chore(deps): update jamesives/github-pages-deploy-action action to v4.7.4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
JamesIves/github-pages-deploy-action	action	minor	4.1.9 -> v4.7.4

---

Release Notes

JamesIves/github-pages-deploy-action (JamesIves/github-pages-deploy-action)

v4.7.4

Compare Source

What's Changed

Bug Fixes 🐛

• fix: Silence chmod failures on read-only folders by @​Copilot in #​1913
• fix integration tests failing on Debian Buster EOL (#​1918) by @​JamesIves in #​1919

Build 🔧

• build(deps): bump @​octokit/request-error from 5.1.0 to 5.1.1 by @​dependabot[bot] in #​1812
• build(deps): bump @​octokit/plugin-paginate-rest from 9.2.1 to 9.2.2 by @​dependabot[bot] in #​1814
• build(deps): bump @​octokit/endpoint from 9.0.5 to 9.0.6 by @​dependabot[bot] in #​1815
• build(deps): bump the misc group across 1 directory with 12 updates by @​dependabot[bot] in #​1824
• build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @​dependabot[bot] in #​1834
• build(deps): bump the misc group across 1 directory with 6 updates by @​dependabot[bot] in #​1833
• build(deps): bump typescript-eslint from 8.31.0 to 8.31.1 in the typescript group by @​dependabot[bot] in #​1836
• build(deps-dev): bump the eslint group with 2 updates by @​dependabot[bot] in #​1835
• build(deps-dev): bump eslint from 9.25.1 to 9.26.0 in the misc group by @​dependabot[bot] in #​1837
• build(deps-dev): bump the eslint group across 1 directory with 3 updates by @​dependabot[bot] in #​1839
• build(deps): bump the misc group across 1 directory with 4 updates by @​dependabot[bot] in #​1843
• build(deps-dev): bump eslint-config-prettier from 10.1.3 to 10.1.5 in the eslint group by @​dependabot[bot] in #​1844
• build(deps-dev): bump @​types/node from 22.15.16 to 22.15.17 in the misc group by @​dependabot[bot] in #​1845
• build(deps): bump typescript-eslint from 8.32.0 to 8.32.1 in the typescript group by @​dependabot[bot] in #​1847
• build(deps-dev): bump the eslint group with 2 updates by @​dependabot[bot] in #​1846
• build(deps-dev): bump @​types/node from 22.15.17 to 22.15.18 in the misc group by @​dependabot[bot] in #​1848
• build(deps): bump codecov/codecov-action from 5.3.1 to 5.4.3 by @​dependabot[bot] in #​1850
• build(deps): bump the misc group across 1 directory with 4 updates by @​dependabot[bot] in #​1851
• build(deps): bump webfactory/ssh-agent from 0.9.0 to 0.9.1 by @​dependabot[bot] in #​1825
• build(deps-dev): bump @​types/node from 22.15.19 to 22.15.21 in the misc group by @​dependabot[bot] in #​1852
• build(deps-dev): bump @​types/node from 22.15.21 to 22.15.23 in the misc group by @​dependabot[bot] in #​1856
• build(deps): bump typescript-eslint from 8.32.1 to 8.33.0 in the typescript group by @​dependabot[bot] in #​1855
• build(deps-dev): bump the eslint group with 3 updates by @​dependabot[bot] in #​1854
• build(deps-dev): bump the misc group across 1 directory with 3 updates by @​dependabot[bot] in #​1859
• build(deps): bump the misc group across 1 directory with 7 updates by @​dependabot[bot] in #​1864
• build(deps-dev): bump the eslint group with 2 updates by @​dependabot[bot] in #​1865
• build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @​dependabot[bot] in #​1883
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​1884
• build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @​dependabot[bot] in #​1886
• build(deps): bump codecov/codecov-action from 5.4.3 to 5.5.1 by @​dependabot[bot] in #​1889
• build(deps): bump typescript-eslint from 8.33.1 to 8.44.0 in the typescript group by @​dependabot[bot] in #​1898
• build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by @​dependabot[bot] in #​1904
• build(deps): bump typescript-eslint from 8.44.1 to 8.45.0 in the typescript group by @​dependabot[bot] in #​1901
• build(deps-dev): bump jest-circus from 29.7.0 to 30.1.3 in the jest group by @​dependabot[bot] in #​1900
• build(deps): bump the eslint group with 6 updates by @​dependabot[bot] in #​1899
• build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @​dependabot[bot] in #​1909
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in #​1908
• build(deps): bump the eslint group with 3 updates by @​dependabot[bot] in #​1907
• build(deps): bump typescript-eslint from 8.45.0 to 8.46.1 in the typescript group by @​dependabot[bot] in #​1905
• build(deps): bump @​actions/io from 1.1.3 to 2.0.0 in the actions group by @​dependabot[bot] in #​1912
• build(deps): bump typescript-eslint from 8.46.2 to 8.46.3 in the typescript group by @​dependabot[bot] in #​1914
• build(deps): bump the eslint group across 1 directory with 3 updates by @​dependabot[bot] in #​1915

Other Changes

• Add comprehensive GitHub Copilot instructions for development workflow by @​Copilot in #​1894

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.7.4

v4.7.3

Compare Source

What's Changed

Build 🔧

• build(deps-dev): bump prettier from 3.4.1 to 3.4.2 in the misc group by @​dependabot in #​1760
• build(deps-dev): bump the eslint group with 2 updates by @​dependabot in #​1759
• build(deps): bump codecov/codecov-action from 5.0.7 to 5.1.1 by @​dependabot in #​1761
• build(deps): bump typescript-eslint from 8.17.0 to 8.18.0 in the typescript group by @​dependabot in #​1764
• build(deps-dev): bump @​types/node from 22.10.1 to 22.10.2 in the misc group by @​dependabot in #​1765
• build(deps-dev): bump the eslint group with 2 updates by @​dependabot in #​1763
• build(deps-dev): bump eslint from 9.16.0 to 9.17.0 in the misc group by @​dependabot in #​1767
• build(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2 by @​dependabot in #​1770
• build(deps): bump typescript-eslint from 8.18.0 to 8.19.0 in the typescript group across 1 directory by @​dependabot in #​1778
• build(deps-dev): bump the eslint group across 1 directory with 3 updates by @​dependabot in #​1779
• build(deps-dev): bump @​types/node from 22.10.2 to 22.10.5 in the misc group across 1 directory by @​dependabot in #​1781
• build(deps-dev): bump typescript from 5.7.2 to 5.7.3 in the misc group by @​dependabot in #​1788
• build(deps-dev): bump the eslint group with 2 updates by @​dependabot in #​1787
• build(deps): bump typescript-eslint from 8.19.0 to 8.19.1 in the typescript group by @​dependabot in #​1786
• build(deps): bump undici from 5.28.4 to 5.28.5 by @​dependabot in #​1796
• build(deps): bump codecov/codecov-action from 5.1.2 to 5.3.1 by @​dependabot in #​1801

Other Changes

• fix unexpected input attempt-limit warning annotation by @​databasedav in #​1806

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.7.3

v4.7.2

Compare Source

What's Changed

Bug Fixes 🐝

• fix: enable rsync mkpath to be backwards compatible with older Ubuntu versions by @​JamesIves in #​1757

Build 🔧

• build(deps): bump the misc group across 1 directory with 2 updates by @​dependabot in #​1756

Full Changelog: JamesIves/github-pages-deploy-action@v4.7.1...v4.7.2

v4.7.1

Compare Source

What's Changed

Features ✨

• feat: when target-folder is specified the action will now create any missing folders for you by @​databasedav in #​1737

New Contributors

• @​databasedav made their first contribution in #​1737

Full Changelog: JamesIves/github-pages-deploy-action@v4.6.6...v4.7.1

v4.7.0

Compare Source

What's Changed

Features ✨

• feat: added the option to specify an atttempt-limit input, giving you the option to change how many attempts the action will make before failing by @​databasedav in #​1737

Build 🔧

• build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 by @​dependabot in #​1710
• chore(deps): update dependencies by @​JamesIves in #​1732
• build(deps): bump typescript-eslint from 8.13.0 to 8.14.0 in the typescript group by @​dependabot in #​1734
• build(deps-dev): bump the eslint group with 2 updates by @​dependabot in #​1733
• build(deps): bump the misc group across 1 directory with 6 updates by @​dependabot in #​1743
• build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.7 by @​dependabot in #​1745

New Contributors

• @​databasedav made their first contribution in #​1737

Full Changelog: JamesIves/github-pages-deploy-action@v4.6.6...v4.7.0

v4.6.9

Compare Source

What's Changed

Dependencies 🤖

• chore(deps): mass bump dependencies
• chore(deps): switch to using .node-version instead of .nvmrc for Node dependency management.
• chore(deps): updated node version to 22.11.0 for development

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.6.9

v4.6.8

Compare Source

What's Changed

Bug Fixes 🐝

• fix: 🐛 Added the temp deployment directory created by the action to the git safe directory list. This resolves an issue in certain circumstances where the deployment would fail depending on the types of files moved around by the workflow - #​1694.
• fix: Resolved a rare deployment error where the action would complain that origin/${branch_name} is not a commit and a branch cannot be created from it. The action will continue to attempt to track the origin branch, but if this step fails, it will create a new untracked branch to continue the deployment from. - #​1689.

Testing 🧪

• test: 🧪 Improved the integration test suite so it now runs immediately post-release to ensure that any issues do no longer in the major version tag (ie @​v4). This was done to combat problems raised by #​1697.

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.6.8

v4.6.7

Compare Source

What's Changed

Bug Fixes 🐝

• fix: resolved an issue where main.js was not found in the v4 major tag.

v4.6.6

Compare Source

What's Changed

Bug Fixes 🐝

• revert: reverts a prior change that unsets safe directories to prevent dubious ownership, this change will be re-visited later.

v4.6.5

Compare Source

What's Changed

What's Changed

Bug Fixes 🐝

• fix: resolved an issue where the full working directory was not properly getting added to the safe directory list, preventing deployments in certain circumstances.

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.6.5

v4.6.4

Compare Source

What's Changed

What's Changed

Bug Fixes 🐝

• fix: resolved an issue where the default config was not being applied to the non-action version of the project.

Build 🔧

• build(deps): bump actions/checkout from 3 to 4 by @​dependabot in #​1639
• build(deps): bump the misc group across 1 directory with 6 updates by @​dependabot in #​1642
• build(deps): bump the misc group across 1 directory with 8 updates by @​dependabot in #​1648
• build(deps-dev): bump ts-jest from 29.2.2 to 29.2.3 in the misc group by @​dependabot in #​1649
• build(deps): bump micromatch from 4.0.4 to 4.0.8 by @​dependabot in #​1679

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.6.4

v4.6.3

Compare Source

What's Changed

Build 🔧

• Consolidated a number of build scripts to make publishing easier.

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.6.3

v4.6.2

Compare Source

What's Changed

Dependencies 🤖

• build(deps-dev): bump the misc group across 1 directory with 2 updates by @​dependabot in #​1602
• build(deps): bump codecov/codecov-action from 4.4.0 to 4.5.0 by @​dependabot in #​1614
• build(deps): bump braces from 3.0.2 to 3.0.3 by @​dependabot in #​1615
• build(deps-dev): bump the misc group with 3 updates by @​dependabot in #​1613
• build(deps-dev): bump the misc group across 1 directory with 4 updates by @​dependabot in #​1635
• build(deps): bump typescript-eslint from 7.9.0 to 7.15.0 in the typescript group across 1 directory by @​dependabot in #​1634
• build(deps-dev): bump the eslint group across 1 directory with 3 updates by @​dependabot in #​1637

Full Changelog: JamesIves/github-pages-deploy-action@v4.6.1...v4.6.2

v4.6.1

Compare Source

What's Changed

Fixes

• Resolved an issue where workflows were suddenly failing due to a worktree in use error. The action will now attempt to create a temp branch name if the existing branch name is already checked out by a prior to step to ensure it can occur. This issue was only occurring in a handful of workflows, and likely stemmed from a git version change on the official GitHub runners. The actual root cause is still somewhat unknown.

Dependencies

• build(deps-dev): bump eslint-plugin-jest from 28.2.0 to 28.5.0 by @​dependabot in #​1577
• build(deps): bump @​eslint/js from 9.0.0 to 9.2.0 by @​dependabot in #​1576
• build(deps-dev): bump eslint from 9.0.0 to 9.2.0 by @​dependabot in #​1575
• build(deps): bump typescript-eslint from 7.7.0 to 7.8.0 by @​dependabot in #​1569
• build(deps-dev): bump @​types/node from 20.12.7 to 20.12.9 by @​dependabot in #​1578
• build(deps-dev): bump @​types/node from 20.12.9 to 20.12.10 by @​dependabot in #​1579
• build(deps-dev): bump rimraf from 5.0.5 to 5.0.7 by @​dependabot in #​1583
• build(deps): bump codecov/codecov-action from 4.3.0 to 4.4.0 by @​dependabot in #​1588
• build(deps): bump typescript-eslint from 7.8.0 to 7.9.0 by @​dependabot in #​1586
• build(deps): bump the eslint group with 3 updates by @​dependabot in #​1592
• build(deps-dev): bump the misc group with 2 updates by @​dependabot in #​1593

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.6.1

v4.6.0

Compare Source

What's Changed

• Check for fatal on every line of stderr of the git command by @​ben-z in #​1551
• Migrated to eslint v9
• build(deps): bump github/codeql-action from 2 to 3 by @​dependabot in #​1488
• Bump @​babel/traverse from 7.8.3 to 7.23.2 by @​dependabot in #​1460
• build(deps-dev): bump eslint-plugin-jest from 27.2.3 to 27.6.0 by @​dependabot in #​1469
• build(deps-dev): bump @​types/node from 20.10.0 to 20.11.6 by @​dependabot in #​1507
• build(deps-dev): bump eslint-plugin-jest from 27.6.0 to 27.6.3 by @​dependabot in #​1501
• build(deps-dev): bump @​types/node from 20.11.6 to 20.11.13 by @​dependabot in #​1513
• build(deps): bump codecov/codecov-action from 3.1.4 to 3.1.6 by @​dependabot in #​1512
• Bump @​actions/core from 1.10.0 to 1.10.1 by @​dependabot in #​1434
• Bump codecov/codecov-action from 3.1.6 to 4.0.0 by @​dependabot in #​1515
• Bump @​types/node from 20.11.13 to 20.11.16 by @​dependabot in #​1516
• Bump codecov/codecov-action from 4.0.0 to 4.0.1 by @​dependabot in #​1517
• Bump @​types/node from 20.11.16 to 20.11.22 by @​dependabot in #​1534
• Bump @​types/node from 20.11.22 to 20.11.25 by @​dependabot in #​1537
• Bump codecov/codecov-action from 4.0.1 to 4.1.0 by @​dependabot in #​1532
• Bump eslint-plugin-jest from 27.6.3 to 27.9.0 by @​dependabot in #​1526
• Bump webfactory/ssh-agent from 0.8.0 to 0.9.0 by @​dependabot in #​1520
• Bump actions/checkout in README by @​verhovsky in #​1523
• Bump codecov/codecov-action from 4.1.0 to 4.1.1 by @​dependabot in #​1547
• Bump @​types/node from 20.11.25 to 20.11.30 by @​dependabot in #​1545
• Bump @​types/node from 20.11.30 to 20.12.2 by @​dependabot in #​1550
• Bump @​types/node from 20.12.2 to 20.12.3 by @​dependabot in #​1552
• Bump @​types/node from 20.12.3 to 20.12.6 by @​dependabot in #​1557
• Bump codecov/codecov-action from 4.1.1 to 4.3.0 by @​dependabot in #​1559
• Bump @​types/node from 20.12.6 to 20.12.7 by @​dependabot in #​1558
• Bump @​actions/github from 5.1.1 to 6.0.0 by @​dependabot in #​1455
• build(deps): bump actions/upload-artifact from 3 to 4 by @​dependabot in #​1490
• build(deps): bump actions/download-artifact from 3 to 4 by @​dependabot in #​1489

New Contributors

• @​verhovsky made their first contribution in #​1523
• @​ben-z made their first contribution in #​1551

Full Changelog: JamesIves/github-pages-deploy-action@v4.5.0...v4.6.0

v4.5.0

Compare Source

What's Changed

• The action is now built and run on Node 20.
• Bump @​types/node from 20.4.1 to 20.4.2 by @​dependabot in #​1399
• Bump eslint-plugin-jest from 27.2.2 to 27.2.3 by @​dependabot in #​1400
• Bump word-wrap from 1.2.3 to 1.2.4 by @​dependabot in #​1401
• Bump eslint-config-prettier from 8.8.0 to 8.9.0 by @​dependabot in #​1405
• Bump @​types/node from 20.4.2 to 20.4.9 by @​dependabot in #​1413
• Bump eslint-config-prettier from 8.9.0 to 9.0.0 by @​dependabot in #​1410
• Upgrade Node for security by @​nickmccurdy in #​1437
• doc: .gitignore matches not being deployed by @​sgasse in #​1459
• build(deps): bump actions/setup-node from 3 to 4 by @​dependabot in #​1467
• build(deps-dev): bump @​types/node from 20.4.9 to 20.9.0 by @​dependabot in #​1474
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1429
• build(deps-dev): bump @​types/node from 20.9.0 to 20.10.0 by @​dependabot in #​1479

New Contributors

• @​sgasse made their first contribution in #​1459

Full Changelog: JamesIves/github-pages-deploy-action@v4.4.3...v4.5.0

v4.4.3

Compare Source

What's Changed

• Bump @​types/node from 18.8.0 to 18.8.4 by @​dependabot in #​1239
• Bump webfactory/ssh-agent from 0.5.4 to 0.7.0 by @​dependabot in #​1252
• Bump @​types/node from 18.8.4 to 18.11.9 by @​dependabot in #​1262
• Bump eslint-plugin-jest from 27.0.4 to 27.1.5 by @​dependabot in #​1268
• Bump @​types/node from 18.11.9 to 18.11.10 by @​dependabot in #​1276
• Bump @​types/node from 18.11.10 to 18.11.13 by @​dependabot in #​1283
• Bump eslint-config-prettier from 8.5.0 to 8.6.0 by @​dependabot in #​1293
• Bump json5 from 2.1.1 to 2.2.3 by @​dependabot in #​1294
• Bump minimatch from 3.0.4 to 3.1.2 by @​dependabot in #​1270
• Bump decode-uri-component from 0.2.0 to 0.2.2 by @​dependabot in #​1277
• Bump typescript from 4.8.4 to 4.9.4 by @​dependabot in #​1281
• Bump eslint-plugin-jest from 27.1.5 to 27.2.1 by @​dependabot in #​1296
• Bump rimraf from 3.0.2 to 4.1.2 by @​dependabot in #​1307
• Bump typescript from 4.9.4 to 4.9.5 by @​dependabot in #​1311
• Bump codecov/codecov-action from 3.1.1 to 3.1.2 by @​dependabot in #​1353
• Bump @​types/node from 18.11.13 to 18.16.3 by @​dependabot in #​1361
• Bump codecov/codecov-action from 3.1.2 to 3.1.4 by @​dependabot in #​1372
• Bump @​actions/io from 1.1.2 to 1.1.3 by @​dependabot in #​1339
• Bump prettier from 2.7.1 to 2.8.8 by @​dependabot in #​1357
• Bump @​types/node from 18.16.3 to 20.2.3 by @​dependabot in #​1380
• Bump webfactory/ssh-agent from 0.7.0 to 0.8.0 by @​dependabot in #​1348
• Bump eslint-config-prettier from 8.6.0 to 8.8.0 by @​dependabot in #​1342
• Bump @​types/node from 20.2.3 to 20.2.4 by @​dependabot in #​1381
• Bump @​types/node from 20.2.4 to 20.2.5 by @​dependabot in #​1383
• Bump @​types/node from 20.2.5 to 20.3.1 by @​dependabot in #​1385
• Bump eslint-plugin-jest from 27.2.1 to 27.2.2 by @​dependabot in #​1386
• Bump @​types/node from 20.3.1 to 20.3.2 by @​dependabot in #​1387
• Bump @​types/node from 20.3.2 to 20.3.3 by @​dependabot in #​1389
• Bump semver from 5.7.1 to 5.7.2 by @​dependabot in #​1396
• Bump tough-cookie from 4.0.0 to 4.1.3 by @​dependabot in #​1394
• Bump @​types/node from 20.3.3 to 20.4.1 by @​dependabot in #​1395

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.4.3

v4.4.2

Compare Source

What's Changed

• Dependency updates

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.4.2

v4.4.1

Compare Source

What's Changed

• The action now fully runs on Node 16. (Thank you @​nickmccurdy)

Changelog

• Bump eslint-plugin-jest from 26.5.3 to 26.7.0 by @​dependabot in #​1177
• Bump @​types/node from 18.0.6 to 18.6.3 by @​dependabot in #​1178
• Bump @​actions/core from 1.9.0 to 1.9.1 by @​dependabot in #​1186
• Bump eslint-plugin-jest from 26.7.0 to 26.8.3 by @​dependabot in #​1193
• Bump @​types/node from 18.6.3 to 18.7.6 by @​dependabot in #​1195
• Typographical Error by @​sojinsamuel in #​1197
• Typographical Error by @​sojinsamuel in #​1198
• Bump eslint-plugin-jest from 26.8.3 to 26.8.7 by @​dependabot in #​1200
• Bump @​types/node from 18.7.6 to 18.7.13 by @​dependabot in #​1202
• Bump typescript from 4.7.4 to 4.8.3 by @​dependabot in #​1215
• Bump eslint-plugin-jest from 26.8.7 to 27.0.4 by @​dependabot in #​1216
• Bump @​types/node from 18.7.13 to 18.7.18 by @​dependabot in #​1219
• Bump codecov/codecov-action from 3.1.0 to 3.1.1 by @​dependabot in #​1220
• Use Node 16 by @​nickmccurdy in #​1221
• Bump @​types/node from 18.7.18 to 18.8.0 by @​dependabot in #​1233
• Bump typescript from 4.8.3 to 4.8.4 by @​dependabot in #​1227
• Bump @​actions/core from 1.9.1 to 1.10.0 by @​dependabot in #​1230
• Bump @​actions/github from 5.0.3 to 5.1.1 by @​dependabot in #​1232

New Contributors

• @​sojinsamuel made their first contribution in #​1197

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.4.1

v4.4.0

Compare Source

What's Changed

• Adding tag option to action by @​germa89 in #​1142 - this can be used by applying a version number to your workflow. You can source this input via a workflow variable to dynamically add a tag to a branch on each deployment. You can find more information about how to use this field in the readme.
• fix: 🐛 Fixes an issue where informational messages are throwing errors by in #​1168
• Bump eslint-plugin-prettier from 4.0.0 to 4.2.1 by @​dependabot in #​1159
• Bump @​types/node from 18.0.0 to 18.0.6 by @​dependabot in #​1169

New Contributors

• @​germa89 made their first contribution in #​1142

Sponsors ❤️

• Special thanks to @​github for their generous sponsorship contributions.

  

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.4.0

v4.3.4

Compare Source

Minor Changes

• The branch parameter is no longer required. It now defaults to gh-pages.
• Linting scripts have been updated to ensure that everything across the repo gets picked up.
• Numerous dependency updates.

New Contributors

• @​nickmccurdy made their first contribution in #​1155

Sponsors ❤️

• Special thanks to @​github for their generous sponsorship contributions.

  

Full Changelog: JamesIves/github-pages-deploy-action@v4...v4.3.4

v4.3.3

[Compare Source]

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: npm cipher-base is missing type checks, leading to hash rewind and passing on crafted data CVE: GHSA-cpq7-6gpm-g9rc cipher-base is missing type checks, leading to hash rewind and passing on crafted data (CRITICAL) Affected versions: < 1.0.5 Patched version: 1.0.5 From: ? → npm/cipher-base@1.0.4 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cipher-base@1.0.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: npm ejs template injection vulnerability CVE: GHSA-phwq-j96m-2c2q ejs template injection vulnerability (CRITICAL) Affected versions: < 3.1.7 Patched version: 3.1.7 From: ? → npm/ejs@2.7.4 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ejs@2.7.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) CVE: GHSA-vjh7-7g9h-fjfh Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) (CRITICAL) Affected versions: < 6.6.1 Patched version: 6.6.1 From: ? → npm/elliptic@6.5.4 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/elliptic@6.5.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: Exposure of Sensitive Information in npm eventsource CVE: GHSA-6h5x-7c5m-7cr7 Exposure of Sensitive Information in eventsource (CRITICAL) Affected versions: < 1.1.1; >= 2.0.0 < 2.0.2 Patched version: 1.1.1 From: ? → npm/eventsource@1.1.0 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eventsource@1.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: npm form-data uses unsafe random function in form-data for choosing boundary CVE: GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundary (CRITICAL) Affected versions: < 2.5.4; >= 3.0.0 < 3.0.4; >= 4.0.0 < 4.0.4 Patched version: 3.0.4 From: ? → npm/form-data@3.0.1 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/form-data@3.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm buffer is 96.0% likely obfuscated Confidence: 0.96 Location: Package overview From: ? → npm/buffer@4.9.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/buffer@4.9.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Protestware or unwanted behavior: npm es5-ext Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale From: ? → npm/es5-ext@0.10.58 ℹ Read more on: This package | This alert | What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es5-ext@0.10.58. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Protestware or unwanted behavior: npm es5-ext Note: The script attempts to run a local '_postinstall' script, but it does so in a way that suppresses errors. This could potentially hide malicious behavior if '_postinstall' contains harmful code. From: ? → npm/es5-ext@0.10.58 ℹ Read more on: This package | This alert | What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es5-ext@0.10.58. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report