chore: Merge `main` into `v2` #68

smockle · 2025-11-04T15:00:13Z

Supersedes #64

…step

…e” step (#10) This PR prevents duplicate issues from being opened after repeated workflow runs by fixing two `jq` errors in the “normalize_cache” step: - `jq: error (at <stdin>:1): Cannot check whether boolean has a string key` was fixed by wrapping `(.[0] | has("issueUrl"))` so `has()` runs only after confirming a non-empty array, avoiding `has()` on a boolean. - `jq: parse error: Invalid string: control characters from U+0000 through U+001F must be escaped` was fixed by using `printf '%s'` instead of `echo` to preserve literal escape sequences (`\n`, etc.).

Follow-up to #10 This PR updates the “normalize_cache” step to output compact (one-line) JSON, since a GitHub Actions output cannot span multiple lines.

This PR updates the `core.getInput` call to match the `action.yml` (https://github.com/github/accessibility-scanner/blob/69cb82cdc3d9e37c418092e71af165108b31911c/.github/actions/file/action.yml#L14-L16), so results from previous runs are now available to the File sub-action. This ensures duplicate issues aren’t filed when the workflow re-runs.

Co-authored-by: smockle <3104489+smockle@users.noreply.github.com>

…ariable for testing repo Co-authored-by: smockle <3104489+smockle@users.noreply.github.com>

Co-authored-by: smockle <3104489+smockle@users.noreply.github.com>

- [x] Update "Clean up issues and pull requests" step in main branch's test.yml to delete PR branches - [x] Test bash logic for correctness and edge cases - [x] Code review completed and addressed - [x] Address feedback: - Move branch extraction after `gh pr close` (closer to where it's used) - Move `|| true` inside `$()` for proper error handling - Add `TESTING_REPOSITORY` environment variable to avoid hardcoding - Use environment variable in both the scan step and branch deletion - Use `gh api` instead of `git push` for consistent authentication context The implementation: - Extracts branch name from each PR using `gh pr view "$URL" --json headRefName -q .headRefName || true` - Deletes the branch after closing the PR using `gh api -X DELETE "repos/${{ env.TESTING_REPOSITORY }}/git/refs/heads/$branch"` - Handles failures gracefully with `|| true` inside command substitution - Uses centralized `TESTING_REPOSITORY` environment variable for consistency - Uses `gh api` for branch deletion to maintain consistent authentication context with other `gh` CLI commands Note: Similar changes will need to be applied to v1 and v2 branches separately after this PR is merged.  <details> <summary>Original prompt</summary> > > ---- > > *This section details on the original issue you should resolve* > > <issue_title>[Task] Delete `copilot/*` branches in E2E test workflow</issue_title> > <issue_description>### Problem > > Before transferring the action to [github/accessibility-scanner](https://github.com/github/accessibility-scanner), I deleted thousands of `copilot/*` branches by running `git branch -r | grep -Eo 'copilot/.*' | xargs -I {} git push origin :{}`. This took more than 30 minutes to complete. > > Because of github-community-projects/continuous-ai-for-accessibility-scanner#2202 [^1], the new `github/accessibility-scanner` repo will never have thousands of defunct `copilot/*` branches…but `github/accessibility-scanner-testing` will. It’s [already starting](https://github.com/github/accessibility-scanner-testing/branches/all?query=copilot%2F). > > ### Solution > > - In [`main`’s test.yml](https://github.com/github/accessibility-scanner/blob/main/.github/workflows/test.yml#L95-L121), [`v2`’s test.yml](https://github.com/github/accessibility-scanner/blob/v2/.github/workflows/test.yml#L95-L121), and [`v1`’s test.yml](https://github.com/github/accessibility-scanner/blob/v1/.github/workflows/test.yml#L137-L163) update the “Clean up issues and pull requests” step to also delete the branch for each PR it deletes. > - Do not use `git branch -r | grep -Eo 'copilot/.*' | xargs -I {} git push origin :{}` to delete all Copilot branches—that is too broad, and it could delete branches unrelated to E2E testing (i.e. branches we want to keep). > - The `gh` CLI doesn’t have a command or flag for deleting branches alongside PRs, but something like this should work: `branch="$(gh pr view <PR-number> --json headRefName -q .headRefName)" && [ -n "$branch" ] && git push origin --delete "$branch" || true`. > > [^1]: And https://github.com/github/accessibility-scanner/pull/7/files#diff-faff1af3d8ff408964a57b2e475f69a6b7c7b71c9978cccc8f471798caac2c88 and https://github.com/github/accessibility-scanner/pull/8/files#diff-faff1af3d8ff408964a57b2e475f69a6b7c7b71c9978cccc8f471798caac2c88</issue_description> > > ## Comments on the Issue (you are @copilot in this section) > > <comments> > </comments> > </details> Fixes github/continuous-ai-for-accessibility#76  --- ✨ Let Copilot coding agent [set things up for you](https://github.com/github/accessibility-scanner/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo.

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [playwright](https://github.com/microsoft/playwright) from 1.56.0 to 1.56.1. - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.56.0...v1.56.1) --- updated-dependencies: - dependency-name: playwright dependency-version: 1.56.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [playwright](https://github.com/microsoft/playwright) from 1.56.0 to 1.56.1. - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.56.0...v1.56.1) --- updated-dependencies: - dependency-name: playwright dependency-version: 1.56.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [puma](https://github.com/puma/puma) from 7.0.4 to 7.1.0. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/main/History.md) - [Commits](puma/puma@v7.0.4...v7.1.0) --- updated-dependencies: - dependency-name: puma dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/node&package-manager=npm_and_yarn&previous-version=24.7.1&new-version=24.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

…s/find (#26) Bumps [playwright](https://github.com/microsoft/playwright) from 1.56.0 to 1.56.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/playwright/releases">playwright's releases</a>.</em></p> <blockquote> <h2>v1.56.1</h2> <h2>Highlights</h2> <p><a href="https://redirect.github.com/microsoft/playwright/issues/37871">#37871</a> chore: allow local-network-access permission in chromium <a href="https://redirect.github.com/microsoft/playwright/issues/37891">#37891</a> fix(agents): remove workspaceFolder ref from vscode mcp <a href="https://redirect.github.com/microsoft/playwright/issues/37759">#37759</a> chore: rename agents to test agents <a href="https://redirect.github.com/microsoft/playwright/issues/37757">#37757</a> chore(mcp): fallback to cwd when resolving test config</p> <h2>Browser Versions</h2> <ul> <li>Chromium 141.0.7390.37</li> <li>Mozilla Firefox 142.0.1</li> <li>WebKit 26.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/playwright/commit/54c711571a37de525377e6f3d3608c3e029b1829"><code>54c7115</code></a> chore: revert "minimal vscode version notice" (<a href="https://redirect.github.com/microsoft/playwright/issues/37892">#37892</a>)</li> <li><a href="https://github.com/microsoft/playwright/commit/7d45eb331a6bac304fb8640129e0931192ad7e93"><code>7d45eb3</code></a> chore: mark v1.56.1 (<a href="https://redirect.github.com/microsoft/playwright/issues/37784">#37784</a>)</li> <li><a href="https://github.com/microsoft/playwright/commit/e6ef6974bedb32d15d1e525a16caf3a95c1a7173"><code>e6ef697</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37871">#37871</a>): chore: allow local-network-access permission in chromium</li> <li><a href="https://github.com/microsoft/playwright/commit/932542c3c1e8c864bfbd48ecf38a55098d703703"><code>932542c</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37891">#37891</a>): fix(agents): remove workspaceFolder ref from vscode mcp</li> <li><a href="https://github.com/microsoft/playwright/commit/0662dd29eed5df12d09bc3c871ac2164a4f62969"><code>0662dd2</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37759">#37759</a>): chore: rename agents to test agents</li> <li><a href="https://github.com/microsoft/playwright/commit/919549ec2c3d70fad0e85fc9f86fabd6a7b7c2c8"><code>919549e</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37758">#37758</a>): docs: mention VS Code insiders in the agents docs</li> <li><a href="https://github.com/microsoft/playwright/commit/e593c64187f8d2687c4ed1b6cca44a022fee057b"><code>e593c64</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37757">#37757</a>): chore(mcp): fallback to cwd when resolving test config</li> <li><a href="https://github.com/microsoft/playwright/commit/a8a6e1049bf85ad31f621dfc33d099898506c4a7"><code>a8a6e10</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37755">#37755</a>): chore(mcp): minimal vscode version notice</li> <li><a href="https://github.com/microsoft/playwright/commit/f36b2eec65df570d4ec9544e3dddc05ada84fb65"><code>f36b2ee</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37731">#37731</a>): docs: add agents video to agents page (<a href="https://redirect.github.com/microsoft/playwright/issues/37733">#37733</a>)</li> <li>See full diff in <a href="https://github.com/microsoft/playwright/compare/v1.56.0...v1.56.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=playwright&package-manager=npm_and_yarn&previous-version=1.56.0&new-version=1.56.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

…ctions/find (#25) [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/node&package-manager=npm_and_yarn&previous-version=24.7.1&new-version=24.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

…s/auth (#31) Bumps [playwright](https://github.com/microsoft/playwright) from 1.56.0 to 1.56.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/playwright/releases">playwright's releases</a>.</em></p> <blockquote> <h2>v1.56.1</h2> <h2>Highlights</h2> <p><a href="https://redirect.github.com/microsoft/playwright/issues/37871">#37871</a> chore: allow local-network-access permission in chromium <a href="https://redirect.github.com/microsoft/playwright/issues/37891">#37891</a> fix(agents): remove workspaceFolder ref from vscode mcp <a href="https://redirect.github.com/microsoft/playwright/issues/37759">#37759</a> chore: rename agents to test agents <a href="https://redirect.github.com/microsoft/playwright/issues/37757">#37757</a> chore(mcp): fallback to cwd when resolving test config</p> <h2>Browser Versions</h2> <ul> <li>Chromium 141.0.7390.37</li> <li>Mozilla Firefox 142.0.1</li> <li>WebKit 26.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/playwright/commit/54c711571a37de525377e6f3d3608c3e029b1829"><code>54c7115</code></a> chore: revert "minimal vscode version notice" (<a href="https://redirect.github.com/microsoft/playwright/issues/37892">#37892</a>)</li> <li><a href="https://github.com/microsoft/playwright/commit/7d45eb331a6bac304fb8640129e0931192ad7e93"><code>7d45eb3</code></a> chore: mark v1.56.1 (<a href="https://redirect.github.com/microsoft/playwright/issues/37784">#37784</a>)</li> <li><a href="https://github.com/microsoft/playwright/commit/e6ef6974bedb32d15d1e525a16caf3a95c1a7173"><code>e6ef697</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37871">#37871</a>): chore: allow local-network-access permission in chromium</li> <li><a href="https://github.com/microsoft/playwright/commit/932542c3c1e8c864bfbd48ecf38a55098d703703"><code>932542c</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37891">#37891</a>): fix(agents): remove workspaceFolder ref from vscode mcp</li> <li><a href="https://github.com/microsoft/playwright/commit/0662dd29eed5df12d09bc3c871ac2164a4f62969"><code>0662dd2</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37759">#37759</a>): chore: rename agents to test agents</li> <li><a href="https://github.com/microsoft/playwright/commit/919549ec2c3d70fad0e85fc9f86fabd6a7b7c2c8"><code>919549e</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37758">#37758</a>): docs: mention VS Code insiders in the agents docs</li> <li><a href="https://github.com/microsoft/playwright/commit/e593c64187f8d2687c4ed1b6cca44a022fee057b"><code>e593c64</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37757">#37757</a>): chore(mcp): fallback to cwd when resolving test config</li> <li><a href="https://github.com/microsoft/playwright/commit/a8a6e1049bf85ad31f621dfc33d099898506c4a7"><code>a8a6e10</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37755">#37755</a>): chore(mcp): minimal vscode version notice</li> <li><a href="https://github.com/microsoft/playwright/commit/f36b2eec65df570d4ec9544e3dddc05ada84fb65"><code>f36b2ee</code></a> cherry-pick(<a href="https://redirect.github.com/microsoft/playwright/issues/37731">#37731</a>): docs: add agents video to agents page (<a href="https://redirect.github.com/microsoft/playwright/issues/37733">#37733</a>)</li> <li>See full diff in <a href="https://github.com/microsoft/playwright/compare/v1.56.0...v1.56.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=playwright&package-manager=npm_and_yarn&previous-version=1.56.0&new-version=1.56.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [@octokit/types](https://github.com/octokit/types.ts) from 15.0.0 to 15.0.1. - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v15.0.0...v15.0.1) --- updated-dependencies: - dependency-name: "@octokit/types" dependency-version: 15.0.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.1 to 24.9.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@octokit/types](https://github.com/octokit/types.ts) from 15.0.0 to 15.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/types.ts/releases"><code>@octokit/types</code>'s releases</a>.</em></p> <blockquote> <h2>v15.0.1</h2> <h2><a href="https://github.com/octokit/types.ts/compare/v15.0.0...v15.0.1">15.0.1</a> (2025-10-20)</h2> <h3>Bug Fixes</h3> <ul> <li>reduce complexity (<a href="https://redirect.github.com/octokit/types.ts/issues/687">#687</a>) (<a href="https://github.com/octokit/types.ts/commit/a0529c11500bdaeee7f925cc40f24e215f5280f3">a0529c1</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/types.ts/commit/a0529c11500bdaeee7f925cc40f24e215f5280f3"><code>a0529c1</code></a> fix: reduce complexity (<a href="https://redirect.github.com/octokit/types.ts/issues/687">#687</a>)</li> <li><a href="https://github.com/octokit/types.ts/commit/435bdccf6d96db80c6a913e769d080702fcfb1ee"><code>435bdcc</code></a> ci(action): update peter-evans/create-or-update-comment action to v5 (<a href="https://redirect.github.com/octokit/types.ts/issues/684">#684</a>)</li> <li><a href="https://github.com/octokit/types.ts/commit/52ffdca89204701d157ef1e41cc96b3eead44821"><code>52ffdca</code></a> ci(action): update actions/setup-node action to v6 (<a href="https://redirect.github.com/octokit/types.ts/issues/689">#689</a>)</li> <li><a href="https://github.com/octokit/types.ts/commit/aaf87a2cd0a562c2fa32f2cbfba3716e93e09f16"><code>aaf87a2</code></a> ci(action): update github/codeql-action action to v4 (<a href="https://redirect.github.com/octokit/types.ts/issues/688">#688</a>)</li> <li><a href="https://github.com/octokit/types.ts/commit/db7d9bcf7747c13e7b28360d3c7d538ce757bb53"><code>db7d9bc</code></a> chore(deps): update dependency semantic-release to v25 (<a href="https://redirect.github.com/octokit/types.ts/issues/690">#690</a>)</li> <li>See full diff in <a href="https://github.com/octokit/types.ts/compare/v15.0.0...v15.0.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@octokit/types&package-manager=npm_and_yarn&previous-version=15.0.0&new-version=15.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

…ak single-quoted shell strings

Addresses #22 (that issue will remain open until this fix is backported to the v1 and v2 series) This PR escapes single quotes in the `html` field (other fields were escaped already). This prevents findings for elements with single quotes (e.g. `<p>Hi y'all!</p>`) from breaking workflows, specifically around [action.yml#86](https://github.com/github/accessibility-scanner/blob/3a0a60f790958e521e9455a6a69d4752fdbeea56/action.yml#L86), where a single-quoted shell string is sent to `jq`.

…es'. This commit’s approach _should_ make the action runnable with 'uses: github/accessibility-scanner@main', without 'action not found at path'-type errors.

…g files into it

…d dest are identical (not copied)'

Fixes github/continuous-ai-for-accessibility#79 (Hubber access only) This PR logs the URL _actually_ open in the Playwright-driven browser, revealing whether the scanner is repeatedly scanning a login or 404 page instead of the intended page.

Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.2.4 to 4.0.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">vitest's releases</a>.</em></p> <blockquote> <h2>v4.0.5</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li>Respect <code>ssr.noExternal</code> when externalizing dependencies, fix Svelte and Astro - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8862">vitest-dev/vitest#8862</a> <a href="https://github.com/vitest-dev/vitest/commit/a4f86f1ba">(a4f86)</a></li> <li>Allow module in --config - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8864">vitest-dev/vitest#8864</a> <a href="https://github.com/vitest-dev/vitest/commit/b9521e0c2">(b9521)</a></li> <li><strong>browser</strong>: Allow <code>Locator</code> type in selectOptions element parameter - by <a href="https://github.com/rzzf"><code>@rzzf</code></a> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8848">vitest-dev/vitest#8848</a> <a href="https://github.com/vitest-dev/vitest/commit/7ee283c96">(7ee28)</a></li> <li><strong>module-runner</strong>: Don't return node builtins for <code>getBuiltins</code> unconditionally - by <a href="https://github.com/sapphi-red"><code>@sapphi-red</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8863">vitest-dev/vitest#8863</a> <a href="https://github.com/vitest-dev/vitest/commit/0e858bab4">(0e858)</a></li> <li><strong>pool</strong>: Rename <code>groupId</code> to <code>groupOrder</code> in error message - by <a href="https://github.com/Yohannfra"><code>@Yohannfra</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8856">vitest-dev/vitest#8856</a> <a href="https://github.com/vitest-dev/vitest/commit/b9aabf4e6">(b9aab)</a></li> </ul> <h3> 🏎 Performance</h3> <ul> <li>Pass testfiles at once when <code>--no-isolate --maxWorkers=1</code> - by <a href="https://github.com/AriPerkkio"><code>@AriPerkkio</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8835">vitest-dev/vitest#8835</a> <a href="https://github.com/vitest-dev/vitest/commit/584aa7148">(584aa)</a></li> <li><strong>expect</strong>: Optimize checking the input type - by <a href="https://github.com/Connormiha"><code>@Connormiha</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8840">vitest-dev/vitest#8840</a> <a href="https://github.com/vitest-dev/vitest/commit/0696898b4">(06968)</a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.0.4...v4.0.5">View changes on GitHub</a></h5> <h2>v4.0.4</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: <ul> <li>Correct typo - by <a href="https://github.com/benmccann"><code>@benmccann</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8796">vitest-dev/vitest#8796</a> <a href="https://github.com/vitest-dev/vitest/commit/ede1f39d6">(ede1f)</a></li> <li>Publish a missing context file for webdriverio - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8824">vitest-dev/vitest#8824</a> <a href="https://github.com/vitest-dev/vitest/commit/7c7b6f0b1">(7c7b6)</a></li> </ul> </li> <li><strong>mocker</strong>: <ul> <li>Support mocking builtins without <code>node:</code> prefix - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8829">vitest-dev/vitest#8829</a> <a href="https://github.com/vitest-dev/vitest/commit/06208d30b">(06208)</a></li> </ul> </li> <li><strong>pool</strong>: <ul> <li>Runner's error listener causing <code>MaxListenersExceededWarning</code> - by <a href="https://github.com/AriPerkkio"><code>@AriPerkkio</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8820">vitest-dev/vitest#8820</a> <a href="https://github.com/vitest-dev/vitest/commit/d1bff3bb3">(d1bff)</a></li> <li>Capture workers <code>stdio</code> to logger - by <a href="https://github.com/AriPerkkio"><code>@AriPerkkio</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8809">vitest-dev/vitest#8809</a> <a href="https://github.com/vitest-dev/vitest/commit/fb95fc736">(fb95f)</a></li> </ul> </li> <li><strong>spy</strong>: <ul> <li>Allow classes in <code>vi.mocked</code> utility - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8839">vitest-dev/vitest#8839</a> <a href="https://github.com/vitest-dev/vitest/commit/f87568d64">(f8756)</a></li> </ul> </li> <li><strong>worker</strong>: <ul> <li>Rpc listener leak when <code>isolate: false</code> - by <a href="https://github.com/AriPerkkio"><code>@AriPerkkio</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8821">vitest-dev/vitest#8821</a> <a href="https://github.com/vitest-dev/vitest/commit/573dc06fe">(573dc)</a></li> </ul> </li> </ul> <h3> 🏎 Performance</h3> <ul> <li><strong>utils</strong>: Optimized reducer to avoid creating new objects - by <a href="https://github.com/Connormiha"><code>@Connormiha</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8818">vitest-dev/vitest#8818</a> <a href="https://github.com/vitest-dev/vitest/commit/d19cece3a">(d19ce)</a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.0.3...v4.0.4">View changes on GitHub</a></h5> <h2>v4.0.3</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li>Preserve reporter options from config when CLI reporters override them - by <a href="https://github.com/Copilot"><code>@Copilot</code></a> and <strong>sheremet-va</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8794">vitest-dev/vitest#8794</a> <a href="https://github.com/vitest-dev/vitest/commit/155521a85">(15552)</a></li> <li><strong>browser</strong>: More stable in-source testing validation - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8793">vitest-dev/vitest#8793</a> <a href="https://github.com/vitest-dev/vitest/commit/622977e61">(62297)</a></li> <li><strong>happy-dom</strong>: Support fetch globals - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8791">vitest-dev/vitest#8791</a> <a href="https://github.com/vitest-dev/vitest/commit/0fb74bd3b">(0fb74)</a></li> <li><strong>init</strong>: Use correct jsx/tsx extension - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8792">vitest-dev/vitest#8792</a> <a href="https://github.com/vitest-dev/vitest/commit/abc046f95">(abc04)</a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.0.2...v4.0.3">View changes on GitHub</a></h5> <h2>v4.0.2</h2> <h3> 🐞 Bug Fixes</h3>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/ed9fc71076f94f23320922f115e37bc9a84b6dbb"><code>ed9fc71</code></a> chore: release v4.0.5</li> <li><a href="https://github.com/vitest-dev/vitest/commit/b9521e0c2dfa30860d96ffb694a1b7d4214deb57"><code>b9521e0</code></a> fix: allow module in --config (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8864">#8864</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/0e858bab4317a76b7366618320301920fffdf60a"><code>0e858ba</code></a> fix(module-runner): don't return node builtins for <code>getBuiltins</code> unconditiona...</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a4f86f1ba44141d3256e2563a47b0b4dedd462e4"><code>a4f86f1</code></a> fix: respect <code>ssr.noExternal</code> when externalizing dependencies (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8862">#8862</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/b9aabf4e6664f6d6a8b4332833cb111b38536049"><code>b9aabf4</code></a> fix(pool): rename <code>groupId</code> to <code>groupOrder</code> in error message (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8856">#8856</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/584aa7148dedf157684377a3af8aea86eb179603"><code>584aa71</code></a> perf: pass testfiles at once when <code>--no-isolate --maxWorkers=1</code> (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8835">#8835</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/9b75ec5f2fa46daaaa649493eb7f643a1cc9f51a"><code>9b75ec5</code></a> chore: release v4.0.4</li> <li><a href="https://github.com/vitest-dev/vitest/commit/fb95fc7360de6cc69c7d7cfe88b4c1c1dbc28338"><code>fb95fc7</code></a> fix(pool): capture workers <code>stdio</code> to logger (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8809">#8809</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/06208d30bb03d5bb49b88789cef892616f7e6591"><code>06208d3</code></a> fix(mocker): support mocking builtins without <code>node:</code> prefix (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8829">#8829</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/573dc06fec6a5753571866984771f9c32b80da3a"><code>573dc06</code></a> fix(worker): rpc listener leak when <code>isolate: false</code> (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/8821">#8821</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vitest-dev/vitest/commits/v4.0.5/packages/vitest">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for vitest since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vitest&package-manager=npm_and_yarn&previous-version=3.2.4&new-version=4.0.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

…ind/axe-core/playwright-4.11.0

…with 3 updates Bumps the npm-minor-and-patch group with 2 updates in the / directory: [@octokit/types](https://github.com/octokit/types.ts) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the npm-minor-and-patch group with 1 update in the /.github/actions/auth directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the npm-minor-and-patch group with 1 update in the /.github/actions/file directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the npm-minor-and-patch group with 2 updates in the /.github/actions/find directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [@axe-core/playwright](https://github.com/dequelabs/axe-core-npm). Bumps the npm-minor-and-patch group with 1 update in the /.github/actions/fix directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Updates `@octokit/types` from 15.0.1 to 15.0.2 - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v15.0.1...v15.0.2) Updates `@types/node` from 24.9.1 to 24.9.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/node` from 24.9.1 to 24.9.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/node` from 24.9.1 to 24.9.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/node` from 24.9.1 to 24.9.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@axe-core/playwright` from 4.10.2 to 4.11.0 - [Release notes](https://github.com/dequelabs/axe-core-npm/releases) - [Changelog](https://github.com/dequelabs/axe-core-npm/blob/develop/CHANGELOG.md) - [Commits](dequelabs/axe-core-npm@v4.10.2...v4.11.0) Updates `@types/node` from 24.9.1 to 24.9.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@octokit/types" dependency-version: 15.0.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-and-patch - dependency-name: "@types/node" dependency-version: 24.9.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-and-patch - dependency-name: "@types/node" dependency-version: 24.9.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-and-patch - dependency-name: "@types/node" dependency-version: 24.9.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-and-patch - dependency-name: "@types/node" dependency-version: 24.9.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-and-patch - dependency-name: "@axe-core/playwright" dependency-version: 4.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-and-patch - dependency-name: "@types/node" dependency-version: 24.9.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

#59) Fixes github/continuous-ai-for-accessibility#87 (Hubber access only) Fixes github/continuous-ai-for-accessibility#81 (Hubber access only) ### Problem `uses: github/accessibility-scanner@main` currently fails with the following error— > Error: Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '/home/runner/work/accessibility-sandbox/accessibility-sandbox/.github/actions/gh-cache/cache'. Did you forget to run actions/checkout before running your local action? —this PR makes it work. ### Solution This PR basically moves the preparatory `cp` workflow step [we used to require](https://github.com/github/accessibility-scanner/tree/bc0c7650825e578c243347fe551f247826bcb70e?tab=readme-ov-file#1-add-a-workflow-file) into the composite action(s) itself. This PR is a superior alternative to c262469: 1. It restores our ability to merge `main` directly into `v2`, which simplifies backports (e.g. dependency updates that Dependabot opens for `main`). 2. It means referencing a point release (e.g. `uses: github/accessibility-scanner@v2.4.0`) _only_ runs code from that release (rather than a mix of `v2.4.0` and (newer) `v2` code). ### Testing - I tested using `uses: github/accessibility-scanner@smockle/restore-relative-paths`, and it worked: https://github.com/github/accessibility-sandbox/actions/runs/18943849865 (Hubber access only) - I tested using a sub-action directly (e.g. `uses: github/accessibility-scanner/.github/actions/gh-cache/cache@smockle/restore-relative-paths`), and it worked: https://github.com/github/accessibility-sandbox/actions/runs/18945624950 (Hubber access only) - The “Test” CI check passed: https://github.com/github/accessibility-scanner/actions/runs/18944419202/job/54092648187?pr=59

…dates don’t fail our tests

…hub/actions/find (#51) Bumps [@axe-core/playwright](https://github.com/dequelabs/axe-core-npm) from 4.10.2 to 4.11.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dequelabs/axe-core-npm/blob/develop/CHANGELOG.md"><code>@axe-core/playwright</code>'s changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/dequelabs/axe-core-npm/compare/v4.10.1...v4.11.0">4.11.0</a> (2025-10-14)</h1> <h3>Bug Fixes</h3> <ul> <li>Optimize AxeBuilder memory usage. (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1154">#1154</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/e53cd36d0770a8323577946b0438f058b87a0aad">e53cd36</a>), closes <a href="https://github.com//github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/axePuppeteer.ts/issues/L59">/github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/axePuppeteer.ts#L59</a> <a href="https://github.com//github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/utils.ts/issues/L34">/github.com/bensenescu/axe-core-npm/blob/develop/packages/puppeteer/src/utils.ts#L34</a></li> <li>Update axe-core to v4.10.3 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1155">#1155</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/f8e3a14043c7288ca9373a5f1543ffd27cedf256">f8e3a14</a>)</li> <li><strong>wdio:</strong> resolve blank navigation issue in WDIO v9 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1169">#1169</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/6505560d646ddc6db8a9b4cf772af08ff3f08dc3">6505560</a>)</li> </ul> <h3>Features</h3> <ul> <li>Update axe-core to v4.11.0 (<a href="https://redirect.github.com/dequelabs/axe-core-npm/issues/1233">#1233</a>) (<a href="https://github.com/dequelabs/axe-core-npm/commit/27584764815148bf902f29010cca0f4f2230cf46">2758476</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/dequelabs/axe-core-npm/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@axe-core/playwright&package-manager=npm_and_yarn&previous-version=4.10.2&new-version=4.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

…90aa8db967

Part of github/continuous-ai-for-accessibility#80 (Hubber access only)

Copilot

Pull Request Overview

This PR updates the action to make sub-actions referenceable using local paths instead of remote references, updates dependencies, and makes various test and implementation improvements to handle dynamic version-dependent URLs.

Updated action references to use local paths via /home/runner/work/_actions/current/ directory structure
Updated multiple npm and Ruby dependencies to latest minor/patch versions
Improved test resilience by making URL version checking dynamic instead of hardcoding specific axe versions

Reviewed Changes

Copilot reviewed 14 out of 20 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
tests/site-with-errors.test.ts	Made tests version-agnostic by validating problemUrl structure instead of exact URLs
action.yml	Added rsync step to make sub-actions referenceable locally and updated action references to use local paths
.github/actions/gh-cache/cache/action.yml	Added rsync step and updated sub-action references to use local paths; fixed quote style
.github/workflows/test.yml	Updated action references to use local paths
.github/actions/find/src/index.ts	Changed log message from "Scanning" to "Preparing to scan"
.github/actions/find/src/findForUrl.ts	Added console.log for actual URL being scanned
.github/actions/auth/src/index.ts	Updated regex pattern to match "user name" and "username" variations
.github/dependabot.yml	Restructured configuration to use directories and groups for better dependency management
package.json, package-lock.json	Updated vitest, @types/node, @octokit/types and esbuild dependencies
sites/site-with-errors/Gemfile*	Updated puma from 7.0 to 7.1
.github/actions//package.json	Updated @types/node, playwright, and @axe-core/playwright dependencies

Files not reviewed (4)

.github/actions/auth/package-lock.json: Language not supported
.github/actions/file/package-lock.json: Language not supported
.github/actions/find/package-lock.json: Language not supported
.github/actions/fix/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

action.yml

.github/actions/gh-cache/cache/action.yml

.github/actions/find/src/findForUrl.ts

smockle and others added 30 commits October 12, 2025 14:50

fix: Fix escaping and parsing issues in the v1-to-v2 cache migration …

62f2bb4

…step

fix: Output compact (one-line) JSON

7c3515d

fix: Output compact (one-line) JSON (#11)

69cb82c

Follow-up to #10 This PR updates the “normalize_cache” step to output compact (one-line) JSON, since a GitHub Actions output cannot span multiple lines.

fix: Read the 'cached_filings' input, not 'cached_results'

4e07ed4

Initial plan

d8d4636

Update main branch test.yml to delete PR branches during cleanup

dfa77d4

Co-authored-by: smockle <3104489+smockle@users.noreply.github.com>

Simplify PR branch deletion by using URL directly with gh pr view

c549705

Address PR feedback: move branch extraction after PR close, use env v…

0929417

…ariable for testing repo Co-authored-by: smockle <3104489+smockle@users.noreply.github.com>

Update .github/workflows/test.yml

cd8d555

Update .github/workflows/test.yml

945f8d9

Use gh api instead of git push for better authentication context

8f459be

Co-authored-by: smockle <3104489+smockle@users.noreply.github.com>

fix(Find): Replace single quotes in the 'html' field because they bre…

02c7b99

…ak single-quoted shell strings

smockle and others added 22 commits October 30, 2025 09:45

feat: Restore relative paths to sub-actions in composite actions’ 'us…

e879f9c

…es'. This commit’s approach _should_ make the action runnable with 'uses: github/accessibility-scanner@main', without 'action not found at path'-type errors.

fix: Copy directory contents

96cab59

fix: Create destination directory (it it doesn’t exist) before copyin…

a69e694

…g files into it

tmp: Add logging

f7eb28c

tmp: Add logging

7751aa6

fix: Copy .github/actions directory contents

81cd671

fix: Copy .github/actions directory contents

3e6b80b

tmp: Add logging

2aaec76

fix: Copy .github/actions directory contents

ec368b7

fix: Use 'rsync -a' instead of 'cp -Rf' to avoid exiting 1 on 'src an…

74e1464

…d dest are identical (not copied)'

Merge branch 'main' into dependabot/npm_and_yarn/dot-github/actions/f…

43e5a8f

…ind/axe-core/playwright-4.11.0

fix: Ignore axe version when checking 'problemUrl', so axe version up…

81ae702

…dates don’t fail our tests

Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-and-patch-…

5256a45

…90aa8db967

fix: Find username fields labelled 'user name'

5f7a22d

fix: Find username fields labelled 'user name' (#60)

ab56219

Part of github/continuous-ai-for-accessibility#80 (Hubber access only)

chore: Merge 'main' into 'v2'

b826dda

smockle requested a review from a team as a code owner November 4, 2025 15:00

smockle requested review from accessibility-bot and Copilot November 4, 2025 15:00

smockle mentioned this pull request Nov 4, 2025

chore: Merge main into v2 #64

Closed

Copilot AI reviewed Nov 4, 2025

View reviewed changes

action.yml Show resolved Hide resolved

.github/actions/gh-cache/cache/action.yml Show resolved Hide resolved

.github/actions/find/src/findForUrl.ts Show resolved Hide resolved

abdulahmad307 approved these changes Nov 4, 2025

View reviewed changes

smockle merged commit ef29f6f into v2 Nov 4, 2025
11 checks passed

smockle deleted the smockle/v2/backport-main branch November 4, 2025 15:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore: Merge `main` into `v2` #68

chore: Merge `main` into `v2` #68

Uh oh!

smockle commented Nov 4, 2025

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

chore: Merge main into v2 #68

chore: Merge main into v2 #68

Uh oh!

Conversation

smockle commented Nov 4, 2025

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Reviewed Changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

chore: Merge `main` into `v2` #68

chore: Merge `main` into `v2` #68