Bump eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 (#617)

* Bump eslint-config-prettier from 10.0.1 to 10.1.8

---
updated-dependencies:
- dependency-name: eslint-config-prettier
  dependency-version: 10.1.8
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* doc update

* doc update

* update

* doc update

* doc update

* doc update

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

.github/ISSUE_TEMPLATE/bug_report.md

@@ -7,7 +7,7 @@ assignees: ''
 
 ---
 
-<!--- Please direct any generic questions related to actions to our support community forum at https://github.community/c/code-to-cloud/github-actions/41 --->
+<!--- Please direct any generic questions related to actions to our support community forum at https://github.com/orgs/community/discussions/categories/actions --->
 <!--- Before opening up a new bug report, please make sure to check for similar existing issues -->
 
 **Description:**

.github/ISSUE_TEMPLATE/feature_request.md

@@ -5,7 +5,7 @@ title: ''
 labels: feature request, needs triage
 assignees: ''
 ---
-<!--- Please direct any generic questions related to actions to our support community forum at https://github.community/c/code-to-cloud/github-actions/41 --->
+<!--- Please direct any generic questions related to actions to our support community forum at https://github.com/orgs/community/discussions/categories/actions --->
 <!--- Before opening up a new feature request, please make sure to check for similar existing issues and pull requests -->
 
 **Description:**

.github/dependabot.yml

@@ -0,0 +1,22 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  # Enable version updates for npm
+  - package-ecosystem: 'npm'
+    # Look for `package.json` and `lock` files in the `root` directory
+    directory: '/'
+    # Check the npm registry for updates every day (weekdays)
+    schedule:
+      interval: 'weekly'
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: 'github-actions'
+    # Workflow files stored in the default location of `.github/workflows`
+    # You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.
+    directory: '/'
+    schedule:
+      interval: 'weekly'

.github/workflows/basic-validation.yml

@@ -14,3 +14,5 @@ jobs:
   call-basic-validation:
     name: Basic validation
     uses: actions/reusable-workflows/.github/workflows/basic-validation.yml@main
+    with:
+      node-version: '24.x'

.github/workflows/check-dist.yml

@@ -15,3 +15,5 @@ jobs:
   call-check-dist:
     name: Check dist/
     uses: actions/reusable-workflows/.github/workflows/check-dist.yml@main
+    with:
+      node-version: '24.x'

.github/workflows/publish-immutable-actions.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checking out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Publish
         id: publish
         uses: actions/publish-immutable-action@v0.0.4

.github/workflows/release-new-action-version.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Update the ${{ env.TAG_NAME }} tag
-        uses: actions/publish-action@v0.2.2
+        uses: actions/publish-action@v0.3.0
         with:
           source-tag: ${{ env.TAG_NAME }}
           slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/versions.yml

@@ -18,9 +18,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go Stable
         uses: ./
         with:
@@ -33,9 +33,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go oldStable
         uses: ./
         with:
@@ -48,14 +48,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
         version: [stable, oldstable]
         architecture: [x64, x32]
         exclude:
           - os: macos-latest
             architecture: x32
+          - os: macos-13
+            architecture: x32
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go ${{ matrix.version }} ${{ matrix.architecture }}
         uses: ./
         with:
@@ -70,11 +72,17 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
+        os: [macos-latest, windows-latest, ubuntu-latest, macos-13]
-        go: [1.17, 1.18, 1.19]
+        go: [1.21.13, 1.22.8, 1.23.2]
+        include:
+          - os: windows-latest
+            go: 1.20.14
+        exclude:
+          - os: windows-latest
+            go: 1.23.2
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
 
       - name: setup-go ${{ matrix.go }}
         uses: ./
@@ -90,10 +98,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
-        go-version: [1.16, 1.17]
+        go-version: ['1.20', '1.21', '1.22', '1.23']
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go and check latest
         uses: ./
         with:
@@ -107,15 +115,15 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-13]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go and check latest
         uses: ./
         with:
           go-version-file: __tests__/data/go.mod
       - name: verify go
-        run: __tests__/verify-go.sh 1.14
+        run: __tests__/verify-go.sh 1.20.14
         shell: bash
 
   go-version-file-with-gowork:
@@ -123,28 +131,27 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go and check latest
         uses: ./
         with:
           go-version-file: __tests__/data/go.work
       - name: verify go
-        run: __tests__/verify-go.sh 1.19
+        run: __tests__/verify-go.sh 1.21
         shell: bash
 
   setup-versions-from-manifest:
-    name: Setup ${{ matrix.go }} ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [macos-13, windows-latest, ubuntu-latest]
+        os: [macos-latest, windows-latest, ubuntu-latest, macos-13]
-        go: [1.12.16, 1.13.11, 1.14.3]
+        go: [1.20.14, 1.21.10, 1.22.8, 1.23.2]
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
 
       - name: setup-go ${{ matrix.go }}
         uses: ./
@@ -156,19 +163,15 @@ jobs:
         shell: bash
 
   setup-versions-from-dist:
-    name: Setup ${{ matrix.go }} ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [macos-13, windows-latest, ubuntu-latest]
+        os: [windows-latest, ubuntu-latest, macos-13]
-        go: [1.11.12, 1.8.6]
+        go: [1.11.12]
-        exclude:
-          - os: macos-13
-            go: 1.8.6
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
 
       - name: setup-go ${{ matrix.go }}
         uses: ./
@@ -184,14 +187,23 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
-        go-version: [1.16, 1.17]
+        go-version: [1.20.14, 1.21, 1.22, 1.23]
+        include:
+          - os: macos-latest
+            architecture: arm64
+          - os: ubuntu-latest
+            architecture: x64
+          - os: windows-latest
+            architecture: x64
+          - os: macos-13
+            architecture: x64
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go and check latest
         uses: ./
         with:
           go-version: ${{ matrix.go-version }}
-          architecture: x64
+          architecture: ${{ matrix.architecture }}
       - name: Verify Go
         run: go version

.github/workflows/windows-validation.yml

@@ -19,7 +19,7 @@ jobs:
         cache: [false, true]
         go: [1.20.1]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
 
       - name: 'Setup ${{ matrix.cache }}, cache: ${{ matrix.go }}'
         uses: ./
@@ -61,7 +61,7 @@ jobs:
             echo 'which go should return "/c/hostedtoolcache/windows/go/${{ matrix.go }}/x64/bin/go"'
             exit 1
           fi
-          if [ $(go env GOROOT) != 'C:\hostedtoolcache\windows\go\${{ matrix.go }}\x64' ];then 
+          if [ $(go env GOROOT) != 'C:\hostedtoolcache\windows\go\${{ matrix.go }}\x64' ];then
             echo 'go env GOROOT should return "C:\hostedtoolcache\windows\go\${{ matrix.go }}\x64"'
             exit 1
           fi
@@ -88,7 +88,7 @@ jobs:
       matrix:
         cache: [false, true]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
 
       - name: 'Setup default go, cache: ${{ matrix.cache }}'
         uses: ./
@@ -105,10 +105,32 @@ jobs:
           fi
         shell: bash
 
-      - name: 'Drive D: should not have Go installation, cache: ${{ matrix.cache}}'
+      - name: 'Drive D: should not have Go installation, cache: ${{ matrix.cache }}'
         run: |
           if [ -e 'D:\hostedtoolcache\windows\go\${{ needs.find-default-go.outputs.version }}\x64' ];then
             echo 'D:\hostedtoolcache\windows\go\${{ needs.find-default-go.outputs.version }}\x64 should not exist for hosted version of go';
             exit 1
           fi
         shell: bash
+
+  hostedtoolcache:
+    name: 'Validate if hostedtoolcache works as expected'
+    runs-on: windows-latest
+    strategy:
+      matrix:
+        cache: [false]
+        go: [1.20.1]
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: 'Setup ${{ matrix.go }}, cache: ${{ matrix.cache }}'
+        uses: ./
+        with:
+          go-version: ${{ matrix.go }}
+          cache: ${{ matrix.cache }}
+
+      - name: 'Setup ${{ matrix.go }}, cache: ${{ matrix.cache }} (from hostedtoolcache)'
+        uses: ./
+        with:
+          go-version: ${{ matrix.go }}
+          cache: ${{ matrix.cache }}

.licenses/npm/@actions/glob-0.5.0.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/glob"
-version: 0.2.1
+version: 0.5.0
 type: npm
 summary: Actions glob lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/glob

.licenses/npm/@actions/http-client-1.0.11.dep.yml

@@ -1,32 +0,0 @@
----
-name: "@actions/http-client"
-version: 1.0.11
-type: npm
-summary: Actions Http Client
-homepage: https://github.com/actions/http-client#readme
-license: mit
-licenses:
-- sources: LICENSE
-  text: |
-    Actions Http Client for Node.js
-
-    Copyright (c) GitHub, Inc.
-
-    All rights reserved.
-
-    MIT License
-
-    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
-    associated documentation files (the "Software"), to deal in the Software without restriction,
-    including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
-    and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
-    subject to the following conditions:
-
-    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
-    LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
-    NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-    WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-    SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-notices: []

.licenses/npm/@actions/http-client.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/http-client"
-version: 2.2.3
+version: 2.2.1
 type: npm
 summary: Actions Http Client
 homepage: https://github.com/actions/toolkit/tree/main/packages/http-client

.licenses/npm/@actions/io.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/io"
-version: 1.1.2
+version: 1.1.3
 type: npm
 summary: Actions io lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/io

.licenses/npm/@actions/tool-cache.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/tool-cache"
-version: 1.7.2
+version: 2.0.2
 type: npm
 summary: Actions tool-cache lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/tool-cache

.licenses/npm/@azure/core-auth.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/core-auth"
-version: 1.3.2
+version: 1.5.0
 type: npm
 summary: Provides low-level interfaces and helper methods for authentication in Azure
   SDK

.licenses/npm/@azure/core-http.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/core-http"
-version: 3.0.1
+version: 3.0.4
 type: npm
 summary: Isomorphic client Runtime for Typescript/node.js/browser javascript client
   libraries generated using AutoRest

.licenses/npm/@azure/core-lro.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/core-lro"
-version: 2.2.4
+version: 2.5.4
 type: npm
 summary: Isomorphic client library for supporting long-running operations in node.js
   and browser.

.licenses/npm/@azure/core-paging.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/core-paging"
-version: 1.2.1
+version: 1.5.0
 type: npm
 summary: Core types for paging async iterable iterators
 homepage: https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/core/core-paging/README.md

.licenses/npm/@azure/core-util.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/core-util"
-version: 1.3.1
+version: 1.6.1
 type: npm
 summary: Core library for shared utility methods
 homepage: https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/core/core-util/

.licenses/npm/@azure/logger.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/logger"
-version: 1.0.3
+version: 1.0.4
 type: npm
 summary: Microsoft Azure SDK for JavaScript - Logger
 homepage: https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/core/logger/README.md

.licenses/npm/@azure/storage-blob.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/storage-blob"
-version: 12.14.0
+version: 12.17.0
 type: npm
 summary: Microsoft Azure Storage SDK for JavaScript - Blob
 homepage: https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/storage/storage-blob/

.licenses/npm/@fastify/busboy.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@fastify/busboy"
-version: 2.1.1
+version: 2.1.0
 type: npm
 summary: A streaming parser for HTML form data for node.js
-homepage:
+homepage: 
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@opentelemetry/api.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@opentelemetry/api"
-version: 1.0.4
+version: 1.7.0
 type: npm
 summary: Public API for OpenTelemetry
-homepage: https://github.com/open-telemetry/opentelemetry-js-api#readme
+homepage: https://github.com/open-telemetry/opentelemetry-js/tree/main/api
 license: apache-2.0
 licenses:
 - sources: LICENSE
@@ -216,10 +216,8 @@ licenses:
     [opentelemetry-js]: https://github.com/open-telemetry/opentelemetry-js
 
     [discussions-url]: https://github.com/open-telemetry/opentelemetry-js/discussions
-    [license-url]: https://github.com/open-telemetry/opentelemetry-js-api/blob/main/LICENSE
+    [license-url]: https://github.com/open-telemetry/opentelemetry-js/blob/main/api/LICENSE
     [license-image]: https://img.shields.io/badge/license-Apache_2.0-green.svg?style=flat
-    [npm-url]: https://www.npmjs.com/package/@opentelemetry/api
+    [docs-tracing]: https://github.com/open-telemetry/opentelemetry-js/blob/main/doc/tracing.md
-    [npm-img]: https://badge.fury.io/js/%40opentelemetry%2Fapi.svg
+    [docs-sdk-registration]: https://github.com/open-telemetry/opentelemetry-js/blob/main/doc/sdk-registration.md
-    [docs-tracing]: https://github.com/open-telemetry/opentelemetry-js-api/blob/main/docs/tracing.md
-    [docs-sdk-registration]: https://github.com/open-telemetry/opentelemetry-js-api/blob/main/docs/sdk-registration.md
 notices: []

.licenses/npm/@protobuf-ts/plugin-framework.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@protobuf-ts/plugin-framework"
-version: 2.9.6
+version: 2.9.5
 type: npm
 summary: framework to create protoc plugins
 homepage: https://github.com/timostamm/protobuf-ts

.licenses/npm/@protobuf-ts/plugin.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@protobuf-ts/plugin"
-version: 2.9.6
+version: 2.9.5
 type: npm
 summary: The protocol buffer compiler plugin "protobuf-ts" generates TypeScript, gRPC-web,
   Twirp, and more.

.licenses/npm/@protobuf-ts/protoc.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@protobuf-ts/protoc"
-version: 2.9.6
+version: 2.9.5
 type: npm
 summary: Installs the protocol buffer compiler "protoc" for you.
 homepage: https://github.com/timostamm/protobuf-ts

.licenses/npm/@protobuf-ts/runtime-rpc.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@protobuf-ts/runtime-rpc"
-version: 2.9.6
+version: 2.9.5
 type: npm
 summary: Runtime library for RPC clients generated by the protoc plugin "protobuf-ts"
 homepage: https://github.com/timostamm/protobuf-ts

.licenses/npm/@protobuf-ts/runtime.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@protobuf-ts/runtime"
-version: 2.9.6
+version: 2.9.5
 type: npm
 summary: Runtime library for code generated by the protoc plugin "protobuf-ts"
 homepage: https://github.com/timostamm/protobuf-ts

.licenses/npm/@types/node-fetch.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@types/node-fetch"
-version: 2.6.3
+version: 2.6.9
 type: npm
 summary: TypeScript definitions for node-fetch
 homepage: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-fetch

.licenses/npm/@types/node.dep.yml

@@ -1,8 +1,8 @@
 ---
 name: "@types/node"
-version: 16.11.26
+version: 24.1.0
 type: npm
-summary: TypeScript definitions for Node.js
+summary: TypeScript definitions for node
 homepage: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node
 license: mit
 licenses:

.licenses/npm/brace-expansion.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: brace-expansion
-version: 1.1.11
+version: 1.1.12
 type: npm
 summary: Brace expansion as known from sh/bash
 homepage: https://github.com/juliangruber/brace-expansion

.licenses/npm/call-bind-apply-helpers.dep.yml

@@ -1,16 +1,16 @@
 ---
-name: "@azure/core-asynciterator-polyfill"
+name: call-bind-apply-helpers
 version: 1.0.2
 type: npm
-summary: Polyfill for IE/Node 8 for Symbol.asyncIterator
+summary: Helper functions around Function call/apply/bind, for use in `call-bind`
-homepage: https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/core/core-asynciterator-polyfill/README.md
+homepage: https://github.com/ljharb/call-bind-apply-helpers#readme
 license: mit
 licenses:
 - sources: LICENSE
   text: |
-    The MIT License (MIT)
+    MIT License
 
-    Copyright (c) 2020 Microsoft
+    Copyright (c) 2024 Jordan Harband
 
     Permission is hereby granted, free of charge, to any person obtaining a copy
     of this software and associated documentation files (the "Software"), to deal

.licenses/npm/dunder-proto.dep.yml

@@ -1,16 +1,16 @@
 ---
-name: uuid
+name: dunder-proto
-version: 3.4.0
+version: 1.0.1
 type: npm
-summary: RFC4122 (v1, v4, and v5) UUIDs
+summary: If available, the `Object.prototype.__proto__` accessor and mutator, call-bound
-homepage: https://github.com/uuidjs/uuid#readme
+homepage: https://github.com/es-shims/dunder-proto#readme
 license: mit
 licenses:
-- sources: LICENSE.md
+- sources: LICENSE
   text: |
-    The MIT License (MIT)
+    MIT License
 
-    Copyright (c) 2010-2016 Robert Kieffer and other contributors
+    Copyright (c) 2024 ECMAScript Shims
 
     Permission is hereby granted, free of charge, to any person obtaining a copy
     of this software and associated documentation files (the "Software"), to deal
@@ -29,11 +29,4 @@ licenses:
     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
     SOFTWARE.
-notices:
+notices: []
-- sources: AUTHORS
-  text: |-
-    Robert Kieffer <robert@broofa.com>
-    Christoph Tavan <dev@tavan.de>
-    AJ ONeal <coolaj86@gmail.com>
-    Vincent Voyer <vincent@zeroload.net>
-    Roman Shtylman <shtylman@gmail.com>

.licenses/npm/es-define-property.dep.yml

@@ -0,0 +1,32 @@
+---
+name: es-define-property
+version: 1.0.1
+type: npm
+summary: "`Object.defineProperty`, but not IE 8's broken one."
+homepage: https://github.com/ljharb/es-define-property#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/es-errors.dep.yml

@@ -0,0 +1,32 @@
+---
+name: es-errors
+version: 1.3.0
+type: npm
+summary: A simple cache for a few of the JS Error constructors.
+homepage: https://github.com/ljharb/es-errors#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/es-object-atoms.dep.yml

@@ -0,0 +1,32 @@
+---
+name: es-object-atoms
+version: 1.1.1
+type: npm
+summary: 'ES Object-related atoms: Object, ToObject, RequireObjectCoercible'
+homepage: https://github.com/ljharb/es-object-atoms#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/es-set-tostringtag.dep.yml

@@ -0,0 +1,32 @@
+---
+name: es-set-tostringtag
+version: 2.1.0
+type: npm
+summary: A helper to optimistically set Symbol.toStringTag, when possible.
+homepage: https://github.com/es-shims/es-set-tostringtag#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2022 ECMAScript Shims
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/form-data-2.5.5.dep.yml

@@ -1,10 +1,10 @@
 ---
 name: form-data
-version: 2.5.1
+version: 2.5.5
 type: npm
 summary: A library to create readable "multipart/form-data" streams. Can be used to
   submit forms and file uploads to other web applications.
-homepage: https://github.com/form-data/form-data#readme
+homepage: 
 license: mit
 licenses:
 - sources: License

.licenses/npm/form-data-4.0.0.dep.yml

@@ -1,33 +0,0 @@
----
-name: form-data
-version: 4.0.0
-type: npm
-summary: A library to create readable "multipart/form-data" streams. Can be used to
-  submit forms and file uploads to other web applications.
-homepage: https://github.com/form-data/form-data#readme
-license: mit
-licenses:
-- sources: License
-  text: |
-    Copyright (c) 2012 Felix Geisendörfer (felix@debuggable.com) and contributors
-
-     Permission is hereby granted, free of charge, to any person obtaining a copy
-     of this software and associated documentation files (the "Software"), to deal
-     in the Software without restriction, including without limitation the rights
-     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-     copies of the Software, and to permit persons to whom the Software is
-     furnished to do so, subject to the following conditions:
-
-     The above copyright notice and this permission notice shall be included in
-     all copies or substantial portions of the Software.
-
-     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-     THE SOFTWARE.
-- sources: Readme.md
-  text: Form-Data is released under the [MIT](License) license.
-notices: []

.licenses/npm/form-data-4.0.4.dep.yml

@@ -1,10 +1,10 @@
 ---
 name: form-data
-version: 3.0.1
+version: 4.0.4
 type: npm
 summary: A library to create readable "multipart/form-data" streams. Can be used to
   submit forms and file uploads to other web applications.
-homepage: https://github.com/form-data/form-data#readme
+homepage: 
 license: mit
 licenses:
 - sources: License
@@ -28,6 +28,6 @@ licenses:
      LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
      OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
      THE SOFTWARE.
-- sources: Readme.md
+- sources: README.md
   text: Form-Data is released under the [MIT](License) license.
 notices: []

.licenses/npm/function-bind.dep.yml

@@ -0,0 +1,31 @@
+---
+name: function-bind
+version: 1.1.2
+type: npm
+summary: Implementation of Function.prototype.bind
+homepage: https://github.com/Raynos/function-bind
+license: mit
+licenses:
+- sources: LICENSE
+  text: |+
+    Copyright (c) 2013 Raynos.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in
+    all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+    THE SOFTWARE.
+
+notices: []

.licenses/npm/get-intrinsic.dep.yml

@@ -0,0 +1,33 @@
+---
+name: get-intrinsic
+version: 1.3.0
+type: npm
+summary: Get and robustly cache all JS language-level intrinsics at first require
+  time
+homepage: https://github.com/ljharb/get-intrinsic#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2020 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/get-proto.dep.yml

@@ -0,0 +1,32 @@
+---
+name: get-proto
+version: 1.0.1
+type: npm
+summary: Robustly get the [[Prototype]] of an object
+homepage: https://github.com/ljharb/get-proto#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2025 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/gopd.dep.yml

@@ -0,0 +1,32 @@
+---
+name: gopd
+version: 1.2.0
+type: npm
+summary: "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation."
+homepage: https://github.com/ljharb/gopd#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2022 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/has-symbols.dep.yml

@@ -0,0 +1,32 @@
+---
+name: has-symbols
+version: 1.1.0
+type: npm
+summary: Determine if the JS environment has Symbol support. Supports spec, or shams.
+homepage: https://github.com/ljharb/has-symbols#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2016 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/has-tostringtag.dep.yml

@@ -0,0 +1,33 @@
+---
+name: has-tostringtag
+version: 1.0.2
+type: npm
+summary: Determine if the JS environment has `Symbol.toStringTag` support. Supports
+  spec, or shams.
+homepage: https://github.com/inspect-js/has-tostringtag#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2021 Inspect JS
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/hasown.dep.yml

@@ -0,0 +1,32 @@
+---
+name: hasown
+version: 2.0.2
+type: npm
+summary: A robust, ES3 compatible, "has own property" predicate.
+homepage: https://github.com/inspect-js/hasOwn#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) Jordan Harband and contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/math-intrinsics.dep.yml

@@ -0,0 +1,32 @@
+---
+name: math-intrinsics
+version: 1.1.0
+type: npm
+summary: ES Math-related intrinsics and helpers, robustly cached.
+homepage: https://github.com/es-shims/math-intrinsics#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 ECMAScript Shims
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/node-fetch.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: node-fetch
-version: 2.6.7
+version: 2.7.0
 type: npm
 summary: A light-weight module that brings window.fetch to node.js
 homepage: https://github.com/bitinn/node-fetch

.licenses/npm/safe-buffer.dep.yml

@@ -0,0 +1,34 @@
+---
+name: safe-buffer
+version: 5.2.1
+type: npm
+summary: Safer Node.js Buffer API
+homepage: https://github.com/feross/safe-buffer
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    The MIT License (MIT)
+
+    Copyright (c) Feross Aboukhadijeh
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in
+    all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+    THE SOFTWARE.
+- sources: README.md
+  text: MIT. Copyright (C) [Feross Aboukhadijeh](http://feross.org)
+notices: []

.licenses/npm/sax.dep.yml

@@ -1,16 +1,16 @@
 ---
 name: sax
-version: 1.2.4
+version: 1.3.0
 type: npm
 summary: An evented streaming XML parser in JavaScript
-homepage: https://github.com/isaacs/sax-js#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE
   text: |
     The ISC License
 
-    Copyright (c) Isaac Z. Schlueter and Contributors
+    Copyright (c) 2010-2022 Isaac Z. Schlueter and Contributors
 
     Permission to use, copy, modify, and/or distribute this software for any
     purpose with or without fee is hereby granted, provided that the above
@@ -29,7 +29,7 @@ licenses:
     `String.fromCodePoint` by Mathias Bynens used according to terms of MIT
     License, as follows:
 
-        Copyright Mathias Bynens <https://mathiasbynens.be/>
+    Copyright (c) 2010-2022 Mathias Bynens <https://mathiasbynens.be/>
 
         Permission is hereby granted, free of charge, to any person obtaining
         a copy of this software and associated documentation files (the

.licenses/npm/semver-6.3.1.dep.yml

@@ -3,7 +3,7 @@ name: semver
 version: 6.3.1
 type: npm
 summary: The semantic version parser used by npm.
-homepage: https://github.com/npm/node-semver#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/semver-7.7.1.dep.yml

@@ -0,0 +1,26 @@
+---
+name: semver
+version: 7.7.1
+type: npm
+summary: The semantic version parser used by npm.
+homepage:
+license: isc
+licenses:
+- sources: LICENSE
+  text: |
+    The ISC License
+
+    Copyright (c) Isaac Z. Schlueter and Contributors
+
+    Permission to use, copy, modify, and/or distribute this software for any
+    purpose with or without fee is hereby granted, provided that the above
+    copyright notice and this permission notice appear in all copies.
+
+    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+    IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+notices: []

.licenses/npm/tslib-2.3.1.dep.yml

@@ -1,35 +0,0 @@
----
-name: tslib
-version: 2.3.1
-type: npm
-summary: Runtime library for TypeScript helper functions
-homepage: https://www.typescriptlang.org/
-license: 0bsd
-licenses:
-- sources: LICENSE.txt
-  text: |-
-    Copyright (c) Microsoft Corporation.
-
-    Permission to use, copy, modify, and/or distribute this software for any
-    purpose with or without fee is hereby granted.
-
-    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-    REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-    INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-    LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-    OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-    PERFORMANCE OF THIS SOFTWARE.
-notices:
-- sources: CopyrightNotice.txt
-  text: "/*! *****************************************************************************\r\nCopyright
-    (c) Microsoft Corporation.\r\n\r\nPermission to use, copy, modify, and/or distribute
-    this software for any\r\npurpose with or without fee is hereby granted.\r\n\r\nTHE
-    SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH\r\nREGARD
-    TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\r\nAND FITNESS.
-    IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,\r\nINDIRECT, OR
-    CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\r\nLOSS OF USE,
-    DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\r\nOTHER TORTIOUS
-    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\r\nPERFORMANCE OF THIS
-    SOFTWARE.\r\n*****************************************************************************
-    */"

.licenses/npm/tslib-2.6.2.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: tslib
-version: 2.5.0
+version: 2.6.2
 type: npm
 summary: Runtime library for TypeScript helper functions
 homepage: https://www.typescriptlang.org/

.licenses/npm/undici-types.dep.yml

@@ -0,0 +1,32 @@
+---
+name: undici-types
+version: 7.8.0
+type: npm
+summary: A stand-alone types package for Undici
+homepage: https://undici.nodejs.org
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) Matteo Collina and Undici contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/uuid.dep.yml

@@ -3,7 +3,7 @@ name: uuid
 version: 8.3.2
 type: npm
 summary: RFC4122 (v1, v4, and v5) UUIDs
-homepage: https://github.com/uuidjs/uuid#readme
+homepage:
 license: mit
 licenses:
 - sources: LICENSE.md

README.md

@@ -8,26 +8,21 @@ This action sets up a go environment for use in actions by:
 - Optionally downloading and caching a version of Go by version and adding to `PATH`.
 - Registering problem matchers for error output.
 
-# V4
+# Breaking changes in V6
 
-The V4 edition of the action offers:
+- Improve toolchain handling to ensure more reliable and consistent toolchain selection and management.
+- Upgraded from node20 to node24.
+  > Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. [See Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1)
 
- - Enabled caching by default
+For more details,  see the full release notes on the [releases page](https://github.com/actions/setup-go/releases/tag/v6.0.0)
 
-The action will try to enable caching unless the `cache` input is explicitly set to false.
+# V5
 
-Please see "[Caching dependency files and build outputs](https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs)" for more information.
+The V5 edition of the action offers:
 
-# V3
+- Upgraded Node.js runtime from node16 to node20
 
-The V3 edition of the action offers:
+See full release notes on the [releases page](https://github.com/actions/setup-go/releases).
-
-- Adds `GOBIN` to the `PATH`
-- Proxy support
-- Check latest version
-- Caching packages dependencies
-- stable and oldstable aliases
-- Bug Fixes (including issues around version matching and semver)
 
 The action will first check the local cache for a version match. If a version is not found locally, it will pull it from
 the `main` branch of the [go-versions](https://github.com/actions/go-versions/blob/main/versions-manifest.json)
@@ -42,8 +37,8 @@ Matching by [semver spec](https://github.com/npm/node-semver):
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v5
-  - uses: actions/setup-go@v4
+  - uses: actions/setup-go@v6
     with:
       go-version: '^1.13.1' # The Go version to download (if necessary) and use.
   - run: go version
@@ -51,26 +46,27 @@ steps:
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v5
-  - uses: actions/setup-go@v4
+  - uses: actions/setup-go@v6
     with:
       go-version: '>=1.17.0'
   - run: go version
 ```
 
 > **Note**: Due to the peculiarities of YAML parsing, it is recommended to wrap the version in single quotation marks:
-> 
+>
 > ```yaml
 >   go-version: '1.20'
->  ```
+> ```
->  
+>
 > The recommendation is based on the YAML parser's behavior, which interprets non-wrapped values as numbers and, in the case of version 1.20, trims it down to 1.2, which may not be very obvious.
+
 Matching an unstable pre-release:
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v5
-  - uses: actions/setup-go@v4
+  - uses: actions/setup-go@v6
     with:
       go-version: '1.18.0-rc.1' # The Go version to download (if necessary) and use.
   - run: go version
@@ -78,8 +74,8 @@ steps:
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v5
-  - uses: actions/setup-go@v4
+  - uses: actions/setup-go@v6
     with:
       go-version: '1.16.0-beta.1' # The Go version to download (if necessary) and use.
   - run: go version
@@ -93,8 +89,8 @@ See [action.yml](action.yml)
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v5
-  - uses: actions/setup-go@v4
+  - uses: actions/setup-go@v6
     with:
       go-version: '1.16.1' # The Go version to download (if necessary) and use.
   - run: go run hello.go
@@ -114,8 +110,8 @@ want the most up-to-date Go version to always be used.
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v5
-  - uses: actions/setup-go@v4
+  - uses: actions/setup-go@v6
     with:
       go-version: '1.14'
       check-latest: true
@@ -135,8 +131,8 @@ set to `true`
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v5
-  - uses: actions/setup-go@v4
+  - uses: actions/setup-go@v6
     with:
       go-version: 'stable'
   - run: go run hello.go
@@ -144,8 +140,8 @@ steps:
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v5
-  - uses: actions/setup-go@v4
+  - uses: actions/setup-go@v6
     with:
       go-version: 'oldstable'
   - run: go run hello.go
@@ -159,38 +155,50 @@ The `cache` input is optional, and caching is turned on by default.
 
 The action defaults to search for the dependency file - go.sum in the repository root, and uses its hash as a part of
 the cache key. Use `cache-dependency-path` input for cases when multiple dependency files are used, or they are located
-in different subdirectories.
+in different subdirectories. The input supports glob patterns.
 
-If some problem that prevents success caching happens then the action issues the warning in the log and continues the execution of the pipeline. 
+If some problem that prevents success caching happens then the action issues the warning in the log and continues the execution of the pipeline.
 
 **Caching in monorepos**
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v5
-  - uses: actions/setup-go@v4
+  - uses: actions/setup-go@v6
     with:
       go-version: '1.17'
       check-latest: true
-      cache-dependency-path: subdir/go.sum
+      cache-dependency-path: |
+             subdir/go.sum
+             tools/go.sum
+    # cache-dependency-path: "**/*.sum"
+
   - run: go run hello.go
   ```
 
 ## Getting go version from the go.mod file
 
-The `go-version-file` input accepts a path to a `go.mod` file or a `go.work` file that contains the version of Go to be
+The `go-version-file` input accepts a path to a `go.mod` file or a `go.work`
-used by a project. As the `go.mod` file contains only major and minor (e.g. 1.18) tags, the action will search for the
+file that contains the version of Go to be used by a project. The version taken
-latest available patch version sequentially in the runner's directory with the cached tools, in
+from thils file will be:
-the [versions-manifest.json](https://github.com/actions/go-versions/blob/main/versions-manifest.json) file or at the go
+
-servers.
+  - The version from the `toolchain` directive, if there is one, otherwise
+  - The version from the `go` directive
+
+The version can specify a patch version or omit it altogether (e.g., `go 1.22.0` or `go 1.22`).
+
+If a patch version is specified, that specific patch version will be used.  
+If no patch version is specified, it will search for the latest available patch version in the cache,
+[versions-manifest.json](https://github.com/actions/go-versions/blob/main/versions-manifest.json), and the
+[official Go language website](https://golang.org/dl/?mode=json&include=all), in that order.
 
 If both the `go-version` and the `go-version-file` inputs are provided then the `go-version` input is used.
 > The action will search for the `go.mod` file relative to the repository root
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v5
-  - uses: actions/setup-go@v4
+  - uses: actions/setup-go@v6
     with:
       go-version-file: 'path/to/go.mod'
   - run: go version
@@ -207,9 +215,9 @@ jobs:
         go: [ '1.14', '1.13' ]
     name: Go ${{ matrix.go }} sample
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go }}
       - run: go run hello.go
@@ -227,31 +235,35 @@ documentation.
 
 ## Using `setup-go` on GHES
 
-`setup-go` comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Go
+`setup-go` comes pre-installed on the appliance with GHES if Actions is enabled.
-distributions, `setup-go` downloads distributions from [`actions/go-versions`](https://github.com/actions/go-versions)
+When dynamically downloading Go distributions, `setup-go` downloads distributions from [`actions/go-versions`](https://github.com/actions/go-versions) on github.com (outside of the appliance).
-on github.com (outside of the appliance). These calls to `actions/go-versions` are made via unauthenticated requests,
-which are limited
-to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting). If
-more requests are made within the time frame, then you will start to see rate-limit errors during downloading that looks
-like: `##[error]API rate limit exceeded for...`. After that error the action will try to download versions directly
-from https://storage.googleapis.com/golang, but it also can have rate limit so it's better to put token.
 
-To get a higher rate limit, you
+These calls to `actions/go-versions` are made via unauthenticated requests, which are limited to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting).
-can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token`
+If more requests are made within the time frame, then the action leverages the `raw API` to retrieve the version-manifest. This approach does not impose a rate limit and hence facilitates unrestricted consumption. This is particularly beneficial for GHES runners, which often share the same IP, to avoid the quick exhaustion of the unauthenticated rate limit.
-input for the action:
+If that fails as well the action will try to download versions directly from https://storage.googleapis.com/golang.
+
+If that fails as well you can get a higher rate limit with [generating a personal access token on github.com](https://github.com/settings/tokens/new) and passing it as the `token` input to the action:
 
 ```yaml
-uses: actions/setup-go@v4
+uses: actions/setup-go@v6
 with:
   token: ${{ secrets.GH_DOTCOM_TOKEN }}
   go-version: '1.18'
 ```
 
-If the runner is not able to access github.com, any Go versions requested during a workflow run must come from the
+If the runner is not able to access github.com, any Go versions requested during a workflow run must come from the runner's tool cache.
-runner's tool cache.
 See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)"
 for more information.
 
+## Recommended permissions
+
+When using the `setup-go` action in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:
+
+```yaml
+permissions:
+  contents: read # access to check out code and install dependencies
+```
+
 # License
 
 The scripts and documentation in this project are released under the [MIT License](LICENSE)

__tests__/cache-utils.test.ts

@@ -209,3 +209,41 @@ describe('isCacheFeatureAvailable', () => {
     expect(warningSpy).toHaveBeenCalledWith(warningMessage);
   });
 });
+
+describe('isGhes', () => {
+  const pristineEnv = process.env;
+
+  beforeEach(() => {
+    jest.resetModules();
+    process.env = {...pristineEnv};
+  });
+
+  afterAll(() => {
+    process.env = pristineEnv;
+  });
+
+  it('returns false when the GITHUB_SERVER_URL environment variable is not defined', async () => {
+    delete process.env['GITHUB_SERVER_URL'];
+    expect(cacheUtils.isGhes()).toBeFalsy();
+  });
+
+  it('returns false when the GITHUB_SERVER_URL environment variable is set to github.com', async () => {
+    process.env['GITHUB_SERVER_URL'] = 'https://github.com';
+    expect(cacheUtils.isGhes()).toBeFalsy();
+  });
+
+  it('returns false when the GITHUB_SERVER_URL environment variable is set to a GitHub Enterprise Cloud-style URL', async () => {
+    process.env['GITHUB_SERVER_URL'] = 'https://contoso.ghe.com';
+    expect(cacheUtils.isGhes()).toBeFalsy();
+  });
+
+  it('returns false when the GITHUB_SERVER_URL environment variable has a .localhost suffix', async () => {
+    process.env['GITHUB_SERVER_URL'] = 'https://mock-github.localhost';
+    expect(cacheUtils.isGhes()).toBeFalsy();
+  });
+
+  it('returns true when the GITHUB_SERVER_URL environment variable is set to some other URL', async () => {
+    process.env['GITHUB_SERVER_URL'] = 'https://src.onpremise.fabrikam.com';
+    expect(cacheUtils.isGhes()).toBeTruthy();
+  });
+});

__tests__/data/go.mod

@@ -1,6 +1,6 @@
 module example.com/mymodule
 
-go 1.14
+go 1.20
 
 require (
 	example.com/othermodule v1.2.3

__tests__/data/go.work

@@ -1,3 +1,3 @@
-go 1.19
+go 1.21
 
 use .

__tests__/setup-go.test.ts

@@ -7,6 +7,7 @@ import osm, {type} from 'os';
 import path from 'path';
 import * as main from '../src/main';
 import * as im from '../src/installer';
+import * as httpm from '@actions/http-client';
 
 import goJsonData from './data/golang-dl.json';
 import matchers from '../matchers.json';
@@ -46,6 +47,7 @@ describe('setup-go', () => {
   let execSpy: jest.SpyInstance;
   let getManifestSpy: jest.SpyInstance;
   let getAllVersionsSpy: jest.SpyInstance;
+  let httpmGetJsonSpy: jest.SpyInstance;
 
   beforeAll(async () => {
     process.env['GITHUB_ENV'] = ''; // Stub out Environment file functionality so we can verify it writes to standard out (toolkit is backwards compatible)
@@ -90,6 +92,9 @@ describe('setup-go', () => {
     getManifestSpy = jest.spyOn(tc, 'getManifestFromRepo');
     getAllVersionsSpy = jest.spyOn(im, 'getManifest');
 
+    // httm
+    httpmGetJsonSpy = jest.spyOn(httpm.HttpClient.prototype, 'getJson');
+
     // io
     whichSpy = jest.spyOn(io, 'which');
     existsSpy = jest.spyOn(fs, 'existsSync');
@@ -124,6 +129,9 @@ describe('setup-go', () => {
   });
 
   afterEach(() => {
+    // clear out env var set during 'run'
+    delete process.env[im.GOTOOLCHAIN_ENV_VAR];
+
     //jest.resetAllMocks();
     jest.clearAllMocks();
     //jest.restoreAllMocks();
@@ -151,6 +159,21 @@ describe('setup-go', () => {
     );
   });
 
+  it('should return manifest from repo', async () => {
+    const manifest = await im.getManifest(undefined);
+    expect(manifest).toEqual(goTestManifest);
+  });
+
+  it('should return manifest from raw URL if repo fetch fails', async () => {
+    getManifestSpy.mockRejectedValue(new Error('Fetch failed'));
+    httpmGetJsonSpy.mockResolvedValue({
+      result: goTestManifest
+    });
+    const manifest = await im.getManifest(undefined);
+    expect(httpmGetJsonSpy).toHaveBeenCalled();
+    expect(manifest).toEqual(goTestManifest);
+  });
+
   it('can find 1.9 from manifest on linux', async () => {
     os.platform = 'linux';
     os.arch = 'x64';
@@ -265,7 +288,7 @@ describe('setup-go', () => {
     expect(logSpy).toHaveBeenCalledWith(`Setup go version spec 1.13.0`);
   });
 
-  it('does not export any variables for Go versions >=1.9', async () => {
+  it('does not export GOROOT for Go versions >=1.9', async () => {
     inputs['go-version'] = '1.13.0';
     inSpy.mockImplementation(name => inputs[name]);
 
@@ -278,7 +301,7 @@ describe('setup-go', () => {
     });
 
     await main.run();
-    expect(vars).toStrictEqual({});
+    expect(vars).not.toHaveProperty('GOROOT');
   });
 
   it('exports GOROOT for Go versions <1.9', async () => {
@@ -294,9 +317,7 @@ describe('setup-go', () => {
     });
 
     await main.run();
-    expect(vars).toStrictEqual({
+    expect(vars).toHaveProperty('GOROOT', toolPath);
-      GOROOT: toolPath
-    });
   });
 
   it('finds a version of go already in the cache', async () => {
@@ -790,6 +811,9 @@ describe('setup-go', () => {
       getManifestSpy.mockImplementation(() => {
         throw new Error('Unable to download manifest');
       });
+      httpmGetJsonSpy.mockRejectedValue(
+        new Error('Unable to download manifest from raw URL')
+      );
       getAllVersionsSpy.mockImplementationOnce(() => undefined);
 
       dlSpy.mockImplementation(async () => '/some/temp/path');
@@ -966,4 +990,104 @@ use .
       }
     );
   });
+
+  describe('go-version-file-toolchain', () => {
+    const goVersions = ['1.22.0', '1.21rc2', '1.18'];
+    const placeholderVersion = '1.19';
+    const buildGoMod = (
+      goVersion: string,
+      toolchainVersion: string
+    ) => `module example.com/mymodule
+
+go ${goVersion}
+
+toolchain go${toolchainVersion}
+
+require (
+	example.com/othermodule v1.2.3
+	example.com/thismodule v1.2.3
+	example.com/thatmodule v1.2.3
+)
+
+replace example.com/thatmodule => ../thatmodule
+exclude example.com/thismodule v1.3.0
+`;
+
+    const buildGoWork = (
+      goVersion: string,
+      toolchainVersion: string
+    ) => `go 1.19
+
+toolchain go${toolchainVersion}
+
+use .
+
+`;
+
+    goVersions.forEach(version => {
+      [
+        {
+          goVersionfile: 'go.mod',
+          fileContents: Buffer.from(buildGoMod(placeholderVersion, version)),
+          expected_version: version,
+          desc: 'from toolchain directive'
+        },
+        {
+          goVersionfile: 'go.work',
+          fileContents: Buffer.from(buildGoMod(placeholderVersion, version)),
+          expected_version: version,
+          desc: 'from toolchain directive'
+        },
+        {
+          goVersionfile: 'go.mod',
+          fileContents: Buffer.from(buildGoMod(placeholderVersion, version)),
+          gotoolchain_env: 'local',
+          expected_version: placeholderVersion,
+          desc: 'from go directive when GOTOOLCHAIN is local'
+        },
+        {
+          goVersionfile: 'go.work',
+          fileContents: Buffer.from(buildGoMod(placeholderVersion, version)),
+          gotoolchain_env: 'local',
+          expected_version: placeholderVersion,
+          desc: 'from go directive when GOTOOLCHAIN is local'
+        }
+      ].forEach(test => {
+        it(`reads version (${version}) in ${test.goVersionfile} ${test.desc}`, async () => {
+          inputs['go-version-file'] = test.goVersionfile;
+          if (test.gotoolchain_env !== undefined) {
+            process.env[im.GOTOOLCHAIN_ENV_VAR] = test.gotoolchain_env;
+          }
+          existsSpy.mockImplementation(() => true);
+          readFileSpy.mockImplementation(() => Buffer.from(test.fileContents));
+
+          await main.run();
+
+          expect(logSpy).toHaveBeenCalledWith(
+            `Setup go version spec ${test.expected_version}`
+          );
+          expect(logSpy).toHaveBeenCalledWith(
+            `Attempting to download ${test.expected_version}...`
+          );
+          expect(logSpy).toHaveBeenCalledWith(
+            `matching ${test.expected_version}...`
+          );
+        });
+      });
+    });
+  });
+
+  it('exports GOTOOLCHAIN and sets it in current process env', async () => {
+    inputs['go-version'] = '1.21.0';
+    inSpy.mockImplementation(name => inputs[name]);
+
+    const vars: {[key: string]: string} = {};
+    exportVarSpy.mockImplementation((name: string, val: string) => {
+      vars[name] = val;
+    });
+
+    await main.run();
+    expect(vars).toStrictEqual({GOTOOLCHAIN: 'local'});
+    expect(process.env).toHaveProperty('GOTOOLCHAIN', 'local');
+  });
 });

__tests__/utils.test.ts

@@ -0,0 +1,52 @@
+import {isSelfHosted} from '../src/utils';
+
+describe('utils', () => {
+  describe('isSelfHosted', () => {
+    let AGENT_ISSELFHOSTED: string | undefined;
+    let RUNNER_ENVIRONMENT: string | undefined;
+
+    beforeEach(() => {
+      AGENT_ISSELFHOSTED = process.env['AGENT_ISSELFHOSTED'];
+      delete process.env['AGENT_ISSELFHOSTED'];
+      RUNNER_ENVIRONMENT = process.env['RUNNER_ENVIRONMENT'];
+      delete process.env['RUNNER_ENVIRONMENT'];
+    });
+
+    afterEach(() => {
+      if (AGENT_ISSELFHOSTED === undefined) {
+        delete process.env['AGENT_ISSELFHOSTED'];
+      } else {
+        process.env['AGENT_ISSELFHOSTED'] = AGENT_ISSELFHOSTED;
+      }
+      if (RUNNER_ENVIRONMENT === undefined) {
+        delete process.env['RUNNER_ENVIRONMENT'];
+      } else {
+        process.env['RUNNER_ENVIRONMENT'] = RUNNER_ENVIRONMENT;
+      }
+    });
+
+    it('isSelfHosted should be true if no environment variables set', () => {
+      expect(isSelfHosted()).toBeTruthy();
+    });
+
+    it('isSelfHosted should be true if environment variable is not set to denote GitHub hosted', () => {
+      process.env['RUNNER_ENVIRONMENT'] = 'some';
+      expect(isSelfHosted()).toBeTruthy();
+    });
+
+    it('isSelfHosted should be true if environment variable set to denote Azure Pipelines self hosted', () => {
+      process.env['AGENT_ISSELFHOSTED'] = '1';
+      expect(isSelfHosted()).toBeTruthy();
+    });
+
+    it('isSelfHosted should be false if environment variable set to denote GitHub hosted', () => {
+      process.env['RUNNER_ENVIRONMENT'] = 'github-hosted';
+      expect(isSelfHosted()).toBeFalsy();
+    });
+
+    it('isSelfHosted should be false if environment variable is not set to denote Azure Pipelines self hosted', () => {
+      process.env['AGENT_ISSELFHOSTED'] = 'some';
+      expect(isSelfHosted()).toBeFalsy();
+    });
+  });
+});

action.yml

@@ -25,7 +25,7 @@ outputs:
   cache-hit:
     description: 'A boolean value to indicate if a cache was hit'
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'dist/setup/index.js'
   post: 'dist/cache-save/index.js'
   post-if: success()

docs/adrs/0000-caching-dependencies.md

@@ -4,7 +4,7 @@ Date: 2022-04-13
 Status: Accepted
 
 # Context
-`actions/setup-go` is the one of the most popular action related to Golang in GitHub Actions. Many customers use it in conjunction with [actions/cache](https://github.com/actions/cache) to speed up dependency installation process.  
+`actions/setup-go` is the one of the most popular action related to Golang in GitHub Actions. Many customers use it in conjunction with [actions/cache](https://github.com/actions/cache) to speed up dependency installation process.
 See more examples on proper usage in [actions/cache documentation](https://github.com/actions/cache/blob/main/examples.md#go---modules).
 
 # Goals & Anti-Goals
@@ -16,7 +16,7 @@ Integration of caching functionality into `actions/setup-go` action will bring t
 We don't pursue the goal to provide wide customization of caching in scope of `actions/setup-go` action. The purpose of this integration is covering ~90% of basic use-cases. If user needs flexible customization, we should advice them to use `actions/cache` directly.
 
 # Decision
-- Add `cache` input parameter to `actions/setup-go`. For now, input will accept the following values: 
+- Add `cache` input parameter to `actions/setup-go`. For now, input will accept the following values:
   - `true` - enable caching for go dependencies
   - `false`- disable caching for go dependencies. This value will be set as default value
 - Cache feature will be disabled by default to make sure that we don't break existing customers. We will consider enabling cache by default in next major releases
@@ -32,7 +32,7 @@ We don't pursue the goal to provide wide customization of caching in scope of `a
 
 ```yml
 steps:
-- uses: actions/checkout@v3
+- uses: actions/checkout@v4
 - uses: actions/setup-go@v3
   with:
     go-version: '18'
@@ -43,7 +43,7 @@ steps:
 
  ```yml
 steps:
-- uses: actions/checkout@v3
+- uses: actions/checkout@v4
 - uses: actions/setup-go@v3
   with:
     go-version: '18'
@@ -53,7 +53,7 @@ steps:
 
  ```yml
 steps:
-- uses: actions/checkout@v3
+- uses: actions/checkout@v4
 - uses: actions/setup-go@v3
   with:
     go-version: '18'
@@ -66,4 +66,4 @@ steps:
 # Release process
 
 As soon as functionality is implemented, we will release minor update of action. No need to bump major version since there are no breaking changes for existing users.
-After that, we will update [starter-workflows](https://github.com/actions/starter-workflows/blob/main/ci/go.yml)
+After that, we will update [starter-workflows](https://github.com/actions/starter-workflows/blob/main/ci/go.yml)

docs/contributors.md

@@ -6,13 +6,13 @@ We have prepared a short guide so that the process of making your contribution i
 
 ## How can I contribute...
 
-* [Contribute Documentation:green_book:](#contribute-documentation)
+* [Contribute Documentation :green_book:](#contribute-documentation)
 
 * [Contribute Code :computer:](#contribute-code)
 
-* [Provide Support on Issues:pencil:](#provide-support-on-issues)
+* [Provide Support on Issues :pencil:](#provide-support-on-issues)
 
-* [Review Pull Requests:mag:](#review-pull-requests)
+* [Review Pull Requests :mag:](#review-pull-requests)
 
 ## Contribute documentation
 
@@ -113,4 +113,4 @@ Another great way to contribute is pull request reviews. Please, be extra kind:
 - Make sure you're familiar with the code or documentation is updated, unless it's a minor change (spellchecking, minor formatting, etc.)
 - Review changes using the GitHub functionality. You can ask a clarifying question, point out an error or suggest an alternative. 
 > Note: You may ask for minor changes - "nitpicks", but consider whether they are real blockers to merging or not
-- Submit your review, which may include comments, an approval, or a changes request
+- Submit your review, which may include comments, an approval, or a changes request

package.json

@@ -1,9 +1,12 @@
 {
   "name": "setup-go",
-  "version": "4.0.0",
+  "version": "6.0.0",
   "private": true,
   "description": "setup go action",
   "main": "lib/setup-go.js",
+  "engines": {
+    "node": ">=24.0.0"
+  },
   "scripts": {
     "build": "tsc && ncc build -o dist/setup src/setup-go.ts && ncc build -o dist/cache-save src/cache-save.ts",
     "format": "prettier --no-error-on-unmatched-pattern --config ./.prettierrc.js --write \"**/*.{ts,yml,yaml}\"",
@@ -26,30 +29,30 @@
   "license": "MIT",
   "dependencies": {
     "@actions/cache": "^4.0.3",
-    "@actions/core": "^1.10.0",
+    "@actions/core": "^1.11.1",
-    "@actions/exec": "^1.1.0",
+    "@actions/exec": "^1.1.1",
-    "@actions/glob": "^0.2.0",
+    "@actions/glob": "^0.5.0",
-    "@actions/http-client": "^2.0.1",
+    "@actions/http-client": "^2.2.1",
     "@actions/io": "^1.0.2",
-    "@actions/tool-cache": "^1.5.5",
+    "@actions/tool-cache": "^2.0.2",
-    "semver": "^6.3.1"
+    "semver": "^7.6.3"
   },
   "devDependencies": {
-    "@types/jest": "^27.0.2",
+    "@types/jest": "^29.5.14",
-    "@types/node": "^16.11.25",
+    "@types/node": "^24.1.0",
-    "@types/semver": "^6.0.0",
+    "@types/semver": "^7.5.8",
-    "@typescript-eslint/eslint-plugin": "^5.54.0",
+    "@typescript-eslint/eslint-plugin": "^8.31.1",
-    "@typescript-eslint/parser": "^5.54.0",
+    "@typescript-eslint/parser": "^8.35.1",
-    "@vercel/ncc": "^0.33.4",
+    "@vercel/ncc": "^0.38.1",
-    "eslint": "^8.35.0",
+    "eslint": "^8.57.0",
-    "eslint-config-prettier": "^8.6.0",
+    "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-jest": "^27.2.1",
+    "eslint-plugin-jest": "^29.0.1",
     "eslint-plugin-node": "^11.1.0",
-    "jest": "^27.2.5",
+    "jest": "^29.7.0",
-    "jest-circus": "^27.2.5",
+    "jest-circus": "^29.7.0",
     "nock": "^10.0.6",
     "prettier": "^2.8.4",
-    "ts-jest": "^27.0.5",
+    "ts-jest": "^29.3.2",
-    "typescript": "^4.3.3"
+    "typescript": "^5.8.3"
   }
 }

src/cache-restore.ts

@@ -15,6 +15,7 @@ export const restoreCache = async (
 ) => {
   const packageManagerInfo = await getPackageManagerInfo(packageManager);
   const platform = process.env.RUNNER_OS;
+  const arch = process.arch;
 
   const cachePaths = await getCacheDirectoryPath(packageManagerInfo);
 
@@ -31,7 +32,7 @@ export const restoreCache = async (
 
   const linuxVersion =
     process.env.RUNNER_OS === 'Linux' ? `${process.env.ImageOS}-` : '';
-  const primaryKey = `setup-go-${platform}-${linuxVersion}go-${versionSpec}-${fileHash}`;
+  const primaryKey = `setup-go-${platform}-${arch}-${linuxVersion}go-${versionSpec}-${fileHash}`;
   core.debug(`primary key is ${primaryKey}`);
 
   core.saveState(State.CachePrimaryKey, primaryKey);

src/cache-save.ts

@@ -12,9 +12,19 @@ process.on('uncaughtException', e => {
   core.info(`${warningPrefix}${e.message}`);
 });
 
-export async function run() {
+// Added early exit to resolve issue with slow post action step:
+// - https://github.com/actions/setup-node/issues/878
+// https://github.com/actions/cache/pull/1217
+export async function run(earlyExit?: boolean) {
   try {
-    await cachePackages();
+    const cacheInput = core.getBooleanInput('cache');
+    if (cacheInput) {
+      await cachePackages();
+
+      if (earlyExit) {
+        process.exit(0);
+      }
+    }
   } catch (error) {
     let message = 'Unknown error!';
     if (error instanceof Error) {
@@ -28,11 +38,6 @@ export async function run() {
 }
 
 const cachePackages = async () => {
-  const cacheInput = core.getBooleanInput('cache');
-  if (!cacheInput) {
-    return;
-  }
-
   const packageManager = 'default';
 
   const state = core.getState(State.CacheMatchedKey);
@@ -85,4 +90,4 @@ function logWarning(message: string): void {
   core.info(`${warningPrefix}${message}`);
 }
 
-run();
+run(true);

src/cache-utils.ts

@@ -63,7 +63,13 @@ export function isGhes(): boolean {
   const ghUrl = new URL(
     process.env['GITHUB_SERVER_URL'] || 'https://github.com'
   );
-  return ghUrl.hostname.toUpperCase() !== 'GITHUB.COM';
+
+  const hostname = ghUrl.hostname.trimEnd().toUpperCase();
+  const isGitHubHost = hostname === 'GITHUB.COM';
+  const isGitHubEnterpriseCloudHost = hostname.endsWith('.GHE.COM');
+  const isLocalHost = hostname.endsWith('.LOCALHOST');
+
+  return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost;
 }
 
 export function isCacheFeatureAvailable(): boolean {

src/installer.ts

@@ -6,7 +6,15 @@ import * as httpm from '@actions/http-client';
 import * as sys from './system';
 import fs from 'fs';
 import os from 'os';
-import {StableReleaseAlias} from './utils';
+import {StableReleaseAlias, isSelfHosted} from './utils';
+import {Architecture} from './types';
+
+export const GOTOOLCHAIN_ENV_VAR = 'GOTOOLCHAIN';
+export const GOTOOLCHAIN_LOCAL_VAL = 'local';
+const MANIFEST_REPO_OWNER = 'actions';
+const MANIFEST_REPO_NAME = 'go-versions';
+const MANIFEST_REPO_BRANCH = 'main';
+const MANIFEST_URL = `https://raw.githubusercontent.com/${MANIFEST_REPO_OWNER}/${MANIFEST_REPO_NAME}/${MANIFEST_REPO_BRANCH}/versions-manifest.json`;
 
 type InstallationType = 'dist' | 'manifest';
 
@@ -34,7 +42,7 @@ export async function getGo(
   versionSpec: string,
   checkLatest: boolean,
   auth: string | undefined,
-  arch = os.arch()
+  arch: Architecture = os.arch() as Architecture
 ) {
   let manifest: tc.IToolRelease[] | undefined;
   const osPlat: string = os.platform();
@@ -114,9 +122,9 @@ export async function getGo(
         `Received HTTP status code ${err.httpStatusCode}.  This usually indicates the rate limit has been exceeded`
       );
     } else {
-      core.info(err.message);
+      core.info((err as Error).message);
     }
-    core.debug(err.stack);
+    core.debug((err as Error).stack ?? '');
     core.info('Falling back to download directly from Go');
   }
 
@@ -146,7 +154,7 @@ async function resolveVersionFromManifest(
   versionSpec: string,
   stable: boolean,
   auth: string | undefined,
-  arch: string,
+  arch: Architecture,
   manifest: tc.IToolRelease[] | undefined
 ): Promise<string | undefined> {
   try {
@@ -160,7 +168,7 @@ async function resolveVersionFromManifest(
     return info?.resolvedVersion;
   } catch (err) {
     core.info('Unable to resolve a version from the manifest...');
-    core.debug(err.message);
+    core.debug((err as Error).message);
   }
 }
 
@@ -175,11 +183,7 @@ async function cacheWindowsDir(
   if (os.platform() !== 'win32') return false;
 
   // make sure the action runs in the hosted environment
-  if (
+  if (isSelfHosted()) return false;
-    process.env['RUNNER_ENVIRONMENT'] !== 'github-hosted' &&
-    process.env['AGENT_ISSELFHOSTED'] === '1'
-  )
-    return false;
 
   const defaultToolCacheRoot = process.env['RUNNER_TOOL_CACHE'];
   if (!defaultToolCacheRoot) return false;
@@ -203,6 +207,17 @@ async function cacheWindowsDir(
   fs.symlinkSync(actualToolCacheDir, defaultToolCacheDir, 'junction');
   core.info(`Created link ${defaultToolCacheDir} => ${actualToolCacheDir}`);
 
+  const actualToolCacheCompleteFile = `${actualToolCacheDir}.complete`;
+  const defaultToolCacheCompleteFile = `${defaultToolCacheDir}.complete`;
+  fs.symlinkSync(
+    actualToolCacheCompleteFile,
+    defaultToolCacheCompleteFile,
+    'file'
+  );
+  core.info(
+    `Created link ${defaultToolCacheCompleteFile} => ${actualToolCacheCompleteFile}`
+  );
+
   // make outer code to continue using toolcache as if it were installed on c:
   // restore toolcache root to default drive c:
   process.env['RUNNER_TOOL_CACHE'] = defaultToolCacheRoot;
@@ -263,15 +278,85 @@ export async function extractGoArchive(archivePath: string): Promise<string> {
   return extPath;
 }
 
-export async function getManifest(auth: string | undefined) {
+function isIToolRelease(obj: any): obj is tc.IToolRelease {
-  return tc.getManifestFromRepo('actions', 'go-versions', auth, 'main');
+  return (
+    typeof obj === 'object' &&
+    obj !== null &&
+    typeof obj.version === 'string' &&
+    typeof obj.stable === 'boolean' &&
+    Array.isArray(obj.files) &&
+    obj.files.every(
+      (file: any) =>
+        typeof file.filename === 'string' &&
+        typeof file.platform === 'string' &&
+        typeof file.arch === 'string' &&
+        typeof file.download_url === 'string'
+    )
+  );
+}
+
+export async function getManifest(
+  auth: string | undefined
+): Promise<tc.IToolRelease[]> {
+  try {
+    const manifest = await getManifestFromRepo(auth);
+    if (
+      Array.isArray(manifest) &&
+      manifest.length &&
+      manifest.every(isIToolRelease)
+    ) {
+      return manifest;
+    }
+
+    let errorMessage =
+      'An unexpected error occurred while fetching the manifest.';
+    if (
+      typeof manifest === 'object' &&
+      manifest !== null &&
+      'message' in manifest
+    ) {
+      errorMessage = (manifest as {message: string}).message;
+    }
+    throw new Error(errorMessage);
+  } catch (err) {
+    core.debug('Fetching the manifest via the API failed.');
+    if (err instanceof Error) {
+      core.debug(err.message);
+    }
+  }
+  return await getManifestFromURL();
+}
+
+function getManifestFromRepo(
+  auth: string | undefined
+): Promise<tc.IToolRelease[]> {
+  core.debug(
+    `Getting manifest from ${MANIFEST_REPO_OWNER}/${MANIFEST_REPO_NAME}@${MANIFEST_REPO_BRANCH}`
+  );
+  return tc.getManifestFromRepo(
+    MANIFEST_REPO_OWNER,
+    MANIFEST_REPO_NAME,
+    auth,
+    MANIFEST_REPO_BRANCH
+  );
+}
+
+async function getManifestFromURL(): Promise<tc.IToolRelease[]> {
+  core.debug('Falling back to fetching the manifest using raw URL.');
+
+  const http: httpm.HttpClient = new httpm.HttpClient('tool-cache');
+  const response = await http.getJson<tc.IToolRelease[]>(MANIFEST_URL);
+  if (!response.result) {
+    throw new Error(`Unable to get manifest from ${MANIFEST_URL}`);
+  }
+  return response.result;
 }
 
 export async function getInfoFromManifest(
   versionSpec: string,
   stable: boolean,
   auth: string | undefined,
-  arch = os.arch(),
+  arch: Architecture = os.arch() as Architecture,
   manifest?: tc.IToolRelease[] | undefined
 ): Promise<IGoVersionInfo | null> {
   let info: IGoVersionInfo | null = null;
@@ -297,7 +382,7 @@ export async function getInfoFromManifest(
 
 async function getInfoFromDist(
   versionSpec: string,
-  arch: string
+  arch: Architecture
 ): Promise<IGoVersionInfo | null> {
   const version: IGoVersion | undefined = await findMatch(versionSpec, arch);
   if (!version) {
@@ -316,7 +401,7 @@ async function getInfoFromDist(
 
 export async function findMatch(
   versionSpec: string,
-  arch = os.arch()
+  arch: Architecture = os.arch() as Architecture
 ): Promise<IGoVersion | undefined> {
   const archFilter = sys.getArch(arch);
   const platFilter = sys.getPlatform();
@@ -413,14 +498,30 @@ export function parseGoVersionFile(versionFilePath: string): string {
     path.basename(versionFilePath) === 'go.mod' ||
     path.basename(versionFilePath) === 'go.work'
   ) {
-    const match = contents.match(/^go (\d+(\.\d+)*)/m);
+    // for backwards compatibility: use version from go directive if
-    return match ? match[1] : '';
+    // 'GOTOOLCHAIN' has been explicitly set
+    if (process.env[GOTOOLCHAIN_ENV_VAR] !== GOTOOLCHAIN_LOCAL_VAL) {
+      // toolchain directive: https://go.dev/ref/mod#go-mod-file-toolchain
+      const matchToolchain = contents.match(
+        /^toolchain go(1\.\d+(?:\.\d+|rc\d+)?)/m
+      );
+      if (matchToolchain) {
+        return matchToolchain[1];
+      }
+    }
+
+    // go directive: https://go.dev/ref/mod#go-mod-file-go
+    const matchGo = contents.match(/^go (\d+(\.\d+)*)/m);
+    return matchGo ? matchGo[1] : '';
   }
 
   return contents.trim();
 }
 
-async function resolveStableVersionDist(versionSpec: string, arch: string) {
+async function resolveStableVersionDist(
+  versionSpec: string,
+  arch: Architecture
+) {
   const archFilter = sys.getArch(arch);
   const platFilter = sys.getPlatform();
   const dlUrl = 'https://golang.org/dl/?mode=json&include=all';

src/main.ts

@@ -8,6 +8,7 @@ import {isCacheFeatureAvailable} from './cache-utils';
 import cp from 'child_process';
 import fs from 'fs';
 import os from 'os';
+import {Architecture} from './types';
 
 export async function run() {
   try {
@@ -16,14 +17,15 @@ export async function run() {
     // If not supplied then problem matchers will still be setup.  Useful for self-hosted.
     //
     const versionSpec = resolveVersionInput();
+    setGoToolchain();
 
     const cache = core.getBooleanInput('cache');
     core.info(`Setup go version spec ${versionSpec}`);
 
-    let arch = core.getInput('architecture');
+    let arch = core.getInput('architecture') as Architecture;
 
     if (!arch) {
-      arch = os.arch();
+      arch = os.arch() as Architecture;
     }
 
     if (versionSpec) {
@@ -74,7 +76,7 @@ export async function run() {
           cacheDependencyPath
         );
       } catch (error) {
-        core.warning(`Restore cache failed: ${error.message}`);
+        core.warning(`Restore cache failed: ${(error as Error).message}`);
       }
     }
 
@@ -92,7 +94,7 @@ export async function run() {
     core.info(goEnv);
     core.endGroup();
   } catch (error) {
-    core.setFailed(error.message);
+    core.setFailed((error as Error).message);
   }
 }
 
@@ -160,3 +162,20 @@ function resolveVersionInput(): string {
 
   return version;
 }
+
+function setGoToolchain() {
+  // docs: https://go.dev/doc/toolchain
+  // "local indicates the bundled Go toolchain (the one that shipped with the go command being run)"
+  // this is so any 'go' command is run with the selected Go version
+  // and doesn't trigger a toolchain download and run commands with that
+  // see e.g. issue #424
+  // and a similar discussion: https://github.com/docker-library/golang/issues/472.
+  // Set the value in process env so any `go` commands run as child-process
+  // don't cause toolchain downloads
+  process.env[installer.GOTOOLCHAIN_ENV_VAR] = installer.GOTOOLCHAIN_LOCAL_VAL;
+  // and in the runner env so e.g. a user running `go mod tidy` won't cause it
+  core.exportVariable(
+    installer.GOTOOLCHAIN_ENV_VAR,
+    installer.GOTOOLCHAIN_LOCAL_VAL
+  );
+}

src/system.ts

@@ -1,4 +1,5 @@
 import os from 'os';
+import {Architecture} from './types';
 
 export function getPlatform(): string {
   // darwin and linux match already
@@ -15,7 +16,7 @@ export function getPlatform(): string {
   return plat;
 }
 
-export function getArch(arch: string): string {
+export function getArch(arch: Architecture): string {
   // 'arm', 'arm64', 'ia32', 'mips', 'mipsel', 'ppc', 'ppc64', 's390', 's390x', 'x32', and 'x64'.
 
   // wants amd64, 386, arm64, armv61, ppc641e, s390x

src/types.ts

@@ -0,0 +1,2 @@
+// match what @actions/tool-cache expects
+export type Architecture = string;

src/utils.ts

@@ -2,3 +2,13 @@ export enum StableReleaseAlias {
   Stable = 'stable',
   OldStable = 'oldstable'
 }
+
+export const isSelfHosted = (): boolean =>
+  process.env['RUNNER_ENVIRONMENT'] !== 'github-hosted' &&
+  (process.env['AGENT_ISSELFHOSTED'] === '1' ||
+    process.env['AGENT_ISSELFHOSTED'] === undefined);
+/* the above is simplified from:
+    process.env['RUNNER_ENVIRONMENT'] !== 'github-hosted' && process.env['AGENT_ISSELFHOSTED'] === '1'
+    ||
+    process.env['RUNNER_ENVIRONMENT'] !== 'github-hosted' && process.env['AGENT_ISSELFHOSTED'] === undefined
+*/