update runs on to be node 24

- Update @actions/artifact to use local package v3.0.0
- Add uri-js-replace override for security fixes
- Update @types/node to v24.1.0 for Node 24 support
- Update TypeScript to v5.2.2 for compatibility
- Update all dependencies to latest versions
- Rebuild dist files with updated dependencies
- Fix all security vulnerabilities (0 remaining)

.eslintignore

@@ -0,0 +1,3 @@
+node_modules/
+lib/
+dist/

.eslintrc.json

@@ -0,0 +1,16 @@
+{
+    "env": { "node": true, "jest": true },
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": { "ecmaVersion": 9, "sourceType": "module" },
+    "extends": [
+      "eslint:recommended",
+      "plugin:import/errors",
+      "plugin:import/warnings",
+      "plugin:import/typescript",
+      "plugin:prettier/recommended"
+    ],
+    "rules": {
+       "@typescript-eslint/no-empty-function": "off"
+    },
+    "plugins": ["@typescript-eslint", "jest"]
+}

.github/workflows/check-dist.yml

@@ -24,10 +24,10 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Setup Node 24
+      - name: Setup Node 20
         uses: actions/setup-node@v4
         with:
-          node-version: 24.x
+          node-version: 20.x
           cache: 'npm'
 
       - name: Install dependencies

.github/workflows/test-proxy.yml

@@ -1,114 +0,0 @@
-name: Test Proxy
-
-on:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - '**.md'
-  pull_request:
-    paths-ignore:
-      - '**.md'
-
-permissions:
-  contents: read
-
-jobs:
-  # End to end upload with proxy
-  test-proxy-upload:
-    runs-on: ubuntu-latest
-    container:
-      image: ubuntu:latest
-      options: --cap-add=NET_ADMIN
-    services:
-      squid-proxy:
-        image: ubuntu/squid:latest
-        ports:
-          - 3128:3128
-    env:
-      http_proxy: http://squid-proxy:3128
-      https_proxy: http://squid-proxy:3128
-    steps:
-    - name: Wait for proxy to be ready
-      shell: bash
-      run: |
-        echo "Waiting for squid proxy to be ready..."
-        echo "Resolving squid-proxy hostname:"
-        getent hosts squid-proxy || echo "DNS resolution failed"
-        for i in $(seq 1 30); do
-          if (echo > /dev/tcp/squid-proxy/3128) 2>/dev/null; then
-            echo "Proxy is ready!"
-            exit 0
-          fi
-          echo "Attempt $i: Proxy not ready, waiting..."
-          sleep 2
-        done
-        echo "Proxy failed to become ready"
-        exit 1
-      env:
-        http_proxy: ""
-        https_proxy: ""
-    - name: Install dependencies
-      run: |
-        apt-get update
-        apt-get install -y iptables curl
-    - name: Verify proxy is working
-      run: |
-        echo "Testing proxy connectivity..."
-        curl -s -o /dev/null -w "%{http_code}" --proxy http://squid-proxy:3128 http://github.com || true
-        echo "Proxy verification complete"
-    - name: Block direct traffic (enforce proxy usage)
-      run: |
-        # Get the squid-proxy container IP
-        PROXY_IP=$(getent hosts squid-proxy | awk '{ print $1 }')
-        echo "Proxy IP: $PROXY_IP"
-        
-        # Allow loopback traffic
-        iptables -A OUTPUT -o lo -j ACCEPT
-        
-        # Allow traffic to the proxy container
-        iptables -A OUTPUT -d $PROXY_IP -j ACCEPT
-        
-        # Allow established connections
-        iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-        
-        # Allow DNS (needed for initial resolution)
-        iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
-        iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
-        
-        # Block all other outbound traffic (HTTP/HTTPS)
-        iptables -A OUTPUT -p tcp --dport 80 -j REJECT
-        iptables -A OUTPUT -p tcp --dport 443 -j REJECT
-        
-        # Log the iptables rules for debugging
-        iptables -L -v -n
-    - name: Verify direct HTTPS is blocked
-      run: |
-        echo "Testing that direct HTTPS requests fail..."
-        if curl --noproxy '*' -s --connect-timeout 5 https://github.com > /dev/null 2>&1; then
-          echo "ERROR: Direct HTTPS request succeeded - blocking is not working!"
-          exit 1
-        else
-          echo "SUCCESS: Direct HTTPS request was blocked as expected"
-        fi
-        
-        echo "Testing that HTTPS through proxy succeeds..."
-        if curl --proxy http://squid-proxy:3128 -s --connect-timeout 10 https://github.com > /dev/null 2>&1; then
-          echo "SUCCESS: HTTPS request through proxy succeeded"
-        else
-          echo "ERROR: HTTPS request through proxy failed!"
-          exit 1
-        fi
-    - name: Checkout
-      uses: actions/checkout@v4
-    - name: Create artifact file
-      run: |
-        mkdir -p test-artifacts
-        echo "Proxy test artifact - $GITHUB_RUN_ID" > test-artifacts/proxy-test.txt
-        echo "Random data: $RANDOM $RANDOM $RANDOM" >> test-artifacts/proxy-test.txt
-        cat test-artifacts/proxy-test.txt
-    - name: Upload artifact through proxy
-      uses: ./
-      with:
-        name: 'Proxy-Test-Artifact-${{ github.run_id }}'
-        path: test-artifacts/proxy-test.txt

.github/workflows/test.yml

@@ -10,10 +10,6 @@ on:
     paths-ignore:
       - '**.md'
 
-permissions:
-  contents: read
-  actions: write
-
 jobs:
   build:
     name: Build
@@ -29,10 +25,10 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v4
 
-    - name: Setup Node 24
+    - name: Setup Node 20
       uses: actions/setup-node@v4
       with:
-        node-version: 24.x
+        node-version: 20.x
         cache: 'npm'
 
     - name: Install dependencies
@@ -98,7 +94,7 @@ jobs:
 
     # Download Artifact #1 and verify the correctness of the content
     - name: 'Download artifact #1'
-      uses: actions/download-artifact@main
+      uses: actions/download-artifact@v4
       with:
         name: 'Artifact-A-${{ matrix.runs-on }}'
         path: some/new/path
@@ -118,7 +114,7 @@ jobs:
 
     # Download Artifact #2 and verify the correctness of the content
     - name: 'Download artifact #2'
-      uses: actions/download-artifact@main
+      uses: actions/download-artifact@v4
       with:
         name: 'Artifact-Wildcard-${{ matrix.runs-on }}'
         path: some/other/path
@@ -139,7 +135,7 @@ jobs:
 
     # Download Artifact #4 and verify the correctness of the content
     - name: 'Download artifact #4'
-      uses: actions/download-artifact@main
+      uses: actions/download-artifact@v4
       with:
         name: 'Multi-Path-Artifact-${{ matrix.runs-on }}'
         path: multi/artifact
@@ -159,7 +155,7 @@ jobs:
       shell: pwsh
 
     - name: 'Download symlinked artifact'
-      uses: actions/download-artifact@main
+      uses: actions/download-artifact@v4
       with:
         name: 'Symlinked-Artifact-${{ matrix.runs-on }}'
         path: from/symlink
@@ -200,7 +196,7 @@ jobs:
 
     # Download replaced Artifact #1 and verify the correctness of the content
     - name: 'Download artifact #1 again'
-      uses: actions/download-artifact@main
+      uses: actions/download-artifact@v4
       with:
         name: 'Artifact-A-${{ matrix.runs-on }}'
         path: overwrite/some/new/path
@@ -217,101 +213,6 @@ jobs:
             Write-Error "File contents of downloaded artifact are incorrect"
         }
       shell: pwsh
-
-    # Upload a single file without archiving (direct file upload)
-    - name: 'Create direct upload file'
-      run: echo -n 'direct file upload content' > direct-upload-${{ matrix.runs-on }}.txt
-      shell: bash
-
-    - name: 'Upload direct file artifact'
-      uses: ./
-      with:
-        name: 'Direct-File-${{ matrix.runs-on }}'
-        path: direct-upload-${{ matrix.runs-on }}.txt
-        archive: false
-
-    - name: 'Download direct file artifact'
-      uses: actions/download-artifact@main
-      with:
-        name: direct-upload-${{ matrix.runs-on }}.txt
-        path: direct-download
-
-    - name: 'Verify direct file artifact'
-      run: |
-        $file = "direct-download/direct-upload-${{ matrix.runs-on }}.txt"
-        if(!(Test-Path -path $file))
-        {
-            Write-Error "Expected file does not exist"
-        }
-        if(!((Get-Content $file -Raw).TrimEnd() -ceq "direct file upload content"))
-        {
-            Write-Error "File contents of downloaded artifact are incorrect"
-        }
-      shell: pwsh
-
-  upload-html-report:
-    name: Upload HTML Report
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-
-    - name: Setup Node 24
-      uses: actions/setup-node@v4
-      with:
-        node-version: 24.x
-        cache: 'npm'
-
-    - name: Install dependencies
-      run: npm ci
-
-    - name: Compile
-      run: npm run build
-
-    - name: Create HTML report
-      run: |
-        cat > report.html << 'EOF'
-        <!DOCTYPE html>
-        <html lang="en">
-        <head>
-          <meta charset="UTF-8">
-          <meta name="viewport" content="width=device-width, initial-scale=1.0">
-          <title>Artifact Upload Test Report</title>
-          <style>
-            body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Helvetica, Arial, sans-serif; max-width: 800px; margin: 40px auto; padding: 0 20px; color: #24292f; }
-            h1 { border-bottom: 1px solid #d0d7de; padding-bottom: 8px; }
-            .success { color: #1a7f37; }
-            .info { background: #ddf4ff; border: 1px solid #54aeff; border-radius: 6px; padding: 12px 16px; margin: 16px 0; }
-            table { border-collapse: collapse; width: 100%; margin: 16px 0; }
-            th, td { border: 1px solid #d0d7de; padding: 8px 12px; text-align: left; }
-            th { background: #f6f8fa; }
-          </style>
-        </head>
-        <body>
-          <h1>Artifact Upload Test Report</h1>
-          <div class="info">
-            <strong>This HTML file was uploaded as a single un-zipped artifact.</strong>
-            If you can see this in the browser, the feature is working correctly!
-          </div>
-          <table>
-            <tr><th>Property</th><th>Value</th></tr>
-            <tr><td>Upload method</td><td><code>archive: false</code></td></tr>
-            <tr><td>Content-Type</td><td><code>text/html</code></td></tr>
-            <tr><td>File</td><td><code>report.html</code></td></tr>
-          </table>
-          <p class="success">&#10004; Single file upload is working!</p>
-        </body>
-        </html>
-        EOF
-
-    - name: Upload HTML report (no archive)
-      uses: ./
-      with:
-        name: 'test-report'
-        path: report.html
-        archive: false
-
   merge:
     name: Merge
     needs: build
@@ -329,7 +230,7 @@ jobs:
         # easier to identify each of the merged artifacts
         separate-directories: true
     - name: 'Download merged artifacts'
-      uses: actions/download-artifact@main
+      uses: actions/download-artifact@v4
       with:
         name: merged-artifacts
         path: all-merged-artifacts
@@ -365,7 +266,7 @@ jobs:
 
     # Download merged artifacts and verify the correctness of the content
     - name: 'Download merged artifacts'
-      uses: actions/download-artifact@main
+      uses: actions/download-artifact@v4
       with:
         name: Merged-Artifact-As
         path: merged-artifact-a
@@ -389,40 +290,3 @@ jobs:
         }
       shell: pwsh
 
-  cleanup:
-    name: Cleanup Artifacts
-    needs: [build, merge]
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Delete test artifacts
-      uses: actions/github-script@v8
-      with:
-        script: |
-          const keep = ['report.html'];
-          const owner = context.repo.owner;
-          const repo = context.repo.repo;
-          const runId = context.runId;
-
-          const {data: {artifacts}} = await github.rest.actions.listWorkflowRunArtifacts({
-            owner,
-            repo,
-            run_id: runId
-          });
-
-          for (const a of artifacts) {
-            if (keep.includes(a.name)) {
-              console.log(`Keeping artifact '${a.name}'`);
-              continue;
-            }
-            try {
-              await github.rest.actions.deleteArtifact({
-                owner,
-                repo,
-                artifact_id: a.id
-              });
-              console.log(`Deleted artifact '${a.name}'`);
-            } catch (err) {
-              console.log(`Could not delete artifact '${a.name}': ${err.message}`);
-            }
-          }

.gitignore

@@ -1,4 +1,3 @@
 node_modules/
 lib/
 __tests__/_temp/
-.DS_Store

.licensed.yml

@@ -1,9 +1,6 @@
 sources:
   npm: true
 
-# Force UTF-8 encoding
-encoding: 'utf-8'
-
 allowed:
   - apache-2.0
   - bsd-2-clause
@@ -12,30 +9,7 @@ allowed:
   - mit
   - cc0-1.0
   - unlicense
-  - 0bsd
-  - blueoak-1.0.0
 
 reviewed:
   npm:
   - fs.realpath
-  - "@actions/http-client" # MIT
-  - "@bufbuild/protobuf" # Apache-2.0
-  - "@pkgjs/parseargs" # MIT
-  - "@protobuf-ts/runtime" # Apache-2.0
-  - argparse # Python-2.0
-  - buffers # MIT
-  - chainsaw # MIT
-  - color-convert # MIT
-  - ieee754 # BSD-3-Clause
-  - lodash # MIT
-  - mdurl # MIT
-  - neo-async # MIT
-  - package-json-from-dist # ISC
-  - readable-stream # MIT
-  - sax # ISC
-  - source-map # BSD-3-Clause
-  - string_decoder # MIT
-  - traverse # MIT
-  - tslib # 0BSD
-  - uglify-js # BSD-2-Clause
-  - wordwrap # MIT