⬆️ Updates codecov/codecov-action action to v7

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
codecov/codecov-action	action	major	v1 → v7

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

codecov/codecov-action (codecov/codecov-action)

v7.0.0

Compare Source

v7

Compare Source

v6.0.2

Compare Source

v6.0.1

Compare Source

What's Changed

• fix: prevent template injection in run: steps (VULN-1652) by @​thomasrockhu-codecov in #​1947
• chore(release): 6.0.1 by @​thomasrockhu-codecov in #​1949

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

v6.0.0

Compare Source

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

• Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @​thomasrockhu-codecov in #​1929
• Th/6.0.0 by @​thomasrockhu-codecov in #​1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v6

Compare Source

v5.5.4

Compare Source

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

• Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @​thomasrockhu-codecov in #​1926
• chore(release): 5.5.4 by @​thomasrockhu-codecov in #​1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

Compare Source

What's Changed

• build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @​dependabot[bot] in #​1874
• chore(release): bump to 5.5.3 by @​thomasrockhu-codecov in #​1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

v5.5.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

Compare Source

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in #​1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in #​1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in #​1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in #​1872
• docs: fix typo in README by @​datalater in #​1866
• Document a codecov-cli version reference example by @​webknjaz in #​1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in #​1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in #​1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

Compare Source

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in #​1864
• Pin actions/github-script by Git SHA by @​martincostello in #​1859
• fix: check reqs exist by @​joseph-sentry in #​1835
• fix: Typo in README by @​spalmurray in #​1838
• docs: Refine OIDC docs by @​spalmurray in #​1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in #​1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

Compare Source

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in #​1822
• fix: OIDC on forks by @​joseph-sentry in #​1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2

v5.4.1

Compare Source

What's Changed

• fix: use the github core methods by @​thomasrockhu-codecov in #​1807
• build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @​app/dependabot in #​1803
• build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @​app/dependabot in #​1797
• build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @​app/dependabot in #​1798
• chore(release): wrapper -0.2.1 by @​app/codecov-releaser-app in #​1788
• build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @​app/dependabot in #​1786

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1

v5.4.0

Compare Source

What's Changed

• update wrapper submodule to 0.2.0, add recurse_submodules arg by @​matt-codecov in #​1780
• build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​app/dependabot in #​1775
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​app/dependabot in #​1776
• build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @​app/dependabot in #​1777
• Clarify in README that use_pypi bypasses integrity checks too by @​webknjaz in #​1773
• Fix use of safe.directory inside containers by @​Flamefire in #​1768
• Fix description for report_type input by @​craigscott-crascit in #​1770
• build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @​app/dependabot in #​1765
• Fix a typo in the example by @​miranska in #​1758
• build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @​app/dependabot in #​1757
• build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @​app/dependabot in #​1753

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0

v5.3.1

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.0..v5.3.1

v5.3.0

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.2.0..v5.3.0

v5.2.0

Compare Source

What's Changed

• Fix typo in README by @​tserg in #​1747
• Th/add commands by @​thomasrockhu-codecov in #​1745
• use correct audience when requesting oidc token by @​juho9000 in #​1744
• build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 by @​app/dependabot in #​1742
• build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 by @​app/dependabot in #​1743
• chore(deps): bump wrapper to 0.0.32 by @​thomasrockhu-codecov in #​1740
• feat: add disable-telem feature by @​thomasrockhu-codecov in #​1739
• fix: remove erroneous linebreak in readme by @​Vampire in #​1734

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.2..v5.2.0

v5.1.2

Compare Source

What's Changed

• fix: update statment by @​thomasrockhu-codecov in #​1726
• fix: update action script by @​thomasrockhu-codecov in #​1725
• fix: prevent oidc on tokenless due to permissioning by @​thomasrockhu-codecov in #​1724
• chore(release): wrapper-0.0.31 by @​app/codecov-releaser-app in #​1723
• Put quotes around ${{ inputs.token }} in action.yml by @​jwodder in #​1721
• build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 by @​app/dependabot in #​1722
• Remove mistake from options table by @​Acconut in #​1718
• build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by @​app/dependabot in #​1717

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.1..v5.1.2

v5.1.1

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.0..v5.1.1

v5.1.0

Compare Source

What's Changed

• fix: hide unnecessary error on shasum by @​thomasrockhu-codecov in #​1692
• build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 by @​app/dependabot in #​1701
• chore(release): wrapper-0.0.29 by @​app/codecov-releaser-app in #​1713

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.7..v5.1.0

v5.0.7

Compare Source

What's Changed

• fix: use HEAD_REPO by @​thomasrockhu-codecov in #​1690

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.6..v5.0.7

v5.0.6

Compare Source

What's Changed

• fix: update CODECOV_TOKEN and fix tokenless by @​thomasrockhu-codecov in #​1688

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.5..v5.0.6

v5.0.5

Compare Source

What's Changed

• chore(release): wrapper-0.0.27 by @​app/codecov-releaser-app in #​1685

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.4..v5.0.5

v5.0.4

Compare Source

What's Changed

• chore(deps): bump wrapper to 0.0.26 by @​thomasrockhu-codecov in #​1681
• fix: strip out a trailing /n from input tokens by @​thomasrockhu-codecov in #​1679
• fix: add action version by @​thomasrockhu-codecov in #​1678

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.3..v5.0.4

v5.0.3

Compare Source

What's Changed

• fix: update OIDC audience by @​thomasrockhu-codecov in #​1675
• fix: use double-quotes for OIDC by @​thomasrockhu-codecov in #​1669
• fix: prevent always setting tokenless to be true by @​thomasrockhu-codecov in #​1673
• fix: update CHANGELOG and automate by @​thomasrockhu-codecov in #​1674
• fix: bump to v5 and update README by @​thomasrockhu-codecov in #​1655
• build(deps): bump github/codeql-action from 3.27.0 to 3.27.4 by @​app/dependabot in #​1665
• fix: typo in inputs.disable_safe_directory by @​mkroening in #​1666

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.2..v5.0.3

v5.0.2

Compare Source

What's Changed

• fix: override commit and pr values for PR cases by @​thomasrockhu-codecov in #​1657

Full Changelog: codecov/codecov-action@v5.0.1...v5.0.2

v5.0.1

Compare Source

What's Changed

• fix: use marketplace v5 badge by @​thomasrockhu-codecov in #​1646
• fix: update tokenless branch logic by @​thomasrockhu-codecov in #​1650
• chore(release): 5.0.1 by @​thomasrockhu-codecov in #​1656

Full Changelog: codecov/codecov-action@v5.0.0...v5.0.1

v5.0.0

Compare Source

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

• file (this has been deprecated in favor of files)
• plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

• binary
• gcov_args
• gcov_executable
• gcov_ignore
• gcov_include
• report_type
• skip_validation
• swift_project

You can see their usage in the action.yml file.

v5

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v4.6.0

Compare Source

What's Changed

• build(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by @​dependabot in #​1481
• build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @​dependabot in #​1480
• build(deps-dev): bump ts-jest from 29.1.4 to 29.1.5 by @​dependabot in #​1479
• build(deps-dev): bump @​typescript-eslint/parser from 7.13.0 to 7.13.1 by @​dependabot in #​1485
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.13.0 to 7.13.1 by @​dependabot in #​1484
• build(deps-dev): bump typescript from 5.4.5 to 5.5.2 by @​dependabot in #​1490
• build(deps-dev): bump @​typescript-eslint/parser from 7.13.1 to 7.14.1 by @​dependabot in #​1493
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.13.1 to 7.14.1 by @​dependabot in #​1492
• build(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by @​dependabot in #​1496
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.14.1 to 7.15.0 by @​dependabot in #​1501
• build(deps-dev): bump typescript from 5.5.2 to 5.5.3 by @​dependabot in #​1500
• build(deps-dev): bump @​typescript-eslint/parser from 7.14.1 to 7.15.0 by @​dependabot in #​1499
• build(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 by @​dependabot in #​1502
• build(deps-dev): bump ts-jest from 29.1.5 to 29.2.0 by @​dependabot in #​1504
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.15.0 to 7.16.0 by @​dependabot in #​1503
• build(deps-dev): bump ts-jest from 29.2.0 to 29.2.2 by @​dependabot in #​1507
• build(deps-dev): bump @​typescript-eslint/parser from 7.15.0 to 7.16.0 by @​dependabot in #​1505
• build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @​dependabot in #​1509
• chore(ci): restrict scorecards to codecov/codecov-action by @​thomasrockhu-codecov in #​1512
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.16.0 to 7.16.1 by @​dependabot in #​1514
• build(deps-dev): bump @​typescript-eslint/parser from 7.16.0 to 7.16.1 by @​dependabot in #​1513
• test: versionInfo by @​marcobiedermann in #​1407
• build(deps-dev): bump ts-jest from 29.2.2 to 29.2.3 by @​dependabot in #​1515
• build(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by @​dependabot in #​1516
• build(deps-dev): bump typescript from 5.5.3 to 5.5.4 by @​dependabot in #​1521
• build(deps-dev): bump @​typescript-eslint/parser from 7.16.1 to 7.17.0 by @​dependabot in #​1520
• build(deps-dev): bump @​typescript-eslint/parser from 7.17.0 to 7.18.0 by @​dependabot in #​1528
• build(deps): bump github/codeql-action from 3.25.13 to 3.25.15 by @​dependabot in #​1526
• build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @​dependabot in #​1525
• build(deps-dev): bump ts-jest from 29.2.3 to 29.2.4 by @​dependabot in #​1532
• build(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 by @​dependabot in #​1534
• build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by @​dependabot in #​1542
• build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by @​dependabot in #​1541
• ref: Tidy up types and remove string coercion by @​nicholas-codecov in #​1536
• build(deps-dev): bump @​octokit/webhooks-types from 3.77.1 to 7.5.1 by @​dependabot in #​1545
• build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by @​dependabot in #​1551
• feat: pass tokenless value as branch override by @​joseph-sentry in #​1511
• build(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 by @​dependabot in #​1563
• Create makefile.yml by @​Hawthorne001 in #​1555
• build(deps): bump github/codeql-action from 3.26.2 to 3.26.6 by @​dependabot in #​1562
• build(deps-dev): bump ts-jest from 29.2.4 to 29.2.5 by @​dependabot in #​1557
• Spell evenName in the logs correctly by @​webknjaz in #​1560
• build(deps-dev): bump typescript from 5.5.4 to 5.6.2 by @​dependabot in #​1566
• build(deps-dev): bump @​types/jest from 29.5.12 to 29.5.13 by @​dependabot in #​1567
• build(deps): bump github/codeql-action from 3.26.6 to 3.26.7 by @​dependabot in #​1569
• build(deps-dev): bump eslint from 8.57.0 to 8.57.1 by @​dependabot in #​1571
• build(deps): bump github/codeql-action from 3.26.7 to 3.26.8 by @​dependabot in #​1575
• build(deps-dev): bump @​vercel/ncc from 0.38.1 to 0.38.2 by @​dependabot in #​1577
• chore: fix typo of OSS by @​shoothzj in #​1578
• build(deps): bump github/codeql-action from 3.26.8 to 3.26.9 by @​dependabot in #​1584
• build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in #​1583
• fix: bump eslint parser deps by @​thomasrockhu-codecov in #​1586
• chore(release):4.6.0 by @​thomasrockhu-codecov in #​1587

v4.5.0

Compare Source

What's Changed

• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.9.0 to 7.10.0 by @​dependabot in #​1446
• build(deps-dev): bump ts-jest from 29.1.2 to 29.1.3 by @​dependabot in #​1443
• build(deps-dev): bump @​typescript-eslint/parser from 7.9.0 to 7.10.0 by @​dependabot in #​1445
• build(deps-dev): bump @​typescript-eslint/parser from 7.10.0 to 7.11.0 by @​dependabot in #​1459
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.10.0 to 7.11.0 by @​dependabot in #​1458
• build(deps): bump github/codeql-action from 3.25.5 to 3.25.6 by @​dependabot in #​1456
• build(deps-dev): bump ts-jest from 29.1.3 to 29.1.4 by @​dependabot in #​1460
• build(deps): bump github/codeql-action from 3.25.6 to 3.25.7 by @​dependabot in #​1466
• build(deps-dev): bump @​typescript-eslint/parser from 7.11.0 to 7.12.0 by @​dependabot in #​1467
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.11.0 to 7.12.0 by @​dependabot in #​1468
• build(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by @​dependabot in #​1472
• fix: handle trailing commas by @​joseph-sentry in #​1470
• build(deps-dev): bump @​typescript-eslint/parser from 7.12.0 to 7.13.0 by @​dependabot in #​1474
• build(deps-dev): bump braces from 3.0.2 to 3.0.3 by @​dependabot in #​1475
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.12.0 to 7.13.0 by @​dependabot in #​1473
• feat: add support for tokenless v3 by @​joseph-sentry in #​1410
• Use an existing token even if the PR is from a fork by @​leofeyer in #​1471
• chore(release): bump to 4.5.0 by @​thomasrockhu-codecov in #​1477

v4.4.1

Compare Source

What's Changed

• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.8.0 to 7.9.0 by @​dependabot in #​1427
• fix: prevent xlarge from running on forks by @​thomasrockhu-codecov in #​1432
• build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @​dependabot in #​1439
• build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @​dependabot in #​1438
• fix: isPullRequestFromFork returns false for any PR by @​shahar-h in #​1437
• chore(release): 4.4.1 by @​thomasrockhu-codecov in #​1441

v4.4.0

Compare Source

What's Changed

• chore: Clarify isPullRequestFromFork by @​jsoref in #​1411
• build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @​dependabot in #​1423
• build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @​dependabot in #​1421
• build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @​dependabot in #​1420
• feat: remove GPG and run on spawn by @​thomasrockhu-codecov in #​1426
• build(deps-dev): bump @​typescript-eslint/parser from 7.8.0 to 7.9.0 by @​dependabot in #​1428
• chore(release): 4.4.0 by @​thomasrockhu-codecov in #​1430

Full Changelog: codecov/codecov-action@v4.3.1...v4.4.0

v4.3.1

Compare Source

What's Changed

• build(deps-dev): bump typescript from 5.4.4 to 5.4.5 by @​dependabot in #​1370
• fix: more verbose log message when failing to import pgp key by @​ReenigneArcher in #​1371
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.6.0 to 7.7.0 by @​dependabot in #​1374
• build(deps-dev): bump @​typescript-eslint/parser from 7.6.0 to 7.7.0 by @​dependabot in #​1375
• build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @​dependabot in #​1382
• build(deps): bump github/codeql-action from 3.24.10 to 3.25.1 by @​dependabot in #​1381
• build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @​dependabot in #​1380
• build(deps-dev): bump @​typescript-eslint/parser from 7.7.0 to 7.7.1 by @​dependabot in #​1384
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.7.0 to 7.7.1 by @​dependabot in #​1383
• Update README.md to point to docs about tokenless by @​rohan-at-sentry in #​1395
• build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @​dependabot in #​1393
• build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @​dependabot in #​1392
• build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 by @​dependabot in #​1391
• style: Node Packages by @​marcobiedermann in #​1394
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.7.1 to 7.8.0 by @​dependabot in #​1402
• build(deps-dev): bump @​typescript-eslint/parser from 7.7.1 to 7.8.0 by @​dependabot in #​1401
• docs: Type Annotations by @​marcobiedermann in #​1397
• docs: main branch by @​marcobiedermann in #​1396
• fix: bypass token checks for forks and OIDC by @​thomasrockhu-codecov in #​1404
• chore(release): 4.3.1. by @​thomasrockhu-codecov in #​1405

v4.3.0

Compare Source

What's Changed

• fix: automatically detect if using GitHub enterprise by @​thomasrockhu-codecov in #​1356
• build(deps-dev): bump typescript from 5.4.3 to 5.4.4 by @​dependabot in #​1355
• build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @​dependabot in #​1360
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.5.0 to 7.6.0 by @​dependabot in #​1364
• build(deps-dev): bump @​typescript-eslint/parser from 7.5.0 to 7.6.0 by @​dependabot in #​1363
• feat: add network params by @​thomasrockhu-codecov in #​1365
• build(deps): bump undici from 5.28.3 to 5.28.4 by @​dependabot in #​1361
• chore(release): v4.3.0 by @​thomasrockhu-codecov in #​1366

Full Changelog: codecov/codecov-action@v4.2.0...v4.3.0

v4.2.0

Compare Source

What's Changed

• chore(deps): update deps by @​thomasrockhu-codecov in #​1351
• feat: allow for authentication via OIDC token by @​thomasrockhu-codecov in #​1330
• fix: use_oidc shoudl be required false by @​thomasrockhu-codecov in #​1353

Full Changelog: codecov/codecov-action@v4.1.1...v4.2.0

v4.1.1

Compare Source

What's Changed

• build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @​dependabot in #​1315
• build(deps-dev): bump typescript from 5.3.3 to 5.4.2 by @​dependabot in #​1319
• Removed mention of Mercurial by @​drazisil-codecov in #​1325
• build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @​dependabot in #​1332
• build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @​dependabot in #​1331
• fix: force version by @​thomasrockhu-codecov in #​1329
• build(deps-dev): bump typescript from 5.4.2 to 5.4.3 by @​dependabot in #​1334
• build(deps): bump undici from 5.28.2 to 5.28.3 by @​dependabot in #​1338
• build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 by @​dependabot in #​1341
• fix: typo in disable_safe_directory by @​mkroening in #​1343
• chore(release): 4.1.1 by @​thomasrockhu-codecov in #​1344

v4.1.0

Compare Source

What's Changed

• fix: set safe directory by @​thomasrockhu-codecov in #​1304
• build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @​dependabot in #​1306
• build(deps-dev): bump eslint from 8.56.0 to 8.57.0 by @​dependabot in #​1305
• chore(release): v4.1.0 by @​thomasrockhu-codecov in #​1307

Full Changelog: codecov/codecov-action@v4.0.2...v4.1.0

v4.0.2

Compare Source

What's Changed

• Update README.md by [@​thomasrockhu-codecov](https://r

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/Moscow)

• Branch creation
  • "after 10pm every weekday,before 5am every weekday,every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Thanks for opening an issue! Make sure you've followed CONTRIBUTING.md.

[github-actions]

Hello from PR Helper

Is your PR ready for review and processing? Mark the PR ready by including #pr-ready in a comment.

If you still have work to do, even after marking this ready. Put the PR on hold by including #pr-onhold in a comment.

[github-actions]

Thanks for the PR!

This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm braces is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/cz-conventional-changelog@3.3.0 → npm/braces@2.3.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/braces@2.3.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm cssom is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/cssom@0.3.8 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cssom@0.3.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm doctrine is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/eslint-plugin-import@2.22.1 → npm/doctrine@1.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/doctrine@1.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report