fix: update label from "dependency" to "dependencies" to be consistent with dependabot

.github/workflows/close-bugs-bot.yml

@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v10
+      - uses: actions/stale@v9
         with:
           close-issue-message: "This issue does not seem to be a problem with the runner application, it concerns the GitHub actions platform more generally. Could you please post your feedback on the [GitHub Community Support Forum](https://github.com/orgs/community/discussions/categories/actions) which is actively monitored. Using the forum ensures that we route your problem to the correct team. 😃"
           exempt-issue-labels: "keep"

.github/workflows/close-features-bot.yml

@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v10
+      - uses: actions/stale@v9
         with:
           close-issue-message: "Thank you for your interest in the runner application and taking the time to provide your valuable feedback. We kindly ask you to redirect this feedback to the [GitHub Community Support Forum](https://github.com/orgs/community/discussions/categories/actions-and-packages) which our team actively monitors and would be a better place to start a discussion for new feature requests in GitHub Actions. For more information on this policy please [read our contribution guidelines](https://github.com/actions/runner#contribute). 😃"
           exempt-issue-labels: "keep"

.github/workflows/dependency-check.yml

@@ -1,211 +0,0 @@
-name: Dependency Status Check
-
-on:
-  workflow_dispatch:
-    inputs:
-      check_type:
-        description: "Type of dependency check"
-        required: false
-        default: "all"
-        type: choice
-        options:
-          - all
-          - node
-          - dotnet
-          - docker
-          - npm
-  schedule:
-    - cron: "0 11 * * 1" # Weekly on Monday at 11 AM
-
-jobs:
-  dependency-status:
-    runs-on: ubuntu-latest
-    outputs:
-      node20-status: ${{ steps.check-versions.outputs.node20-status }}
-      node24-status: ${{ steps.check-versions.outputs.node24-status }}
-      dotnet-status: ${{ steps.check-versions.outputs.dotnet-status }}
-      docker-status: ${{ steps.check-versions.outputs.docker-status }}
-      buildx-status: ${{ steps.check-versions.outputs.buildx-status }}
-      npm-vulnerabilities: ${{ steps.check-versions.outputs.npm-vulnerabilities }}
-      open-dependency-prs: ${{ steps.check-prs.outputs.open-dependency-prs }}
-    steps:
-      - uses: actions/checkout@v5
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "20"
-
-      - name: Check dependency versions
-        id: check-versions
-        run: |
-          echo "## Dependency Status Report" >> $GITHUB_STEP_SUMMARY
-          echo "Generated on: $(date)" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # Check Node versions
-          if [[ "${{ github.event.inputs.check_type }}" == "all" || "${{ github.event.inputs.check_type }}" == "node" ]]; then
-            echo "### Node.js Versions" >> $GITHUB_STEP_SUMMARY
-            
-            VERSIONS_JSON=$(curl -s https://raw.githubusercontent.com/actions/node-versions/main/versions-manifest.json)
-            LATEST_NODE20=$(echo "$VERSIONS_JSON" | jq -r '.[] | select(.version | startswith("20.")) | .version' | head -1)
-            LATEST_NODE24=$(echo "$VERSIONS_JSON" | jq -r '.[] | select(.version | startswith("24.")) | .version' | head -1)
-            
-            CURRENT_NODE20=$(grep "NODE20_VERSION=" src/Misc/externals.sh | cut -d'"' -f2)
-            CURRENT_NODE24=$(grep "NODE24_VERSION=" src/Misc/externals.sh | cut -d'"' -f2)
-            
-            NODE20_STATUS="✅ up-to-date"
-            NODE24_STATUS="✅ up-to-date"
-            
-            if [ "$CURRENT_NODE20" != "$LATEST_NODE20" ]; then
-              NODE20_STATUS="⚠️ outdated"
-            fi
-            
-            if [ "$CURRENT_NODE24" != "$LATEST_NODE24" ]; then
-              NODE24_STATUS="⚠️ outdated"
-            fi
-            
-            echo "| Version | Current | Latest | Status |" >> $GITHUB_STEP_SUMMARY
-            echo "|---------|---------|--------|--------|" >> $GITHUB_STEP_SUMMARY
-            echo "| Node 20 | $CURRENT_NODE20 | $LATEST_NODE20 | $NODE20_STATUS |" >> $GITHUB_STEP_SUMMARY
-            echo "| Node 24 | $CURRENT_NODE24 | $LATEST_NODE24 | $NODE24_STATUS |" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            
-            echo "node20-status=$NODE20_STATUS" >> $GITHUB_OUTPUT
-            echo "node24-status=$NODE24_STATUS" >> $GITHUB_OUTPUT
-          fi
-
-          # Check .NET version
-          if [[ "${{ github.event.inputs.check_type }}" == "all" || "${{ github.event.inputs.check_type }}" == "dotnet" ]]; then
-            echo "### .NET SDK Version" >> $GITHUB_STEP_SUMMARY
-            
-            current_dotnet_version=$(jq -r .sdk.version ./src/global.json)
-            current_major_minor=$(echo "$current_dotnet_version" | cut -d '.' -f 1,2)
-            latest_dotnet_version=$(curl -sb -H "Accept: application/json" "https://dotnetcli.blob.core.windows.net/dotnet/Sdk/$current_major_minor/latest.version")
-            
-            DOTNET_STATUS="✅ up-to-date"
-            if [ "$current_dotnet_version" != "$latest_dotnet_version" ]; then
-              DOTNET_STATUS="⚠️ outdated"
-            fi
-            
-            echo "| Component | Current | Latest | Status |" >> $GITHUB_STEP_SUMMARY
-            echo "|-----------|---------|--------|--------|" >> $GITHUB_STEP_SUMMARY
-            echo "| .NET SDK | $current_dotnet_version | $latest_dotnet_version | $DOTNET_STATUS |" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            
-            echo "dotnet-status=$DOTNET_STATUS" >> $GITHUB_OUTPUT
-          fi
-
-          # Check Docker versions
-          if [[ "${{ github.event.inputs.check_type }}" == "all" || "${{ github.event.inputs.check_type }}" == "docker" ]]; then
-            echo "### Docker Versions" >> $GITHUB_STEP_SUMMARY
-            
-            current_docker=$(grep "ARG DOCKER_VERSION=" ./images/Dockerfile | cut -d'=' -f2)
-            current_buildx=$(grep "ARG BUILDX_VERSION=" ./images/Dockerfile | cut -d'=' -f2)
-            
-            latest_docker=$(curl -s https://download.docker.com/linux/static/stable/x86_64/ | grep -o 'docker-[0-9]*\.[0-9]*\.[0-9]*\.tgz' | sort -V | tail -n 1 | sed 's/docker-\(.*\)\.tgz/\1/')
-            latest_buildx=$(curl -s https://api.github.com/repos/docker/buildx/releases/latest | jq -r '.tag_name' | sed 's/^v//')
-            
-            DOCKER_STATUS="✅ up-to-date"
-            BUILDX_STATUS="✅ up-to-date"
-            
-            if [ "$current_docker" != "$latest_docker" ]; then
-              DOCKER_STATUS="⚠️ outdated"
-            fi
-            
-            if [ "$current_buildx" != "$latest_buildx" ]; then
-              BUILDX_STATUS="⚠️ outdated"
-            fi
-            
-            echo "| Component | Current | Latest | Status |" >> $GITHUB_STEP_SUMMARY
-            echo "|-----------|---------|--------|--------|" >> $GITHUB_STEP_SUMMARY
-            echo "| Docker | $current_docker | $latest_docker | $DOCKER_STATUS |" >> $GITHUB_STEP_SUMMARY
-            echo "| Docker Buildx | $current_buildx | $latest_buildx | $BUILDX_STATUS |" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            
-            echo "docker-status=$DOCKER_STATUS" >> $GITHUB_OUTPUT
-            echo "buildx-status=$BUILDX_STATUS" >> $GITHUB_OUTPUT
-          fi
-
-          # Check npm vulnerabilities
-          if [[ "${{ github.event.inputs.check_type }}" == "all" || "${{ github.event.inputs.check_type }}" == "npm" ]]; then
-            echo "### NPM Security Audit" >> $GITHUB_STEP_SUMMARY
-            
-            cd src/Misc/expressionFunc/hashFiles
-            npm install --silent
-            
-            AUDIT_OUTPUT=""
-            AUDIT_EXIT_CODE=0
-            # Run npm audit and capture output and exit code
-            if ! AUDIT_OUTPUT=$(npm audit --json 2>&1); then
-              AUDIT_EXIT_CODE=$?
-            fi
-            
-            # Check if output is valid JSON
-            if echo "$AUDIT_OUTPUT" | jq . >/dev/null 2>&1; then
-              VULN_COUNT=$(echo "$AUDIT_OUTPUT" | jq '.metadata.vulnerabilities.total // 0')
-              # Ensure VULN_COUNT is a number
-              VULN_COUNT=$(echo "$VULN_COUNT" | grep -o '[0-9]*' | head -1)
-              VULN_COUNT=${VULN_COUNT:-0}
-              
-              NPM_STATUS="✅ no vulnerabilities"
-              if [ "$VULN_COUNT" -gt 0 ] 2>/dev/null; then
-                NPM_STATUS="⚠️ $VULN_COUNT vulnerabilities found"
-                
-                # Get vulnerability details
-                HIGH_VULNS=$(echo "$AUDIT_OUTPUT" | jq '.metadata.vulnerabilities.high // 0')
-                CRITICAL_VULNS=$(echo "$AUDIT_OUTPUT" | jq '.metadata.vulnerabilities.critical // 0')
-                
-                echo "| Severity | Count |" >> $GITHUB_STEP_SUMMARY
-                echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
-                echo "| Critical | $CRITICAL_VULNS |" >> $GITHUB_STEP_SUMMARY
-                echo "| High | $HIGH_VULNS |" >> $GITHUB_STEP_SUMMARY
-                echo "" >> $GITHUB_STEP_SUMMARY
-              else
-                echo "No npm vulnerabilities found ✅" >> $GITHUB_STEP_SUMMARY
-                echo "" >> $GITHUB_STEP_SUMMARY
-              fi
-            else
-              NPM_STATUS="❌ npm audit failed"
-              echo "npm audit failed to run or returned invalid JSON ❌" >> $GITHUB_STEP_SUMMARY
-              echo "Exit code: $AUDIT_EXIT_CODE" >> $GITHUB_STEP_SUMMARY
-              echo "Output: $AUDIT_OUTPUT" >> $GITHUB_STEP_SUMMARY
-              echo "" >> $GITHUB_STEP_SUMMARY
-            fi
-            
-            echo "npm-vulnerabilities=$NPM_STATUS" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Check for open dependency PRs
-        id: check-prs
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          echo "### Open Dependency PRs" >> $GITHUB_STEP_SUMMARY
-
-          # Get open PRs with dependency label
-          OPEN_PRS=$(gh pr list --label "dependencies" --state open --json number,title,url)
-          PR_COUNT=$(echo "$OPEN_PRS" | jq '. | length')
-
-          if [ "$PR_COUNT" -gt 0 ]; then
-            echo "Found $PR_COUNT open dependency PR(s):" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "$OPEN_PRS" | jq -r '.[] | "- [#\(.number)](\(.url)) \(.title)"' >> $GITHUB_STEP_SUMMARY
-          else
-            echo "No open dependency PRs found ✅" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "open-dependency-prs=$PR_COUNT" >> $GITHUB_OUTPUT
-
-      - name: Summary
-        run: |
-          echo "### Summary" >> $GITHUB_STEP_SUMMARY
-          echo "- Check for open PRs with the \`dependency\` label before releases" >> $GITHUB_STEP_SUMMARY
-          echo "- Review and merge dependency updates regularly" >> $GITHUB_STEP_SUMMARY
-          echo "- Critical vulnerabilities should be addressed immediately" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "**Automated workflows run weekly to check for updates:**" >> $GITHUB_STEP_SUMMARY
-          echo "- Node.js versions (Mondays at 6 AM)" >> $GITHUB_STEP_SUMMARY
-          echo "- NPM audit fix (Mondays at 7 AM)" >> $GITHUB_STEP_SUMMARY
-          echo "- .NET SDK updates (Mondays at midnight)" >> $GITHUB_STEP_SUMMARY
-          echo "- Docker/Buildx updates (Mondays at midnight)" >> $GITHUB_STEP_SUMMARY

.github/workflows/docker-buildx-upgrade.yml

@@ -2,7 +2,7 @@ name: "Docker/Buildx Version Upgrade"
 
 on:
   schedule:
-    - cron: "0 0 * * 1" # Run every Monday at midnight
+    - cron: "0 9 * * 1" # Weekly on Monday at 9 AM UTC (independent of other dependencies)
   workflow_dispatch: # Allow manual triggering
 
 jobs:
@@ -160,7 +160,4 @@ jobs:
           gh pr create -B main -H "$branch_name" \
             --title "$pr_title" \
             --label "dependencies" \
-            --label "dependencies-weekly-check" \
-            --label "dependencies-not-dependabot" \
-            --label "docker" \
             --body-file pr_body.txt

.github/workflows/dotnet-upgrade.yml

@@ -96,7 +96,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          gh pr create -B main -H feature/dotnetsdk-upgrade/${{ needs.dotnet-update.outputs.DOTNET_LATEST_MAJOR_MINOR_PATCH_VERSION }} --title "Update dotnet sdk to latest version @${{ needs.dotnet-update.outputs.DOTNET_LATEST_MAJOR_MINOR_PATCH_VERSION }}" --label "dependencies" --label "dependencies-weekly-check" --label "dependencies-not-dependabot" --label "dotnet" --body "
+          gh pr create -B main -H feature/dotnetsdk-upgrade/${{ needs.dotnet-update.outputs.DOTNET_LATEST_MAJOR_MINOR_PATCH_VERSION }} --title "Update dotnet sdk to latest version @${{ needs.dotnet-update.outputs.DOTNET_LATEST_MAJOR_MINOR_PATCH_VERSION }}" --label "dependencies" --body "
             https://dotnetcli.blob.core.windows.net/dotnet/Sdk/${{ needs.dotnet-update.outputs.DOTNET_CURRENT_MAJOR_MINOR_VERSION }}/latest.version
             
               

.github/workflows/node-upgrade.yml

@@ -32,47 +32,20 @@ jobs:
           echo "Verifying availability in alpine_nodejs..."
           ALPINE_RELEASES=$(curl -s https://api.github.com/repos/actions/alpine_nodejs/releases | jq -r '.[].tag_name')
 
-          if ! echo "$ALPINE_RELEASES" | grep -q "^v$LATEST_NODE20$"; then
+          if ! echo "$ALPINE_RELEASES" | grep -q "^node20-$LATEST_NODE20$"; then
             echo "::warning title=Node 20 Fallback::Node 20 version $LATEST_NODE20 not found in alpine_nodejs releases, using fallback"
             # Fall back to latest available alpine_nodejs v20 release
-            LATEST_NODE20=$(echo "$ALPINE_RELEASES" | grep "^v20\." | head -1 | sed 's/^v//')
+            LATEST_NODE20=$(echo "$ALPINE_RELEASES" | grep "^node20-" | head -1 | sed 's/^node20-//')
             echo "Using latest available alpine_nodejs Node 20: $LATEST_NODE20"
           fi
 
-          if ! echo "$ALPINE_RELEASES" | grep -q "^v$LATEST_NODE24$"; then
+          if ! echo "$ALPINE_RELEASES" | grep -q "^node24-$LATEST_NODE24$"; then
             echo "::warning title=Node 24 Fallback::Node 24 version $LATEST_NODE24 not found in alpine_nodejs releases, using fallback"
             # Fall back to latest available alpine_nodejs v24 release
-            LATEST_NODE24=$(echo "$ALPINE_RELEASES" | grep "^v24\." | head -1 | sed 's/^v//')
+            LATEST_NODE24=$(echo "$ALPINE_RELEASES" | grep "^node24-" | head -1 | sed 's/^node24-//')
             echo "Using latest available alpine_nodejs Node 24: $LATEST_NODE24"
           fi
 
-          # Validate that we have non-empty version numbers
-          if [ -z "$LATEST_NODE20" ] || [ "$LATEST_NODE20" = "" ]; then
-            echo "::error title=Invalid Node 20 Version::Failed to determine valid Node 20 version. Got: '$LATEST_NODE20'"
-            echo "Available alpine_nodejs releases:"
-            echo "$ALPINE_RELEASES" | head -10
-            exit 1
-          fi
-
-          if [ -z "$LATEST_NODE24" ] || [ "$LATEST_NODE24" = "" ]; then
-            echo "::error title=Invalid Node 24 Version::Failed to determine valid Node 24 version. Got: '$LATEST_NODE24'"
-            echo "Available alpine_nodejs releases:"
-            echo "$ALPINE_RELEASES" | head -10
-            exit 1
-          fi
-
-          # Additional validation: ensure versions match expected format (x.y.z)
-          if ! echo "$LATEST_NODE20" | grep -E '^[0-9]+\.[0-9]+\.[0-9]+$'; then
-            echo "::error title=Invalid Node 20 Format::Node 20 version '$LATEST_NODE20' does not match expected format (x.y.z)"
-            exit 1
-          fi
-
-          if ! echo "$LATEST_NODE24" | grep -E '^[0-9]+\.[0-9]+\.[0-9]+$'; then
-            echo "::error title=Invalid Node 24 Format::Node 24 version '$LATEST_NODE24' does not match expected format (x.y.z)"
-            exit 1
-          fi
-
-          echo "✅ Validated Node versions: 20=$LATEST_NODE20, 24=$LATEST_NODE24"
           echo "latest_node20=$LATEST_NODE20" >> $GITHUB_OUTPUT
           echo "latest_node24=$LATEST_NODE24" >> $GITHUB_OUTPUT
 
@@ -109,50 +82,13 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          # Final validation before making changes
-          NODE20_VERSION="${{ steps.node-versions.outputs.latest_node20 }}"
-          NODE24_VERSION="${{ steps.node-versions.outputs.latest_node24 }}"
-          
-          echo "Final validation of versions before PR creation:"
-          echo "Node 20: '$NODE20_VERSION'"
-          echo "Node 24: '$NODE24_VERSION'"
-          
-          # Validate versions are not empty and match expected format
-          if [ -z "$NODE20_VERSION" ] || ! echo "$NODE20_VERSION" | grep -E '^[0-9]+\.[0-9]+\.[0-9]+$'; then
-            echo "::error title=Invalid Node 20 Version::Refusing to create PR with invalid Node 20 version: '$NODE20_VERSION'"
-            exit 1
-          fi
-          
-          if [ -z "$NODE24_VERSION" ] || ! echo "$NODE24_VERSION" | grep -E '^[0-9]+\.[0-9]+\.[0-9]+$'; then
-            echo "::error title=Invalid Node 24 Version::Refusing to create PR with invalid Node 24 version: '$NODE24_VERSION'"
-            exit 1
-          fi
-          
-          echo "✅ All versions validated successfully"
-
           # Update the files
           if [ "${{ steps.node-versions.outputs.needs_update20 }}" == "true" ]; then
-            sed -i 's/NODE20_VERSION="[^"]*"/NODE20_VERSION="'"$NODE20_VERSION"'"/' src/Misc/externals.sh
+            sed -i 's/NODE20_VERSION="[^"]*"/NODE20_VERSION="${{ steps.node-versions.outputs.latest_node20 }}"/' src/Misc/externals.sh
           fi
 
           if [ "${{ steps.node-versions.outputs.needs_update24 }}" == "true" ]; then
-            sed -i 's/NODE24_VERSION="[^"]*"/NODE24_VERSION="'"$NODE24_VERSION"'"/' src/Misc/externals.sh
-          fi
-
-          # Verify the changes were applied correctly
-          echo "Verifying changes in externals.sh:"
-          grep "NODE20_VERSION=" src/Misc/externals.sh
-          grep "NODE24_VERSION=" src/Misc/externals.sh
-          
-          # Ensure we actually have valid versions in the file
-          UPDATED_NODE20=$(grep "NODE20_VERSION=" src/Misc/externals.sh | cut -d'"' -f2)
-          UPDATED_NODE24=$(grep "NODE24_VERSION=" src/Misc/externals.sh | cut -d'"' -f2)
-          
-          if [ -z "$UPDATED_NODE20" ] || [ -z "$UPDATED_NODE24" ]; then
-            echo "::error title=Update Failed::Failed to properly update externals.sh"
-            echo "Updated Node 20: '$UPDATED_NODE20'"
-            echo "Updated Node 24: '$UPDATED_NODE24'"
-            exit 1
+            sed -i 's/NODE24_VERSION="[^"]*"/NODE24_VERSION="${{ steps.node-versions.outputs.latest_node24 }}"/' src/Misc/externals.sh
           fi
 
           # Configure git
@@ -162,15 +98,15 @@ jobs:
           # Create branch and commit changes
           branch_name="chore/update-node"
           git checkout -b "$branch_name"
-          git commit -a -m "chore: update Node versions (20: $NODE20_VERSION, 24: $NODE24_VERSION)"
+          git commit -a -m "chore: update Node versions (20: ${{ steps.node-versions.outputs.latest_node20 }}, 24: ${{ steps.node-versions.outputs.latest_node24 }})"
           git push --force origin "$branch_name"
 
           # Create PR body using here-doc for proper formatting
-          cat > pr_body.txt << EOF
+          cat > pr_body.txt << 'EOF'
           Automated Node.js version update:
 
-          - Node 20: ${{ steps.node-versions.outputs.current_node20 }} → $NODE20_VERSION
-          - Node 24: ${{ steps.node-versions.outputs.current_node24 }} → $NODE24_VERSION
+          - Node 20: ${{ steps.node-versions.outputs.current_node20 }} → ${{ steps.node-versions.outputs.latest_node20 }}
+          - Node 24: ${{ steps.node-versions.outputs.current_node24 }} → ${{ steps.node-versions.outputs.latest_node24 }}
 
           This update ensures we're using the latest stable Node.js versions for security and performance improvements.
 
@@ -185,10 +121,6 @@ jobs:
           gh pr create -B main -H "$branch_name" \
             --title "chore: update Node versions" \
             --label "dependencies" \
-            --label "dependencies-weekly-check" \
-            --label "dependencies-not-dependabot" \
-            --label "node" \
-            --label "javascript" \
             --body-file pr_body.txt
 
           echo "::notice title=PR Created::Successfully created Node.js version update PR on branch $branch_name"

.github/workflows/npm-audit-typescript.yml

@@ -220,9 +220,9 @@ jobs:
             fi
             
             # Create PR with appropriate labels
-            labels="dependencies,dependencies-not-dependabot,typescript,npm,security"
+            labels="dependency,typescript"
             if [[ "$build_status" == *"fails"* ]]; then
-              labels="dependencies,dependencies-not-dependabot,typescript,npm,security,needs-manual-review"
+              labels="dependency,typescript,needs-manual-review"
             fi
             
             # Create PR

.github/workflows/npm-audit.yml

@@ -126,11 +126,6 @@ jobs:
             gh pr create -B main -H "$branch_name" \
               --title "chore: npm audit fix for hashFiles dependencies" \
               --label "dependencies" \
-              --label "dependencies-weekly-check" \
-              --label "dependencies-not-dependabot" \
-              --label "npm" \
-              --label "typescript" \
-              --label "security" \
               --body-file pr_body.txt
           else
             echo "✅ No changes to commit - npm audit fix did not modify any files"

.github/workflows/release.yml

@@ -16,7 +16,7 @@ jobs:
     # Make sure ./releaseVersion match ./src/runnerversion
     # Query GitHub release ensure version is not used
     - name: Check version
-      uses: actions/github-script@v8.0.0
+      uses: actions/github-script@v7.0.1
       with:
         github-token: ${{secrets.GITHUB_TOKEN}}
         script: |
@@ -171,7 +171,7 @@ jobs:
     # Create ReleaseNote file
     - name: Create ReleaseNote
       id: releaseNote
-      uses: actions/github-script@v8.0.0
+      uses: actions/github-script@v7.0.1
       with:
         github-token: ${{secrets.GITHUB_TOKEN}}
         script: |
@@ -300,7 +300,7 @@ jobs:
 
       - name: Compute image version
         id: image
-        uses: actions/github-script@v8.0.0
+        uses: actions/github-script@v7.0.1
         with:
           script: |
             const fs = require('fs');

.github/workflows/stale-bot.yml

@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v10
+      - uses: actions/stale@v9
         with:
           stale-issue-message: "This issue is stale because it has been open 365 days with no activity. Remove stale label or comment or this will be closed in 15 days."
           close-issue-message: "This issue was closed because it has been stalled for 15 days with no activity."

docs/dependency-management.md

@@ -1,217 +0,0 @@
-# Runner Dependency Management Process
-
-## Overview
-
-This document outlines the automated dependency management process for the GitHub Actions Runner, designed to ensure we maintain up-to-date and secure dependencies while providing predictable release cycles.
-
-## Release Schedule
-
-- **Monthly Runner Releases**: New runner versions are released monthly
-- **Weekly Dependency Checks**: Automated workflows check for dependency updates every Monday
-- **Security Patches**: Critical security vulnerabilities are addressed immediately outside the regular schedule
-
-## Automated Workflows
-
-**Note**: These workflows are implemented across separate PRs for easier review and independent deployment. Each workflow includes comprehensive error handling and security-focused vulnerability detection.
-
-### 1. Foundation Labels
-
-- **Workflow**: `.github/workflows/setup-labels.yml` (PR #4024)
-- **Purpose**: Creates consistent dependency labels for all automation workflows
-- **Labels**: `dependencies`, `security`, `typescript`, `needs-manual-review`
-- **Prerequisite**: Must be merged before other workflows for proper labeling
-
-### 2. Node.js Version Updates
-
-- **Workflow**: `.github/workflows/node-upgrade.yml`
-- **Schedule**: Mondays at 6:00 AM UTC
-- **Purpose**: Updates Node.js 20 and 24 versions in `src/Misc/externals.sh`
-- **Source**: [nodejs.org](https://nodejs.org) and [actions/alpine_nodejs](https://github.com/actions/alpine_nodejs)
-- **Priority**: First (NPM depends on current Node.js versions)
-
-### 3. NPM Security Audit
-
-- **Primary Workflow**: `.github/workflows/npm-audit.yml` ("NPM Audit Fix")
-  - **Schedule**: Mondays at 7:00 AM UTC
-  - **Purpose**: Automated security vulnerability detection and basic fixes
-  - **Location**: `src/Misc/expressionFunc/hashFiles/`
-  - **Features**: npm audit, security patch application, PR creation
-  - **Dependency**: Runs after Node.js updates for optimal compatibility
-
-- **Fallback Workflow**: `.github/workflows/npm-audit-typescript.yml` ("NPM Audit Fix with TypeScript Auto-Fix")
-  - **Trigger**: Manual dispatch only
-  - **Purpose**: Manual security audit with TypeScript compatibility fixes
-  - **Use Case**: When scheduled workflow fails or needs custom intervention
-  - **Features**: Enhanced TypeScript auto-repair, graduated security response
-  - **How to Use**:
-    1. If the scheduled "NPM Audit Fix" workflow fails, go to Actions tab
-    2. Select "NPM Audit Fix with TypeScript Auto-Fix" workflow
-    3. Click "Run workflow" and optionally specify fix level (auto/manual)
-    4. Review the generated PR for TypeScript compatibility issues
-
-### 4. .NET SDK Updates
-
-- **Workflow**: `.github/workflows/dotnet-upgrade.yml`
-- **Schedule**: Mondays at midnight UTC
-- **Purpose**: Updates .NET SDK and package versions with build validation
-- **Features**: Global.json updates, NuGet package management, compatibility checking
-- **Independence**: Runs independently of Node.js/NPM updates
-
-### 5. Docker/Buildx Updates
-
-- **Workflow**: `.github/workflows/docker-buildx-upgrade.yml` ("Docker/Buildx Version Upgrade")
-- **Schedule**: Mondays at midnight UTC
-- **Purpose**: Updates Docker and Docker Buildx versions with multi-platform validation
-- **Features**: Container security scanning, multi-architecture build testing
-- **Independence**: Runs independently of other dependency updates
-
-### 6. Dependency Monitoring
-
-- **Workflow**: `.github/workflows/dependency-check.yml` ("Dependency Status Check")
-- **Schedule**: Mondays at 11:00 AM UTC
-- **Purpose**: Comprehensive status report of all dependencies with security audit
-- **Features**: Multi-dependency checking, npm audit status, build validation, choice of specific component checks
-- **Summary**: Runs last to capture results from all morning dependency updates
-
-## Release Process Integration
-
-### Pre-Release Checklist
-
-Before each monthly runner release:
-
-1. **Check Dependency PRs**:
-
-   ```bash
-   # List all open dependency PRs
-   gh pr list --label "dependencies" --state open
-   
-   # List only automated weekly dependency updates
-   gh pr list --label "dependencies-weekly-check" --state open
-   
-   # List only custom dependency automation (not dependabot)
-   gh pr list --label "dependencies-not-dependabot" --state open
-   ```
-
-2. **Run Manual Dependency Check**:
-   - Go to Actions tab → "Dependency Status Check" → "Run workflow"
-   - Review the summary for any outdated dependencies
-
-3. **Review and Merge Updates**:
-   - Prioritize security-related updates
-   - Test dependency updates in development environment
-   - Merge approved dependency PRs
-
-### Vulnerability Response
-
-#### Critical Security Vulnerabilities
-
-- **Response Time**: Within 24 hours
-- **Process**:
-  1. Assess impact on runner security
-  2. Create hotfix branch if runner data security is affected
-  3. Expedite patch release if necessary
-  4. Document in security advisory if applicable
-
-#### Non-Critical Vulnerabilities
-
-- **Response Time**: Next monthly release
-- **Process**:
-  1. Evaluate if vulnerability affects runner functionality
-  2. Include fix in regular dependency update cycle
-  3. Document in release notes
-
-## Monitoring and Alerts
-
-### GitHub Actions Workflow Status
-
-- All dependency workflows create PRs with the `dependencies` label
-- Failed workflows should be investigated immediately
-- Weekly dependency status reports are generated automatically
-
-### Manual Checks
-
-You can manually trigger dependency checks:
-
-- **Full Status**: Run "Dependency Status Check" workflow
-- **Specific Component**: Use the dropdown to check individual dependencies
-
-## Dependency Labels
-
-All automated dependency PRs are tagged with labels for easy filtering and management:
-
-### Primary Labels
-
-- **`dependencies`**: All automated dependency-related PRs
-- **`dependencies-weekly-check`**: Automated weekly dependency updates from scheduled workflows
-- **`dependencies-not-dependabot`**: Custom dependency automation (not created by dependabot)
-- **`security`**: Security vulnerability fixes and patches  
-- **`typescript`**: TypeScript compatibility and type definition updates
-- **`needs-manual-review`**: Complex updates requiring human verification
-
-### Technology-Specific Labels
-
-- **`node`**: Node.js version updates
-- **`javascript`**: JavaScript runtime and tooling updates
-- **`npm`**: NPM package and security updates
-- **`dotnet`**: .NET SDK and NuGet package updates
-- **`docker`**: Docker and container tooling updates
-
-### Workflow-Specific Branches
-
-- **Node.js updates**: `chore/update-node` branch
-- **NPM security fixes**: `chore/npm-audit-fix-YYYYMMDD` and `chore/npm-audit-fix-with-ts-repair` branches
-- **NuGet/.NET updates**: `feature/dotnetsdk-upgrade/{version}` branches
-- **Docker updates**: `feature/docker-buildx-upgrade` branch
-
-## Special Considerations
-
-### Node.js Updates
-
-When updating Node.js versions, remember to:
-
-1. Create a corresponding release in [actions/alpine_nodejs](https://github.com/actions/alpine_nodejs)
-2. Follow the alpine_nodejs getting started guide
-3. Test container builds with new Node versions
-
-### .NET SDK Updates
-
-- Only patch versions are auto-updated within the same major.minor version
-- Major/minor version updates require manual review and testing
-
-### Docker Updates
-
-- Updates include both Docker Engine and Docker Buildx
-- Verify compatibility with runner container workflows
-
-## Troubleshooting
-
-### Common Issues
-
-1. **NPM Audit Workflow Fails**:
-   - Check if `package.json` exists in `src/Misc/expressionFunc/hashFiles/`
-   - Verify Node.js setup step succeeded
-
-2. **Version Detection Fails**:
-   - Check if upstream APIs are available
-   - Verify parsing logic for version extraction
-
-3. **PR Creation Fails**:
-   - Ensure `GITHUB_TOKEN` has sufficient permissions
-   - Check if branch already exists
-
-### Contact
-
-For questions about the dependency management process:
-
-- Create an issue with the `dependencies` label
-- Review existing dependency management workflows
-- Consult the runner team for security-related concerns
-
-## Metrics and KPIs
-
-Track these metrics to measure dependency management effectiveness:
-
-- Number of open dependency PRs at release time
-- Time to merge dependency updates
-- Number of security vulnerabilities by severity
-- Release cycle adherence (monthly target)

src/Misc/expressionFunc/hashFiles/package-lock.json

@@ -1815,11 +1815,10 @@
       }
     },
     "node_modules/eslint-plugin-github/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0"
       }
@@ -5905,9 +5904,9 @@
           }
         },
         "brace-expansion": {
-          "version": "2.0.2",
-          "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-          "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+          "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
           "dev": true,
           "requires": {
             "balanced-match": "^1.0.0"

src/Runner.Listener/Configuration/ConfigurationManager.cs

@@ -334,7 +334,6 @@ namespace GitHub.Runner.Listener.Configuration
                         {
                             var runner = await _dotcomServer.AddRunnerAsync(runnerSettings.PoolId, agent, runnerSettings.GitHubUrl, registerToken, publicKeyXML);
                             runnerSettings.ServerUrlV2 = runner.RunnerAuthorization.ServerUrl;
-                            runnerSettings.UseV2Flow = true; // if we are using runner admin, we also need to hit broker
 
                             agent.Id = runner.Id;
                             agent.Authorization = new TaskAgentAuthorization()