Skip to content

Comments

Scope test lockfiles by package manager and update cache tests#1495

Open
gowridurgad wants to merge 3 commits intoactions:mainfrom
gowridurgad:resloves-qs-alerts
Open

Scope test lockfiles by package manager and update cache tests#1495
gowridurgad wants to merge 3 commits intoactions:mainfrom
gowridurgad:resloves-qs-alerts

Conversation

@gowridurgad
Copy link
Contributor

@gowridurgad gowridurgad commented Feb 20, 2026
edited
Loading

Description:
Split test fixtures per manager, update cache test lockfile paths, and resolve the qs security alerts.

Related issue:
https://github.com/actions/setup-node/security/dependabot/73
https://github.com/actions/setup-node/security/dependabot/74
https://github.com/actions/setup-node/security/dependabot/75

Check list:

  • Mark if documentation changes are required.
  • Mark if tests were added or updated to cover the changes.

@gowridurgad gowridurgad requested a review from a team as a code owner February 20, 2026 12:11
Copilot AI review requested due to automatic review settings February 20, 2026 12:11
Copilot AI reviewed Feb 20, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR restructures the test fixtures so lockfiles are scoped per package manager, updates cache-restore tests to point at the new fixture locations, and reduces fixture lockfile contents to eliminate qs-related security alerts picked up by dependency scanning.

Changes:

  • Move npm/pnpm/yarn lockfiles into __tests__/data/{npm|pnpm|yarn}/ and add minimal package.json fixtures alongside them.
  • Update __tests__/cache-restore.test.ts to set GITHUB_WORKSPACE per package manager fixture.
  • Add .gitignore rules to ignore everything under fixture manager folders except the fixture manifests/lockfiles.

Reviewed changes

Copilot reviewed 4 out of 11 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
tests/data/yarn/yarn.lock Adds a trimmed yarn lockfile fixture under the yarn-scoped directory.
tests/data/yarn/package.json Adds a yarn fixture manifest (minimal deps + engines).
tests/data/yarn.lock Removes the old shared yarn lockfile fixture from __tests__/data/.
tests/data/pnpm/pnpm-lock.yaml Adds a trimmed pnpm lockfile fixture under the pnpm-scoped directory.
tests/data/pnpm/package.json Adds a pnpm fixture manifest (minimal deps + engines).
tests/data/pnpm-lock.yaml Removes the old shared pnpm lockfile fixture from __tests__/data/.
tests/data/package-lock.json Removes the old shared npm lockfile fixture from __tests__/data/.
tests/data/npm/package.json Adds an npm fixture manifest (minimal deps + engines).
tests/data/npm/package-lock.json Adds a trimmed npm lockfile fixture under the npm-scoped directory.
tests/cache-restore.test.ts Updates cache restore tests to set workspace to the appropriate fixture folder per package manager.
.gitignore Ignores fixture folder contents while allowing fixture package.json + lockfiles to remain tracked.
Files not reviewed (4)
  • tests/data/npm/package-lock.json: Language not supported
  • tests/data/package-lock.json: Language not supported
  • tests/data/pnpm-lock.yaml: Language not supported
  • tests/data/pnpm/pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@priyagupta108 priyagupta108 priyagupta108 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gowridurgad @priyagupta108