | 28 +++++++++++++++++++--------- package.json | 4 ++-- 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index 143fcb715..c3440d043 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,13 +17,13 @@ "@actions/http-client": "^2.2.1", "@actions/io": "^1.0.2", "@actions/tool-cache": "^2.0.2", - "semver": "^7.6.3", + "semver": "^7.7.3", "uuid": "^11.1.0" }, "devDependencies": { "@types/jest": "^29.5.14", "@types/node": "^24.1.0", - "@types/semver": "^7.5.8", + "@types/semver": "^7.7.1", "@typescript-eslint/eslint-plugin": "^5.54.0", "@typescript-eslint/parser": "^5.54.0", "@vercel/ncc": "^0.38.3", @@ -384,6 +384,7 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.23.2.tgz", "integrity": "sha512-n7s51eWdaWZ3vGT2tD4T7J6eJs3QoBXydv7vkUM06Bf1cbVD2Kc2UrkzhiQwobfV7NwOnQXYL7UBJ5VPU+RGoQ==", "dev": true, + "peer": true, "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.22.13", @@ -1439,6 +1440,7 @@ "resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.2.1.tgz", "integrity": "sha512-dKYCMuPO1bmrpuogcjQ8z7ICCH3FP6WmxpwC03yjzGfZhj9fTJg6+bS1+UAplekbN2C+M61UNllGOOoAfGCrdQ==", "license": "MIT", + "peer": true, "dependencies": { "@octokit/auth-token": "^4.0.0", "@octokit/graphql": "^7.1.0", @@ -1755,10 +1757,11 @@ } }, "node_modules/@types/semver": { - "version": "7.5.8", - "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.8.tgz", - "integrity": "sha512-I8EUhyrgfLrcTkzV3TSsGyl1tSuPrEDzr0yd5m90UgNxQkyDXULk3b6MlQqTCpZpNtWe1K0hzclnZkTcLBe2UQ==", - "dev": true + "version": "7.7.1", + "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.7.1.tgz", + "integrity": "sha512-FmgJfu+MOcQ370SD0ev7EI8TlCAfKYU+B4m5T3yXc1CiRN94g/SZPtsCkk506aUDtlMnFZvasDwHHUcZUEaYuA==", + "dev": true, + "license": "MIT" }, "node_modules/@types/stack-utils": { "version": "2.0.2", @@ -1794,6 +1797,7 @@ "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.62.0.tgz", "integrity": "sha512-TiZzBSJja/LbhNPvk6yc0JrX9XqhQ0hdh6M2svYfsHGejaKFIAGd9MQ+ERIMzLGlN/kZoYIgdxFV0PuljTKXag==", "dev": true, + "peer": true, "dependencies": { "@eslint-community/regexpp": "^4.4.0", "@typescript-eslint/scope-manager": "5.62.0", @@ -1828,6 +1832,7 @@ "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.62.0.tgz", "integrity": "sha512-VlJEV0fOQ7BExOsHYAGrgbEiZoi8D+Bl2+f6V2RrXerRSylnp+ZBHmPvaIa8cz0Ajx7WO7Z5RqfgYg7ED1nRhA==", "dev": true, + "peer": true, "dependencies": { "@typescript-eslint/scope-manager": "5.62.0", "@typescript-eslint/types": "5.62.0", @@ -2009,6 +2014,7 @@ "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", "integrity": "sha512-Y9rRfJG5jcKOE0CLisYbojUjIrIEE7AGMzA/Sm4BslANhbS+cDMpgBdcPT91oJ7OuJ9hYJBx59RjbhxVnrF8Xg==", "dev": true, + "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -2292,6 +2298,7 @@ "url": "https://github.com/sponsors/ai" } ], + "peer": true, "dependencies": { "caniuse-lite": "^1.0.30001541", "electron-to-chromium": "^1.4.535", @@ -2748,6 +2755,7 @@ "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", "integrity": "sha512-dZ6+mexnaTIbSBZWgou51U6OmzIhYM2VcNdtiTtI7qPNZm35Akpr0f6vtw3w1Kmn5PYo+tZVfh13WrhpS6oLqQ==", "dev": true, + "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", @@ -3758,6 +3766,7 @@ "resolved": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", "integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==", "dev": true, + "peer": true, "dependencies": { "@jest/core": "^29.7.0", "@jest/types": "^29.6.3", @@ -5165,9 +5174,9 @@ "integrity": "sha512-0s+oAmw9zLl1V1cS9BtZN7JAd0cW5e0QH4W3LWEK6a4LaLEA2OTpGYWDY+6XasBLtz6wkm3u1xRw95mRuJ59WA==" }, "node_modules/semver": { - "version": "7.7.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", - "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==", + "version": "7.7.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz", + "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==", "license": "ISC", "bin": { "semver": "bin/semver.js" @@ -5538,6 +5547,7 @@ "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.2.tgz", "integrity": "sha512-+2/g0Fds1ERlP6JsakQQDXjZdZMM+rqpamFZJEKh4kwTIn3iDkgKtby0CeNd5ATNZ4Ry1ax15TMx0W2V+miizQ==", "dev": true, + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" diff --git a/package.json b/package.json index 748574463..69e688735 100644 --- a/package.json +++ b/package.json @@ -36,13 +36,13 @@ "@actions/http-client": "^2.2.1", "@actions/io": "^1.0.2", "@actions/tool-cache": "^2.0.2", - "semver": "^7.6.3", + "semver": "^7.7.3", "uuid": "^11.1.0" }, "devDependencies": { "@types/jest": "^29.5.14", "@types/node": "^24.1.0", - "@types/semver": "^7.5.8", + "@types/semver": "^7.7.1", "@typescript-eslint/eslint-plugin": "^5.54.0", "@typescript-eslint/parser": "^5.54.0", "@vercel/ncc": "^0.38.3", From c7aa1fc762ec8424e49b95f80963ab3bfda578e0 Mon Sep 17 00:00:00 2001 From: Aparna Jyothi Date: Tue, 13 Jan 2026 16:05:09 +0530 Subject: [PATCH 2/2] check failure fix --- ...ver-7.7.2.dep.yml => semver-7.7.3.dep.yml} | 2 +- dist/setup/index.js | 29 +++++++++++++++---- package-lock.json | 4 +-- package.json | 2 +- 4 files changed, 28 insertions(+), 9 deletions(-) rename .licenses/npm/{semver-7.7.2.dep.yml => semver-7.7.3.dep.yml} (98%) diff --git a/.licenses/npm/semver-7.7.2.dep.yml b/.licenses/npm/semver-7.7.3.dep.yml similarity index 98% rename from .licenses/npm/semver-7.7.2.dep.yml rename to .licenses/npm/semver-7.7.3.dep.yml index 415789165..77ae9813f 100644 --- a/.licenses/npm/semver-7.7.2.dep.yml +++ b/.licenses/npm/semver-7.7.3.dep.yml @@ -1,6 +1,6 @@ --- name: semver -version: 7.7.2 +version: 7.7.3 type: npm summary: The semantic version parser used by npm. homepage: diff --git a/dist/setup/index.js b/dist/setup/index.js index 48d93766e..9a0b9f497 100644 --- a/dist/setup/index.js +++ b/dist/setup/index.js @@ -66159,6 +66159,7 @@ const isSatisfiable = (comparators, options) => { // already replaced the hyphen ranges // turn into a set of JUST comparators. const parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], '') debug('comp', comp, options) comp = replaceCarets(comp, options) debug('caret', comp) @@ -66579,11 +66580,25 @@ class SemVer { other = new SemVer(other, this.options) } - return ( - compareIdentifiers(this.major, other.major) || - compareIdentifiers(this.minor, other.minor) || - compareIdentifiers(this.patch, other.patch) - ) + if (this.major < other.major) { + return -1 + } + if (this.major > other.major) { + return 1 + } + if (this.minor < other.minor) { + return -1 + } + if (this.minor > other.minor) { + return 1 + } + if (this.patch < other.patch) { + return -1 + } + if (this.patch > other.patch) { + return 1 + } + return 0 } comparePre (other) { @@ -67484,6 +67499,10 @@ module.exports = debug const numeric = /^[0-9]+$/ const compareIdentifiers = (a, b) => { + if (typeof a === 'number' && typeof b === 'number') { + return a === b ? 0 : a < b ? -1 : 1 + } + const anum = numeric.test(a) const bnum = numeric.test(b) diff --git a/package-lock.json b/package-lock.json index c3440d043..548e0fdf6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "setup-node", - "version": "6.0.0", + "version": "6.2.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "setup-node", - "version": "6.0.0", + "version": "6.2.0", "license": "MIT", "dependencies": { "@actions/cache": "^4.1.0", diff --git a/package.json b/package.json index 69e688735..9e6a2b704 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "setup-node", - "version": "6.0.0", + "version": "6.2.0", "private": true, "description": "setup node action", "main": "lib/setup-node.js",