chore: Merge main into v2
#64
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…e” step (#10) This PR prevents duplicate issues from being opened after repeated workflow runs by fixing two `jq` errors in the “normalize_cache” step: - `jq: error (at <stdin>:1): Cannot check whether boolean has a string key` was fixed by wrapping `(.[0] | has("issueUrl"))` so `has()` runs only after confirming a non-empty array, avoiding `has()` on a boolean. - `jq: parse error: Invalid string: control characters from U+0000 through U+001F must be escaped` was fixed by using `printf '%s'` instead of `echo` to preserve literal escape sequences (`\n`, etc.).
Follow-up to #10 This PR updates the “normalize_cache” step to output compact (one-line) JSON, since a GitHub Actions output cannot span multiple lines.
This PR updates the `core.getInput` call to match the `action.yml` (https://github.com/github/accessibility-scanner/blob/69cb82cdc3d9e37c418092e71af165108b31911c/.github/actions/file/action.yml#L14-L16), so results from previous runs are now available to the File sub-action. This ensures duplicate issues aren’t filed when the workflow re-runs.
Co-authored-by: smockle <3104489+smockle@users.noreply.github.com>
…ariable for testing repo Co-authored-by: smockle <3104489+smockle@users.noreply.github.com>
Co-authored-by: smockle <3104489+smockle@users.noreply.github.com>
- [x] Update "Clean up issues and pull requests" step in main branch's
test.yml to delete PR branches
- [x] Test bash logic for correctness and edge cases
- [x] Code review completed and addressed
- [x] Address feedback:
- Move branch extraction after `gh pr close` (closer to where it's used)
- Move `|| true` inside `$()` for proper error handling
- Add `TESTING_REPOSITORY` environment variable to avoid hardcoding
- Use environment variable in both the scan step and branch deletion
- Use `gh api` instead of `git push` for consistent authentication
context
The implementation:
- Extracts branch name from each PR using `gh pr view "$URL" --json
headRefName -q .headRefName || true`
- Deletes the branch after closing the PR using `gh api -X DELETE
"repos/${{ env.TESTING_REPOSITORY }}/git/refs/heads/$branch"`
- Handles failures gracefully with `|| true` inside command substitution
- Uses centralized `TESTING_REPOSITORY` environment variable for
consistency
- Uses `gh api` for branch deletion to maintain consistent
authentication context with other `gh` CLI commands
Note: Similar changes will need to be applied to v1 and v2 branches
separately after this PR is merged.
<!-- START COPILOT CODING AGENT SUFFIX -->
<details>
<summary>Original prompt</summary>
>
> ----
>
> *This section details on the original issue you should resolve*
>
> <issue_title>[Task] Delete `copilot/*` branches in E2E test
workflow</issue_title>
> <issue_description>### Problem
>
> Before transferring the action to
[github/accessibility-scanner](https://github.com/github/accessibility-scanner),
I deleted thousands of `copilot/*` branches by running `git branch -r |
grep -Eo 'copilot/.*' | xargs -I {} git push origin :{}`. This took more
than 30 minutes to complete.
>
> Because of
github-community-projects/continuous-ai-for-accessibility-scanner#2202
[^1], the new `github/accessibility-scanner` repo will never have
thousands of defunct `copilot/*` branches…but
`github/accessibility-scanner-testing` will. It’s [already
starting](https://github.com/github/accessibility-scanner-testing/branches/all?query=copilot%2F).
>
> ### Solution
>
> - In [`main`’s
test.yml](https://github.com/github/accessibility-scanner/blob/main/.github/workflows/test.yml#L95-L121),
[`v2`’s
test.yml](https://github.com/github/accessibility-scanner/blob/v2/.github/workflows/test.yml#L95-L121),
and [`v1`’s
test.yml](https://github.com/github/accessibility-scanner/blob/v1/.github/workflows/test.yml#L137-L163)
update the “Clean up issues and pull requests” step to also delete the
branch for each PR it deletes.
> - Do not use `git branch -r | grep -Eo 'copilot/.*' | xargs -I {} git
push origin :{}` to delete all Copilot branches—that is too broad, and
it could delete branches unrelated to E2E testing (i.e. branches we want
to keep).
> - The `gh` CLI doesn’t have a command or flag for deleting branches
alongside PRs, but something like this should work: `branch="$(gh pr
view <PR-number> --json headRefName -q .headRefName)" && [ -n "$branch"
] && git push origin --delete "$branch" || true`.
>
> [^1]: And
https://github.com/github/accessibility-scanner/pull/7/files#diff-faff1af3d8ff408964a57b2e475f69a6b7c7b71c9978cccc8f471798caac2c88
and
https://github.com/github/accessibility-scanner/pull/8/files#diff-faff1af3d8ff408964a57b2e475f69a6b7c7b71c9978cccc8f471798caac2c88</issue_description>
>
> ## Comments on the Issue (you are @copilot in this section)
>
> <comments>
> </comments>
>
</details>
Fixes github/continuous-ai-for-accessibility#76
<!-- START COPILOT CODING AGENT TIPS -->
---
✨ Let Copilot coding agent [set things up for
you](https://github.com/github/accessibility-scanner/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot)
— coding agent works faster and does higher quality work when set up for
your repo.
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [playwright](https://github.com/microsoft/playwright) from 1.56.0 to 1.56.1. - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.56.0...v1.56.1) --- updated-dependencies: - dependency-name: playwright dependency-version: 1.56.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [playwright](https://github.com/microsoft/playwright) from 1.56.0 to 1.56.1. - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.56.0...v1.56.1) --- updated-dependencies: - dependency-name: playwright dependency-version: 1.56.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [puma](https://github.com/puma/puma) from 7.0.4 to 7.1.0. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/main/History.md) - [Commits](puma/puma@v7.0.4...v7.1.0) --- updated-dependencies: - dependency-name: puma dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…s/find (#26) Bumps [playwright](https://github.com/microsoft/playwright) from 1.56.0 to 1.56.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/playwright/releases">playwright's releases</a>.</em></p> <blockquote> <h2>v1.56.1</h2> <h2>Highlights</h2> <p><a href="https://redirect.github.com/microsoft/playwright/issues/37871">#37871</a> chore: allow local-network-access permission in chromium <a href="https://redirect.github.com/microsoft/playwright/issues/37891">#37891</a> fix(agents): remove workspaceFolder ref from vscode mcp <a href="https://redirect.github.com/microsoft/playwright/issues/37759">#37759</a> chore: rename agents to test agents <a href="https://redirect.github.com/microsoft/playwright/issues/37757">#37757</a> chore(mcp): fallback to cwd when resolving test config</p> <h2>Browser Versions</h2> <ul> <li>Chromium 141.0.7390.37</li> <li>Mozilla Firefox 142.0.1</li> <li>WebKit 26.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/playwright/commit/54c711571a37de525377e6f3d3608c3e029b1829"><code>54c7115</code></a> chore: revert "minimal vscode version notice" (<a href="https://redirect.github.com/microsoft/playwright/issues/37892">#37892</a>)</li> <li><a href="https://github.com/microsoft/playwright/commit/7d45eb331a6bac304fb8640129e0931192ad7e93"><code>7d45eb3</code></a> chore: mark v1.56.1 (<a href="https://redirect.github.com/microsoft/playwright/issues/37784">#37784</a>)</li> <li><a href="https://github.com/microsoft/playwright/commit/e6ef6974bedb32d15d1e525a16caf3a95c1a7173"><code>e6ef697</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37871">#37871</a>): chore: allow local-network-access permission in chromium</li> <li><a href="https://github.com/microsoft/playwright/commit/932542c3c1e8c864bfbd48ecf38a55098d703703"><code>932542c</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37891">#37891</a>): fix(agents): remove workspaceFolder ref from vscode mcp</li> <li><a href="https://github.com/microsoft/playwright/commit/0662dd29eed5df12d09bc3c871ac2164a4f62969"><code>0662dd2</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37759">#37759</a>): chore: rename agents to test agents</li> <li><a href="https://github.com/microsoft/playwright/commit/919549ec2c3d70fad0e85fc9f86fabd6a7b7c2c8"><code>919549e</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37758">#37758</a>): docs: mention VS Code insiders in the agents docs</li> <li><a href="https://github.com/microsoft/playwright/commit/e593c64187f8d2687c4ed1b6cca44a022fee057b"><code>e593c64</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37757">#37757</a>): chore(mcp): fallback to cwd when resolving test config</li> <li><a href="https://github.com/microsoft/playwright/commit/a8a6e1049bf85ad31f621dfc33d099898506c4a7"><code>a8a6e10</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37755">#37755</a>): chore(mcp): minimal vscode version notice</li> <li><a href="https://github.com/microsoft/playwright/commit/f36b2eec65df570d4ec9544e3dddc05ada84fb65"><code>f36b2ee</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37731">#37731</a>): docs: add agents video to agents page (<a href="https://redirect.github.com/microsoft/playwright/issues/37733">#37733</a>)</li> <li>See full diff in <a href="https://github.com/microsoft/playwright/compare/v1.56.0...v1.56.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…ctions/find (#25) [//]: # (dependabot-start)⚠️ **Dependabot is rebasing this PR**⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…s/auth (#31) Bumps [playwright](https://github.com/microsoft/playwright) from 1.56.0 to 1.56.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/playwright/releases">playwright's releases</a>.</em></p> <blockquote> <h2>v1.56.1</h2> <h2>Highlights</h2> <p><a href="https://redirect.github.com/microsoft/playwright/issues/37871">#37871</a> chore: allow local-network-access permission in chromium <a href="https://redirect.github.com/microsoft/playwright/issues/37891">#37891</a> fix(agents): remove workspaceFolder ref from vscode mcp <a href="https://redirect.github.com/microsoft/playwright/issues/37759">#37759</a> chore: rename agents to test agents <a href="https://redirect.github.com/microsoft/playwright/issues/37757">#37757</a> chore(mcp): fallback to cwd when resolving test config</p> <h2>Browser Versions</h2> <ul> <li>Chromium 141.0.7390.37</li> <li>Mozilla Firefox 142.0.1</li> <li>WebKit 26.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/playwright/commit/54c711571a37de525377e6f3d3608c3e029b1829"><code>54c7115</code></a> chore: revert "minimal vscode version notice" (<a href="https://redirect.github.com/microsoft/playwright/issues/37892">#37892</a>)</li> <li><a href="https://github.com/microsoft/playwright/commit/7d45eb331a6bac304fb8640129e0931192ad7e93"><code>7d45eb3</code></a> chore: mark v1.56.1 (<a href="https://redirect.github.com/microsoft/playwright/issues/37784">#37784</a>)</li> <li><a href="https://github.com/microsoft/playwright/commit/e6ef6974bedb32d15d1e525a16caf3a95c1a7173"><code>e6ef697</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37871">#37871</a>): chore: allow local-network-access permission in chromium</li> <li><a href="https://github.com/microsoft/playwright/commit/932542c3c1e8c864bfbd48ecf38a55098d703703"><code>932542c</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37891">#37891</a>): fix(agents): remove workspaceFolder ref from vscode mcp</li> <li><a href="https://github.com/microsoft/playwright/commit/0662dd29eed5df12d09bc3c871ac2164a4f62969"><code>0662dd2</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37759">#37759</a>): chore: rename agents to test agents</li> <li><a href="https://github.com/microsoft/playwright/commit/919549ec2c3d70fad0e85fc9f86fabd6a7b7c2c8"><code>919549e</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37758">#37758</a>): docs: mention VS Code insiders in the agents docs</li> <li><a href="https://github.com/microsoft/playwright/commit/e593c64187f8d2687c4ed1b6cca44a022fee057b"><code>e593c64</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37757">#37757</a>): chore(mcp): fallback to cwd when resolving test config</li> <li><a href="https://github.com/microsoft/playwright/commit/a8a6e1049bf85ad31f621dfc33d099898506c4a7"><code>a8a6e10</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37755">#37755</a>): chore(mcp): minimal vscode version notice</li> <li><a href="https://github.com/microsoft/playwright/commit/f36b2eec65df570d4ec9544e3dddc05ada84fb65"><code>f36b2ee</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37731">#37731</a>): docs: add agents video to agents page (<a href="https://redirect.github.com/microsoft/playwright/issues/37733">#37733</a>)</li> <li>See full diff in <a href="https://github.com/microsoft/playwright/compare/v1.56.0...v1.56.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Bumps [@octokit/types](https://github.com/octokit/types.ts) from 15.0.0 to 15.0.1. - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v15.0.0...v15.0.1) --- updated-dependencies: - dependency-name: "@octokit/types" dependency-version: 15.0.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@octokit/types](https://github.com/octokit/types.ts) from 15.0.0 to 15.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/types.ts/releases"><code>@octokit/types</code>'s releases</a>.</em></p> <blockquote> <h2>v15.0.1</h2> <h2><a href="https://github.com/octokit/types.ts/compare/v15.0.0...v15.0.1">15.0.1</a> (2025-10-20)</h2> <h3>Bug Fixes</h3> <ul> <li>reduce complexity (<a href="https://redirect.github.com/octokit/types.ts/issues/687">#687</a>) (<a href="https://github.com/octokit/types.ts/commit/a0529c11500bdaeee7f925cc40f24e215f5280f3">a0529c1</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/types.ts/commit/a0529c11500bdaeee7f925cc40f24e215f5280f3"><code>a0529c1</code></a> fix: reduce complexity (<a href="https://redirect.github.com/octokit/types.ts/issues/687">#687</a>)</li> <li><a href="https://github.com/octokit/types.ts/commit/435bdccf6d96db80c6a913e769d080702fcfb1ee"><code>435bdcc</code></a> ci(action): update peter-evans/create-or-update-comment action to v5 (<a href="https://redirect.github.com/octokit/types.ts/issues/684">#684</a>)</li> <li><a href="https://github.com/octokit/types.ts/commit/52ffdca89204701d157ef1e41cc96b3eead44821"><code>52ffdca</code></a> ci(action): update actions/setup-node action to v6 (<a href="https://redirect.github.com/octokit/types.ts/issues/689">#689</a>)</li> <li><a href="https://github.com/octokit/types.ts/commit/aaf87a2cd0a562c2fa32f2cbfba3716e93e09f16"><code>aaf87a2</code></a> ci(action): update github/codeql-action action to v4 (<a href="https://redirect.github.com/octokit/types.ts/issues/688">#688</a>)</li> <li><a href="https://github.com/octokit/types.ts/commit/db7d9bcf7747c13e7b28360d3c7d538ce757bb53"><code>db7d9bc</code></a> chore(deps): update dependency semantic-release to v25 (<a href="https://redirect.github.com/octokit/types.ts/issues/690">#690</a>)</li> <li>See full diff in <a href="https://github.com/octokit/types.ts/compare/v15.0.0...v15.0.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…ak single-quoted shell strings
Addresses #22 (that issue will remain open until this fix is backported to the v1 and v2 series) This PR escapes single quotes in the `html` field (other fields were escaped already). This prevents findings for elements with single quotes (e.g. `<p>Hi y'all!</p>`) from breaking workflows, specifically around [action.yml#86](https://github.com/github/accessibility-scanner/blob/3a0a60f790958e521e9455a6a69d4752fdbeea56/action.yml#L86), where a single-quoted shell string is sent to `jq`.
…es'. This commit’s approach _should_ make the action runnable with 'uses: github/accessibility-scanner@main', without 'action not found at path'-type errors.
…d dest are identical (not copied)'
Fixes github/continuous-ai-for-accessibility#79 (Hubber access only) This PR logs the URL _actually_ open in the Playwright-driven browser, revealing whether the scanner is repeatedly scanning a login or 404 page instead of the intended page.
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.2.4 to 4.0.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">vitest's releases</a>.</em></p> <blockquote> <h2>v4.0.5</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li>Respect <code>ssr.noExternal</code> when externalizing dependencies, fix Svelte and Astro - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8862">vitest-dev/vitest#8862</a> <a href="https://github.com/vitest-dev/vitest/commit/a4f86f1ba"><!-- raw HTML omitted -->(a4f86)<!-- raw HTML omitted --></a></li> <li>Allow module in --config - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8864">vitest-dev/vitest#8864</a> <a href="https://github.com/vitest-dev/vitest/commit/b9521e0c2"><!-- raw HTML omitted -->(b9521)<!-- raw HTML omitted --></a></li> <li><strong>browser</strong>: Allow <code>Locator</code> type in selectOptions element parameter - by <a href="https://github.com/rzzf"><code>@rzzf</code></a> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8848">vitest-dev/vitest#8848</a> <a href="https://github.com/vitest-dev/vitest/commit/7ee283c96"><!-- raw HTML omitted -->(7ee28)<!-- raw HTML omitted --></a></li> <li><strong>module-runner</strong>: Don't return node builtins for <code>getBuiltins</code> unconditionally - by <a href="https://github.com/sapphi-red"><code>@sapphi-red</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8863">vitest-dev/vitest#8863</a> <a href="https://github.com/vitest-dev/vitest/commit/0e858bab4"><!-- raw HTML omitted -->(0e858)<!-- raw HTML omitted --></a></li> <li><strong>pool</strong>: Rename <code>groupId</code> to <code>groupOrder</code> in error message - by <a href="https://github.com/Yohannfra"><code>@Yohannfra</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8856">vitest-dev/vitest#8856</a> <a href="https://github.com/vitest-dev/vitest/commit/b9aabf4e6"><!-- raw HTML omitted -->(b9aab)<!-- raw HTML omitted --></a></li> </ul> <h3> 🏎 Performance</h3> <ul> <li>Pass testfiles at once when <code>--no-isolate --maxWorkers=1</code> - by <a href="https://github.com/AriPerkkio"><code>@AriPerkkio</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8835">vitest-dev/vitest#8835</a> <a href="https://github.com/vitest-dev/vitest/commit/584aa7148"><!-- raw HTML omitted -->(584aa)<!-- raw HTML omitted --></a></li> <li><strong>expect</strong>: Optimize checking the input type - by <a href="https://github.com/Connormiha"><code>@Connormiha</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8840">vitest-dev/vitest#8840</a> <a href="https://github.com/vitest-dev/vitest/commit/0696898b4"><!-- raw HTML omitted -->(06968)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.0.4...v4.0.5">View changes on GitHub</a></h5> <h2>v4.0.4</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: <ul> <li>Correct typo - by <a href="https://github.com/benmccann"><code>@benmccann</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8796">vitest-dev/vitest#8796</a> <a href="https://github.com/vitest-dev/vitest/commit/ede1f39d6"><!-- raw HTML omitted -->(ede1f)<!-- raw HTML omitted --></a></li> <li>Publish a missing context file for webdriverio - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8824">vitest-dev/vitest#8824</a> <a href="https://github.com/vitest-dev/vitest/commit/7c7b6f0b1"><!-- raw HTML omitted -->(7c7b6)<!-- raw HTML omitted --></a></li> </ul> </li> <li><strong>mocker</strong>: <ul> <li>Support mocking builtins without <code>node:</code> prefix - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8829">vitest-dev/vitest#8829</a> <a href="https://github.com/vitest-dev/vitest/commit/06208d30b"><!-- raw HTML omitted -->(06208)<!-- raw HTML omitted --></a></li> </ul> </li> <li><strong>pool</strong>: <ul> <li>Runner's error listener causing <code>MaxListenersExceededWarning</code> - by <a href="https://github.com/AriPerkkio"><code>@AriPerkkio</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8820">vitest-dev/vitest#8820</a> <a href="https://github.com/vitest-dev/vitest/commit/d1bff3bb3"><!-- raw HTML omitted -->(d1bff)<!-- raw HTML omitted --></a></li> <li>Capture workers <code>stdio</code> to logger - by <a href="https://github.com/AriPerkkio"><code>@AriPerkkio</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8809">vitest-dev/vitest#8809</a> <a href="https://github.com/vitest-dev/vitest/commit/fb95fc736"><!-- raw HTML omitted -->(fb95f)<!-- raw HTML omitted --></a></li> </ul> </li> <li><strong>spy</strong>: <ul> <li>Allow classes in <code>vi.mocked</code> utility - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8839">vitest-dev/vitest#8839</a> <a href="https://github.com/vitest-dev/vitest/commit/f87568d64"><!-- raw HTML omitted -->(f8756)<!-- raw HTML omitted --></a></li> </ul> </li> <li><strong>worker</strong>: <ul> <li>Rpc listener leak when <code>isolate: false</code> - by <a href="https://github.com/AriPerkkio"><code>@AriPerkkio</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8821">vitest-dev/vitest#8821</a> <a href="https://github.com/vitest-dev/vitest/commit/573dc06fe"><!-- raw HTML omitted -->(573dc)<!-- raw HTML omitted --></a></li> </ul> </li> </ul> <h3> 🏎 Performance</h3> <ul> <li><strong>utils</strong>: Optimized reducer to avoid creating new objects - by <a href="https://github.com/Connormiha"><code>@Connormiha</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8818">vitest-dev/vitest#8818</a> <a href="https://github.com/vitest-dev/vitest/commit/d19cece3a"><!-- raw HTML omitted -->(d19ce)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.0.3...v4.0.4">View changes on GitHub</a></h5> <h2>v4.0.3</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li>Preserve reporter options from config when CLI reporters override them - by <a href="https://github.com/Copilot"><code>@Copilot</code></a> and <strong>sheremet-va</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8794">vitest-dev/vitest#8794</a> <a href="https://github.com/vitest-dev/vitest/commit/155521a85"><!-- raw HTML omitted -->(15552)<!-- raw HTML omitted --></a></li> <li><strong>browser</strong>: More stable in-source testing validation - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8793">vitest-dev/vitest#8793</a> <a href="https://github.com/vitest-dev/vitest/commit/622977e61"><!-- raw HTML omitted -->(62297)<!-- raw HTML omitted --></a></li> <li><strong>happy-dom</strong>: Support fetch globals - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8791">vitest-dev/vitest#8791</a> <a href="https://github.com/vitest-dev/vitest/commit/0fb74bd3b"><!-- raw HTML omitted -->(0fb74)<!-- raw HTML omitted --></a></li> <li><strong>init</strong>: Use correct jsx/tsx extension - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8792">vitest-dev/vitest#8792</a> <a href="https://github.com/vitest-dev/vitest/commit/abc046f95"><!-- raw HTML omitted -->(abc04)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.0.2...v4.0.3">View changes on GitHub</a></h5> <h2>v4.0.2</h2> <h3> 🐞 Bug Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/ed9fc71076f94f23320922f115e37bc9a84b6dbb"><code>ed9fc71</code></a> chore: release v4.0.5</li> <li><a href="https://github.com/vitest-dev/vitest/commit/b9521e0c2dfa30860d96ffb694a1b7d4214deb57"><code>b9521e0</code></a> fix: allow module in --config (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8864">#8864</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/0e858bab4317a76b7366618320301920fffdf60a"><code>0e858ba</code></a> fix(module-runner): don't return node builtins for <code>getBuiltins</code> unconditiona...</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a4f86f1ba44141d3256e2563a47b0b4dedd462e4"><code>a4f86f1</code></a> fix: respect <code>ssr.noExternal</code> when externalizing dependencies (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8862">#8862</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/b9aabf4e6664f6d6a8b4332833cb111b38536049"><code>b9aabf4</code></a> fix(pool): rename <code>groupId</code> to <code>groupOrder</code> in error message (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8856">#8856</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/584aa7148dedf157684377a3af8aea86eb179603"><code>584aa71</code></a> perf: pass testfiles at once when <code>--no-isolate --maxWorkers=1</code> (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8835">#8835</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/9b75ec5f2fa46daaaa649493eb7f643a1cc9f51a"><code>9b75ec5</code></a> chore: release v4.0.4</li> <li><a href="https://github.com/vitest-dev/vitest/commit/fb95fc7360de6cc69c7d7cfe88b4c1c1dbc28338"><code>fb95fc7</code></a> fix(pool): capture workers <code>stdio</code> to logger (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8809">#8809</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/06208d30bb03d5bb49b88789cef892616f7e6591"><code>06208d3</code></a> fix(mocker): support mocking builtins without <code>node:</code> prefix (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8829">#8829</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/573dc06fec6a5753571866984771f9c32b80da3a"><code>573dc06</code></a> fix(worker): rpc listener leak when <code>isolate: false</code> (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8821">#8821</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vitest-dev/vitest/commits/v4.0.5/packages/vitest">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for vitest since your current version.</p> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…ind/axe-core/playwright-4.11.0
…with 3 updates Bumps the npm-minor-and-patch group with 2 updates in the / directory: [@octokit/types](https://github.com/octokit/types.ts) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the npm-minor-and-patch group with 1 update in the /.github/actions/auth directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the npm-minor-and-patch group with 1 update in the /.github/actions/file directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the npm-minor-and-patch group with 2 updates in the /.github/actions/find directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [@axe-core/playwright](https://github.com/dequelabs/axe-core-npm). Bumps the npm-minor-and-patch group with 1 update in the /.github/actions/fix directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Updates `@octokit/types` from 15.0.1 to 15.0.2 - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v15.0.1...v15.0.2) Updates `@types/node` from 24.9.1 to 24.9.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/node` from 24.9.1 to 24.9.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/node` from 24.9.1 to 24.9.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/node` from 24.9.1 to 24.9.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@axe-core/playwright` from 4.10.2 to 4.11.0 - [Release notes](https://github.com/dequelabs/axe-core-npm/releases) - [Changelog](https://github.com/dequelabs/axe-core-npm/blob/develop/CHANGELOG.md) - [Commits](dequelabs/axe-core-npm@v4.10.2...v4.11.0) Updates `@types/node` from 24.9.1 to 24.9.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@octokit/types" dependency-version: 15.0.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-and-patch - dependency-name: "@types/node" dependency-version: 24.9.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-and-patch - dependency-name: "@types/node" dependency-version: 24.9.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-and-patch - dependency-name: "@types/node" dependency-version: 24.9.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-and-patch - dependency-name: "@types/node" dependency-version: 24.9.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-and-patch - dependency-name: "@axe-core/playwright" dependency-version: 4.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-and-patch - dependency-name: "@types/node" dependency-version: 24.9.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>
#59) Fixes github/continuous-ai-for-accessibility#87 (Hubber access only) Fixes github/continuous-ai-for-accessibility#81 (Hubber access only) ### Problem `uses: github/accessibility-scanner@main` currently fails with the following error— > Error: Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '/home/runner/work/accessibility-sandbox/accessibility-sandbox/.github/actions/gh-cache/cache'. Did you forget to run actions/checkout before running your local action? —this PR makes it work. ### Solution This PR basically moves the preparatory `cp` workflow step [we used to require](https://github.com/github/accessibility-scanner/tree/bc0c7650825e578c243347fe551f247826bcb70e?tab=readme-ov-file#1-add-a-workflow-file) into the composite action(s) itself. This PR is a superior alternative to c262469: 1. It restores our ability to merge `main` directly into `v2`, which simplifies backports (e.g. dependency updates that Dependabot opens for `main`). 2. It means referencing a point release (e.g. `uses: github/accessibility-scanner@v2.4.0`) _only_ runs code from that release (rather than a mix of `v2.4.0` and (newer) `v2` code). ### Testing - I tested using `uses: github/accessibility-scanner@smockle/restore-relative-paths`, and it worked: https://github.com/github/accessibility-sandbox/actions/runs/18943849865 (Hubber access only) - I tested using a sub-action directly (e.g. `uses: github/accessibility-scanner/.github/actions/gh-cache/cache@smockle/restore-relative-paths`), and it worked: https://github.com/github/accessibility-sandbox/actions/runs/18945624950 (Hubber access only) - The “Test” CI check passed: https://github.com/github/accessibility-scanner/actions/runs/18944419202/job/54092648187?pr=59
…dates don’t fail our tests
…hub/actions/find (#51) Bumps [@axe-core/playwright](https://github.com/dequelabs/axe-core-npm) from 4.10.2 to 4.11.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dequelabs/axe-core-npm/blob/develop/CHANGELOG.md"><code>@axe-core/playwright</code>'s changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/dequelabs/axe-core-npm/compare/v4.10.1...v4.11.0">4.11.0</a> (2025-10-14)</h1> <h3>Bug Fixes</h3> <ul> <li>Optimize AxeBuilder memory usage. (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1154">#1154</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/e53cd36d0770a8323577946b0438f058b87a0aad">e53cd36</a>), closes <a href="https://github.com//github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/axePuppeteer.ts/issues/L59">/github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/axePuppeteer.ts#L59</a> <a href="https://github.com//github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/utils.ts/issues/L34">/github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/utils.ts#L34</a></li> <li>Update axe-core to v4.10.3 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1155">#1155</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/f8e3a14043c7288ca9373a5f1543ffd27cedf256">f8e3a14</a>)</li> <li><strong>wdio:</strong> resolve blank navigation issue in WDIO v9 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1169">#1169</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/6505560d646ddc6db8a9b4cf772af08ff3f08dc3">6505560</a>)</li> </ul> <h3>Features</h3> <ul> <li>Update axe-core to v4.11.0 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1233">#1233</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/27584764815148bf902f29010cca0f4f2230cf46">2758476</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/dequelabs/axe-core-npm/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…with 3 updates (#56) Bumps the npm-minor-and-patch group with 2 updates in the / directory: [@octokit/types](https://github.com/octokit/types.ts) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the npm-minor-and-patch group with 1 update in the /.github/actions/auth directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the npm-minor-and-patch group with 1 update in the /.github/actions/file directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the npm-minor-and-patch group with 2 updates in the /.github/actions/find directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [@axe-core/playwright](https://github.com/dequelabs/axe-core-npm). Bumps the npm-minor-and-patch group with 1 update in the /.github/actions/fix directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Updates `@octokit/types` from 15.0.1 to 15.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/types.ts/releases"><code>@octokit/types</code>'s releases</a>.</em></p> <blockquote> <h2>v15.0.2</h2> <h2><a href="https://github.com/octokit/types.ts/compare/v15.0.1...v15.0.2">15.0.2</a> (2025-10-29)</h2> <h3>Bug Fixes</h3> <ul> <li>update generated file & update dependency node to v24 (<a href="https://redirect.github.com/octokit/types.ts/issues/691">#691</a>) (<a href="https://github.com/octokit/types.ts/commit/f5f57435769854f34bf707e81769dc94624cb423">f5f5743</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/types.ts/commit/f5f57435769854f34bf707e81769dc94624cb423"><code>f5f5743</code></a> fix: update generated file & update dependency node to v24 (<a href="https://redirect.github.com/octokit/types.ts/issues/691">#691</a>)</li> <li>See full diff in <a href="https://github.com/octokit/types.ts/compare/v15.0.1...v15.0.2">compare view</a></li> </ul> </details> <br /> Updates `@types/node` from 24.9.1 to 24.9.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Updates `@types/node` from 24.9.1 to 24.9.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Updates `@types/node` from 24.9.1 to 24.9.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Updates `@types/node` from 24.9.1 to 24.9.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Updates `@axe-core/playwright` from 4.10.2 to 4.11.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dequelabs/axe-core-npm/releases"><code>@axe-core/playwright</code>'s releases</a>.</em></p> <blockquote> <h2>Release 4.11.0</h2> <h3>Bug Fixes</h3> <ul> <li>Optimize AxeBuilder memory usage. (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1154">#1154</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/e53cd36d0770a8323577946b0438f058b87a0aad">e53cd36</a>), closes <a href="https://github.com//github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/axePuppeteer.ts/issues/L59">/github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/axePuppeteer.ts#L59</a> <a href="https://github.com//github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/utils.ts/issues/L34">/github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/utils.ts#L34</a></li> <li>Update axe-core to v4.10.3 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1155">#1155</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/f8e3a14043c7288ca9373a5f1543ffd27cedf256">f8e3a14</a>)</li> <li><strong>wdio:</strong> resolve blank navigation issue in WDIO v9 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1169">#1169</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/6505560d646ddc6db8a9b4cf772af08ff3f08dc3">6505560</a>)</li> </ul> <h3>Features</h3> <ul> <li>Update axe-core to v4.11.0 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1233">#1233</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/27584764815148bf902f29010cca0f4f2230cf46">2758476</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dequelabs/axe-core-npm/blob/develop/CHANGELOG.md"><code>@axe-core/playwright</code>'s changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/dequelabs/axe-core-npm/compare/v4.10.1...v4.11.0">4.11.0</a> (2025-10-14)</h1> <h3>Bug Fixes</h3> <ul> <li>Optimize AxeBuilder memory usage. (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1154">#1154</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/e53cd36d0770a8323577946b0438f058b87a0aad">e53cd36</a>), closes <a href="https://github.com//github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/axePuppeteer.ts/issues/L59">/github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/axePuppeteer.ts#L59</a> <a href="https://github.com//github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/utils.ts/issues/L34">/github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/utils.ts#L34</a></li> <li>Update axe-core to v4.10.3 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1155">#1155</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/f8e3a14043c7288ca9373a5f1543ffd27cedf256">f8e3a14</a>)</li> <li><strong>wdio:</strong> resolve blank navigation issue in WDIO v9 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1169">#1169</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/6505560d646ddc6db8a9b4cf772af08ff3f08dc3">6505560</a>)</li> </ul> <h3>Features</h3> <ul> <li>Update axe-core to v4.11.0 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1233">#1233</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/27584764815148bf902f29010cca0f4f2230cf46">2758476</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dequelabs/axe-core-npm/commit/a7af9e96a24105a56def373bf0339cf57cda0403"><code>a7af9e9</code></a> chore: Release v4.11.0 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1236">#1236</a>)</li> <li><a href="https://github.com/dequelabs/axe-core-npm/commit/07ffcc1758d8ea149c6698aba8557f106bbb5a35"><code>07ffcc1</code></a> chore: RC v4.11.0 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1234">#1234</a>)</li> <li><a href="https://github.com/dequelabs/axe-core-npm/commit/fe19996bf184de414ee6e01b8086873b2ea01d37"><code>fe19996</code></a> chore: RC v4.11.0</li> <li><a href="https://github.com/dequelabs/axe-core-npm/commit/27584764815148bf902f29010cca0f4f2230cf46"><code>2758476</code></a> feat: Update axe-core to v4.11.0 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1233">#1233</a>)</li> <li><a href="https://github.com/dequelabs/axe-core-npm/commit/1ae97531ac2b5a65bb5ddd672d3b6883a23528ff"><code>1ae9753</code></a> chore: bump actions/setup-node from 4 to 5 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1231">#1231</a>)</li> <li><a href="https://github.com/dequelabs/axe-core-npm/commit/cae076128e0f6e8d190ed5ea6c488a52b464c986"><code>cae0761</code></a> chore: bump tar-fs from 3.1.0 to 3.1.1 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1229">#1229</a>)</li> <li><a href="https://github.com/dequelabs/axe-core-npm/commit/9bda0f09ada273c7912c23ca1750496bfc258078"><code>9bda0f0</code></a> chore: bump dotenv from 16.4.7 to 17.2.1 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1212">#1212</a>)</li> <li><a href="https://github.com/dequelabs/axe-core-npm/commit/c7bbb3e819174cc7fd3963fb2a29d70f07b6efc9"><code>c7bbb3e</code></a> chore: bump eslint-config-prettier from 9.1.0 to 10.1.8 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1213">#1213</a>)</li> <li><a href="https://github.com/dequelabs/axe-core-npm/commit/fdd8982db95a7a8511ef3d9dbc81b576a5506cec"><code>fdd8982</code></a> chore: bump jest-environment-jsdom from 29.7.0 to 30.0.5 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1216">#1216</a>)</li> <li><a href="https://github.com/dequelabs/axe-core-npm/commit/644a58d14477311eeca8d9d6edd77d0a51eaf0b2"><code>644a58d</code></a> chore: bump globals from 15.14.0 to 16.3.0 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1217">#1217</a>)</li> <li>Additional commits viewable in <a href="https://github.com/dequelabs/axe-core-npm/compare/v4.10.2...v4.11.0">compare view</a></li> </ul> </details> <br /> Updates `@types/node` from 24.9.1 to 24.9.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details>
Part of github/continuous-ai-for-accessibility#80 (Hubber access only)
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR updates dependencies, improves test reliability, and enhances documentation for the a11y scanner action. The changes prepare the project for public preview by making tests version-agnostic and improving user-facing documentation.
Key Changes
- Updated npm, Bundler, and Ruby dependencies to latest versions
- Made tests version-agnostic by removing hard-coded axe version references
- Enhanced documentation with clearer structure, better formatting, and improved contribution guidelines
- Fixed action path references and improved workflow configuration
Reviewed Changes
Copilot reviewed 18 out of 24 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/site-with-errors.test.ts | Made tests version-agnostic by validating problemUrl structure instead of exact version |
| package.json, package-lock.json | Updated npm dependencies (@octokit/types, @types/node, vitest) |
| sites/site-with-errors/Gemfile, Gemfile.lock | Upgraded puma from 7.0 to 7.1 |
| action.yml | Added output value mapping and refactored action paths for nested actions |
| .github/actions/gh-cache/cache/action.yml | Updated default value formatting and action path references |
| .github/actions/find/src/findForUrl.ts | Changed apostrophe escaping from curly quotes to HTML entities |
| .github/actions/find/src/index.ts | Updated log message from "Scanning" to "Preparing to scan" |
| .github/actions/auth/src/index.ts | Fixed username field selector to handle optional space |
| .github/actions/file/src/index.ts | Corrected input name from 'cached_results' to 'cached_filings' |
| README.md | Improved formatting, structure, and clarity throughout |
| CONTRIBUTING.md | Expanded with specific guidance on how to contribute |
| SUPPORT.md | Enhanced with better structure and clearer information |
| .github/dependabot.yml | Reorganized to use grouped updates for better PR management |
| .github/workflows/test.yml | Added branch cleanup and environment variable for test repository |
| .github/actions/find/package.json | Updated @axe-core/playwright and playwright versions |
| .github/actions/auth/package.json | Updated playwright and @types/node versions |
| .github/actions/file/package.json | Updated @types/node version |
| .github/actions/fix/package.json | Updated @types/node version |
Files not reviewed (4)
- .github/actions/auth/package-lock.json: Language not supported
- .github/actions/file/package-lock.json: Language not supported
- .github/actions/find/package-lock.json: Language not supported
- .github/actions/fix/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+47
to
+48
| mkdir -p /home/runner/work/_actions/current/.github/actions | ||
| rsync -a .github/actions/ /home/runner/work/_actions/current/.github/actions/ |
There was a problem hiding this comment.
The hard-coded path /home/runner/work/_actions/current/ assumes a specific GitHub Actions runner directory structure. This may break if the runner environment changes or when testing locally. Consider using a relative path or environment variable.
Comment on lines
+20
to
+22
| html: violation.nodes[0].html.replace(/'/g, "'"), | ||
| problemShort: violation.help.toLowerCase().replace(/'/g, "'"), | ||
| problemUrl: violation.helpUrl.replace(/'/g, "'"), |
There was a problem hiding this comment.
The apostrophe replacement is inconsistent across the codebase. Line 20-22 use ' while lines 24-25 also use ', but the diff shows a change from curly quotes (') to straight quotes ('). Consider creating a helper function to ensure consistent escaping across all string fields.
Comment on lines
+7
to
+12
| directories: | ||
| - "/" | ||
| - "/.github/actions/auth" | ||
| - "/.github/actions/find" | ||
| - "/.github/actions/file" | ||
| - "/.github/actions/fix" |
There was a problem hiding this comment.
The directories field is not a valid Dependabot configuration option. According to the Dependabot documentation, the correct field is directory (singular), and only one directory can be specified per update configuration. This configuration will likely fail or be ignored.
| # convert to a list of (partial) Result objects, each with 'findings' and 'issue' keys (i.e. v2). | ||
| # Otherwise, re-output as-is. | ||
| echo "value=$(echo '${{ steps.restore.outputs.value }}' | jq 'if (type == "array" and length > 0 and .[0] | has("issueUrl")) then map({findings: [del(.issueUrl)], issue: {url: .issueUrl}}) else . end' )" >> $GITHUB_OUTPUT | ||
| printf '%s' "value=$(printf '%s' '${{ steps.restore.outputs.value }}' | jq -c 'if (type == "array" and length > 0 and (.[0] | has("issueUrl"))) then map({findings: [del(.issueUrl)], issue: {url: .issueUrl}}) else . end' )" >> $GITHUB_OUTPUT |
There was a problem hiding this comment.
This line exceeds typical line length limits (>200 characters) and combines nested printf statements with complex jq logic, making it difficult to read and maintain. Consider breaking this into multiple steps or using a heredoc for better readability.
Suggested change
| printf '%s' "value=$(printf '%s' '${{ steps.restore.outputs.value }}' | jq -c 'if (type == "array" and length > 0 and (.[0] | has("issueUrl"))) then map({findings: [del(.issueUrl)], issue: {url: .issueUrl}}) else . end' )" >> $GITHUB_OUTPUT | |
| restored_value='${{ steps.restore.outputs.value }}' | |
| normalized_value=$(printf '%s' "$restored_value" | jq -c 'if (type == "array" and length > 0 and (.[0] | has("issueUrl"))) then map({findings: [del(.issueUrl)], issue: {url: .issueUrl}}) else . end') | |
| echo "value=$normalized_value" >> $GITHUB_OUTPUT |
Collaborator
Author
|
Closing in favor of #68 (which resolves the merge conflicts) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.