Merge branch 'main' into refactor-timezone-utcoffset

kelektiv · Jan 12, 2025 · 995eef4 · 995eef4
2 parents 9537e29 + eefd476
commit 995eef4
Show file tree

Hide file tree

Showing 25 changed files with 6,951 additions and 3,799 deletions.
diff --git a/.eslintrc b/.eslintrc
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -7,7 +7,7 @@
 		":pinOnlyDevDependencies",
 		"npm:unpublishSafe",
 		"docker:pinDigests",
-		"helpers:pinGitHubActionDigests",
+		"helpers:pinGitHubActionDigestsToSemver",
 		"security:openssf-scorecard"
 	],
 	"ignorePresets": [
@@ -25,19 +25,42 @@
 	"osvVulnerabilityAlerts": true,
 	"packageRules": [
 		{
-			"matchPackagePatterns": ["*"],
-			"semanticCommitType": "chore"
+			"matchPackageNames": ["*"],
+			"semanticCommitType": "chore",
+			"semanticCommitScope": "deps",
+			"schedule": "* * 10,25 * *"
+		},
+		{
+			"matchDepTypes": ["devDependencies"],
+			"matchUpdateTypes": ["minor", "patch", "pin", "pinDigest"],
+			"automerge": true,
+			"automergeType": "branch"
+		},
+		{
+			"matchDepTypes": ["dependencies"],
+			"semanticCommitType": "build",
+			"semanticCommitScope": "deps",
+			"schedule": "at any time"
 		},
 		{
 			"matchDepTypes": ["dependencies"],
-			"semanticCommitType": "build"
+			"matchUpdateTypes": ["minor", "patch"],
+			"semanticCommitType": "build",
+			"automerge": true,
+			"automergeType": "branch"
+		},
+		{
+			"matchManagers": ["github-actions"],
+			"semanticCommitType": "chore",
+			"semanticCommitScope": "action",
+			"schedule": "* * 10,25 * *"
 		},
 		{
-			"matchDepTypes": ["action"],
-			"semanticCommitType": "ci",
-			"semanticCommitScope": "action"
+			"matchManagers": ["github-actions"],
+			"matchUpdateTypes": ["minor", "patch", "pin", "pinDigest"],
+			"automerge": true,
+			"automergeType": "branch"
 		},
-
 		{
 			"extends": ["monorepo:semantic-release"],
 			"groupName": "semantic-release related packages",
@@ -49,14 +72,13 @@
 			"matchUpdateTypes": ["digest", "patch", "minor", "major"]
 		},
 		{
-			"matchPackagePatterns": [
-				"@insurgent/conventional-changelog-preset",
-				"@insurgent/commitlint-config"
-			],
 			"groupName": "semantic-release related packages",
-			"matchUpdateTypes": ["digest", "patch", "minor", "major"]
+			"matchUpdateTypes": ["digest", "patch", "minor", "major"],
+			"matchPackageNames": [
+				"/@insurgent/conventional-changelog-preset/",
+				"/@insurgent/commitlint-config/"
+			]
 		},
-
 		{
 			"extends": ["packages:linters"],
 			"groupName": "linters",
@@ -67,7 +89,6 @@
 			"groupName": "tests",
 			"addLabels": ["tests"]
 		},
-
 		{
 			"matchDepTypes": ["devDependencies"],
 			"matchUpdateTypes": ["minor", "patch"],

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -30,16 +30,16 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -49,7 +49,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -62,6 +62,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           category: '/language:${{matrix.language}}'
diff --git a/.github/workflows/lint_pr_title.yml b/.github/workflows/lint_pr_title.yml
@@ -16,16 +16,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
-      - uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5
+      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
         id: lint_pr_title
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          HUSKY: 0
 
-      - uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2
+      - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
         # When the previous steps fails, the workflow would stop. By adding this
         # condition you can continue the execution with the populated error message.
         if: always() && (steps.lint_pr_title.outputs.error_message != null)
@@ -44,7 +45,7 @@ jobs:
 
       # Delete a previous comment when the issue has been resolved
       - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
-        uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2
+        uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
         with:
           header: pr-title-lint-error
           delete: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,17 +18,17 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 
       - name: Use Node.js LTS
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: 'lts/*'
           cache: npm
@@ -47,3 +47,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          HUSKY: 0
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -31,17 +31,17 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: 'Checkout code'
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 
       - name: 'Run analysis'
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -63,14 +63,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: 'Upload artifact'
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -19,7 +19,7 @@ jobs:
   prevent-duplicate-checks:
     runs-on: ubuntu-latest
     steps:
-      - uses: insurgent-lab/is-in-pr-action@3e01b38aa0d2a0e51bbc84540300303ec850e80d # v0.1.5
+      - uses: insurgent-lab/is-in-pr-action@129df59687402c4a9c81a9a9e88d7448cdbba541 # v0.2.0
         id: isInPR
     outputs:
       should-run: ${{ !(steps.isInPR.outputs.result == 'true' && startsWith(github.ref, 'refs/heads/renovate/')) }}
@@ -28,7 +28,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
-        node: [16, 18, 20]
+        node: [16, 18, 20, 22]
 
     runs-on: ${{ matrix.os }}
     timeout-minutes: 5
@@ -38,15 +38,15 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Use Node.js ${{ matrix.node }}
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: ${{ matrix.node }}
           cache: 'npm'

diff --git a/.gitignore b/.gitignore
@@ -128,3 +128,6 @@ dist
 .yarn/build-state.yml
 .yarn/install-state.gz
 .pnp.*
+
+# husky local debugging helper scripts
+.husky/_
diff --git a/.husky/commit-msg b/.husky/commit-msg
@@ -1,11 +1,4 @@
-#!/usr/bin/env sh
-
-# https://typicode.github.io/husky/guide.html#disable-husky-in-ci-docker-prod
-[ -n "$CI" ] && exit 0
-
 # only run commitlint on main (for admins pushing directly to branch)
 [ "$(git rev-parse --abbrev-ref HEAD)" != "main" ] && exit 0
 
-. "$(dirname -- "$0")/_/husky.sh"
-
 npx --no -- commitlint --edit ${1}
diff --git a/.husky/pre-commit b/.husky/pre-commit
@@ -0,0 +1 @@
+npx lint-staged
diff --git a/.nvmrc b/.nvmrc
@@ -0,0 +1 @@
+stable
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -7,7 +7,7 @@
 			"name": "Jest Debug",
 			"env": { "NODE_ENV": "test" },
 			"program": "${workspaceFolder}/node_modules/.bin/jest",
-			"args": [],
+			"args": ["--runInBand"],
 			"console": "integratedTerminal",
 			"windows": {
 				"program": "${workspaceFolder}/node_modules/jest/bin/jest"