2.9.0

Bumps the dev-minor group with 1 update: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).


Updates `@types/node` from 25.0.2 to 25.2.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.2.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/buildjet.yml

@@ -2,6 +2,8 @@ name: buildjet
 
 on: [push, pull_request]
 
+permissions: {}
+
 jobs:
   buildjet:
     if: github.repository == 'Swatinem/rust-cache'
@@ -17,7 +19,9 @@ jobs:
       CARGO_TERM_COLOR: always
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - run: rustup toolchain install stable --profile minimal --no-self-update
 

.github/workflows/check-dist.yml

@@ -11,17 +11,21 @@ on:
       - "**.md"
   workflow_dispatch:
 
+permissions: {}
+
 jobs:
   check-dist:
     if: github.repository == 'Swatinem/rust-cache'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      - name: Setup Node.js 20.x
-        uses: actions/setup-node@v5
         with:
-          node-version: 20.x
+          persist-credentials: false
+
+      - name: Setup Node.js 24.x
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        with:
+          node-version: 24.x
           cache: npm
 
       - name: Install dependencies
@@ -39,7 +43,7 @@ jobs:
           fi
         id: diff
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist

.github/workflows/coverage.yml

@@ -2,6 +2,8 @@ name: coverage
 
 on: [push, pull_request]
 
+permissions: {}
+
 jobs:
   coverage:
     if: github.repository == 'Swatinem/rust-cache'
@@ -17,11 +19,15 @@ jobs:
       CARGO_TERM_COLOR: always
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - run: rustup toolchain install stable --profile minimal --component llvm-tools-preview --no-self-update
 
-      - uses: taiki-e/install-action@cargo-llvm-cov
+      - uses: taiki-e/install-action@64c5c20c872907b6f7cd50994ac189e7274160f2 # v2.68.26
+        with:
+          tool: cargo-llvm-cov
 
       - uses: ./
         with:

.github/workflows/dependabot.yml

@@ -3,23 +3,25 @@
 name: Dependabot Automation
 on: pull_request
 
-permissions:
+permissions: {}
-  contents: write
-  pull-requests: write
 
 jobs:
   automerge:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write # for pushing commits
+      pull-requests: write # for merging PRs
     if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'Swatinem/rust-cache'
     steps:
       - name: Fetch metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v2
+        uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 2
+          persist-credentials: false
         if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
       - name: Check if package-lock.json has been changed
         if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
@@ -35,9 +37,9 @@ jobs:
           fi
       - name: Setup node if necessary
         if: steps.npm.outputs.changed != ''
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
-          node-version: 20.x
+          node-version: 24.x
           cache: npm
       - name: Re-generate and commit dist/ if changed
         id: amend

.github/workflows/git-registry.yml

@@ -2,6 +2,8 @@ name: git-registry
 
 on: [push, pull_request]
 
+permissions: {}
+
 jobs:
   git-registry:
     if: github.repository == 'Swatinem/rust-cache'
@@ -18,7 +20,9 @@ jobs:
       CARGO_REGISTRIES_CRATES_IO_PROTOCOL: git
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - run: rustup toolchain install stable --profile minimal --no-self-update
 

.github/workflows/install.yml

@@ -2,6 +2,8 @@ name: install
 
 on: [push, pull_request]
 
+permissions: {}
+
 jobs:
   install:
     if: github.repository == 'Swatinem/rust-cache'
@@ -17,7 +19,9 @@ jobs:
       CARGO_TERM_COLOR: always
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - run: rustup toolchain install stable --profile minimal --no-self-update
 

.github/workflows/multi-job-cache.yml

@@ -0,0 +1,74 @@
+name: multi-job-cache
+
+on: [push, pull_request]
+
+permissions: {}
+
+jobs:
+  multi-job-cache-1:
+    if: github.repository == 'Swatinem/rust-cache'
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+
+    name: Test multi-job cache (1) on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+
+    env:
+      CARGO_TERM_COLOR: always
+
+    steps:
+      - name: checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: install rust toolchain
+        run: rustup toolchain install stable --profile minimal --target wasm32-unknown-unknown --no-self-update
+
+      - name: cache
+        uses: ./
+        with:
+          workspaces: |
+            tests
+          add-job-id-key: "false"
+          add-rust-environment-hash-key: "false"
+
+      - name: cargo check (tests)
+        working-directory: tests
+        run: cargo check
+
+  multi-job-cache-2:
+    if: github.repository == 'Swatinem/rust-cache'
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+
+    name: Test multi-job cache (2) on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+
+    env:
+      CARGO_TERM_COLOR: always
+
+    steps:
+      - name: checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: install rust toolchain
+        run: rustup toolchain install stable --profile minimal --target wasm32-unknown-unknown --no-self-update
+
+      - name: cache
+        uses: ./
+        with:
+          workspaces: |
+            tests/wasm-workspace
+          add-job-id-key: "false"
+          add-rust-environment-hash-key: "false"
+
+      - name: cargo check (tests/wasm-workspace)
+        working-directory: tests/wasm-workspace
+        run: cargo check

.github/workflows/nix.yml

@@ -0,0 +1,33 @@
+name: nix
+
+on: [push, pull_request]
+
+permissions: {}
+
+jobs:
+  nix:
+    if: github.repository == 'Swatinem/rust-cache'
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+
+    name: Test Nix on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - uses: cachix/install-nix-action@1ca7d21a94afc7c957383a2d217460d980de4934 # v31.10.1
+
+      - uses: ./
+        with:
+          workspaces: tests
+          cmd-format: nix develop ./tests -c {0}
+
+      - run: |
+          nix develop -c cargo check
+          nix develop -c cargo test
+        working-directory: tests

.github/workflows/simple.yml

@@ -2,6 +2,8 @@ name: simple
 
 on: [push, pull_request]
 
+permissions: {}
+
 jobs:
   simple:
     if: github.repository == 'Swatinem/rust-cache'
@@ -17,7 +19,9 @@ jobs:
       CARGO_TERM_COLOR: always
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - run: rustup toolchain install stable --profile minimal --no-self-update
 

.github/workflows/target-dir.yml

@@ -2,6 +2,8 @@ name: target-dir
 
 on: [push, pull_request]
 
+permissions: {}
+
 jobs:
   target-dir:
     if: github.repository == 'Swatinem/rust-cache'
@@ -17,7 +19,9 @@ jobs:
       CARGO_TERM_COLOR: always
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - run: rustup toolchain install stable --profile minimal --no-self-update
 

.github/workflows/workspaces.yml

@@ -2,6 +2,8 @@ name: workspaces
 
 on: [push, pull_request]
 
+permissions: {}
+
 jobs:
   workspaces:
     if: github.repository == 'Swatinem/rust-cache'
@@ -17,7 +19,9 @@ jobs:
       CARGO_TERM_COLOR: always
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - run: rustup toolchain install stable --profile minimal --target wasm32-unknown-unknown --no-self-update
 

.github/workflows/zizmor.yml

@@ -0,0 +1,24 @@
+name: GitHub Actions Security Analysis with zizmor 🌈
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["**"]
+
+permissions: {}
+
+jobs:
+  zizmor:
+    name: Run zizmor 🌈
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write # for uploading results to the Security tab
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Run zizmor 🌈
+        uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2

.gitignore

@@ -1,5 +1,6 @@
 node_modules/
 target/
+src/*.js
 
 # Editors
 .idea/

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 2.8.2
+
+- Don't overwrite env for cargo-metadata call
+
 ## 2.8.1
 
 - Set empty `CARGO_ENCODED_RUSTFLAGS` when retrieving metadata

README.md

@@ -28,6 +28,16 @@ sensible defaults.
     # default: empty
     key: ""
 
+    # If the automatic `job`-based cache key should include the job id.
+    # default: "true"
+    add-job-id-key: ""
+
+    # Weather the a hash of the rust environment should be included in the cache key.
+    # This includes a hash of all Cargo.toml/Cargo.lock files, rust-toolchain files,
+    # and .cargo/config.toml files (if present), as well as the specified 'env-vars'.
+    # default: "true"
+    add-rust-environment-hash-key: ""
+
     # A whitespace separated list of env-var *prefixes* who's value contributes
     # to the environment cache key.
     # The env-vars are matched by *prefix*, so the default `RUST` var will
@@ -89,6 +99,16 @@ sensible defaults.
     # Determines whether to cache the ~/.cargo/bin directory.
     # default: "true"
     cache-bin: ""
+
+    # A format string used to format commands to be run, i.e. `rustc` and `cargo`.
+    # Must contain exactly one occurance of `{0}`, which is the formatting fragment
+    # that will be replaced with the `rustc` or `cargo` command. This is necessary
+    # when using Nix or other setup that requires running these commands within a
+    # specific shell, otherwise the system `rustc` and `cargo` will be run.
+    # default: "{0}"
+    cmd-format: ""
+    # To run within a Nix shell (using the default dev shell of a flake in the repo root):
+    cmd-format: nix develop -c {0}
 ```
 
 Further examples are available in the [.github/workflows](./.github/workflows/) directory.
@@ -121,12 +141,15 @@ This action currently caches the following files/directories:
 
 This cache is automatically keyed by:
 
-- the github [`job_id`](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_id),
+- the github [`job_id`](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_id)
-- the rustc release / host / hash,
+(if `add-job-id-key` is `"true"`),
-- the value of some compiler-specific environment variables (eg. RUSTFLAGS, etc), and
+- the rustc release / host / hash (for all installed toolchains when
-- a hash of all `Cargo.lock` / `Cargo.toml` files found anywhere in the repository (if present).
+  available),
-- a hash of all `rust-toolchain` / `rust-toolchain.toml` files in the root of the repository (if present).
+- the following values, if `add-rust-environment-hash-key` is `"true"`:
-- a hash of all `.cargo/config.toml` files in the root of the repository (if present).
+  - the value of some compiler-specific environment variables (eg. RUSTFLAGS, etc), and
+  - a hash of all `Cargo.lock` / `Cargo.toml` files found anywhere in the repository (if present).
+  - a hash of all `rust-toolchain` / `rust-toolchain.toml` files in the root of the repository (if present).
+  - a hash of all `.cargo/config.toml` files in the root of the repository (if present).
 
 An additional input `key` can be provided if the builtin keys are not sufficient.
 

action.yml

@@ -12,6 +12,14 @@ inputs:
   key:
     description: "An additional cache key that is added alongside the automatic `job`-based cache key and can be used to further differentiate jobs."
     required: false
+  add-job-id-key:
+    description: "If the automatic `job`-based cache key should include the job id. Defaults to true."
+    required: false
+    default: "true"
+  add-rust-environment-hash-key:
+    description: "Weather the a hash of the rust environment should be included in the cache key. This includes a hash of all Cargo.toml/Cargo.lock files, rust-toolchain files, and .cargo/config.toml files (if present), as well as the specified 'env-vars'. Defaults to true."
+    required: false
+    default: "true"
   env-vars:
     description: "Additional environment variables to include in the cache key, separated by spaces."
     required: false
@@ -52,11 +60,15 @@ inputs:
     description: "Check if a cache entry exists without downloading the cache"
     required: false
     default: "false"
+  cmd-format:
+    description: "A format string used to format commands to be run, i.e. `rustc` and `cargo`."
+    required: false
+    default: "{0}"
 outputs:
   cache-hit:
     description: "A boolean value that indicates an exact match was found."
 runs:
-  using: "node20"
+  using: "node24"
   main: "dist/restore/index.js"
   post: "dist/save/index.js"
   post-if: "success() || env.CACHE_ON_FAILURE == 'true'"

package-lock.json

@@ -1,28 +1,28 @@
 {
   "name": "rust-cache",
-  "version": "2.8.1",
+  "version": "2.9.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "rust-cache",
-      "version": "2.8.1",
+      "version": "2.9.0",
       "license": "LGPL-3.0",
       "dependencies": {
         "@actions/buildjet-cache": "npm:github-actions.cache-buildjet@0.2.0",
-        "@actions/cache": "^4.0.5",
+        "@actions/cache": "^6.0.0",
-        "@actions/core": "^1.11.1",
+        "@actions/core": "^3.0.0",
-        "@actions/exec": "^1.1.1",
+        "@actions/exec": "^3.0.0",
-        "@actions/glob": "^0.5.0",
+        "@actions/glob": "^0.6.1",
-        "@actions/io": "^1.1.3",
+        "@actions/io": "^3.0.2",
         "@actions/warpbuild-cache": "npm:github-actions.warp-cache@1.4.7",
-        "smol-toml": "^1.4.2"
+        "smol-toml": "^1.6.0"
       },
       "devDependencies": {
-        "@types/node": "^24.3.0",
+        "@types/node": "^25.4.0",
-        "@vercel/ncc": "^0.38.3",
+        "@vercel/ncc": "^0.38.4",
         "linefix": "^0.1.1",
-        "typescript": "5.9.2"
+        "typescript": "5.9.3"
       },
       "funding": {
         "url": "https://github.com/sponsors/Swatinem"
@@ -43,6 +43,23 @@
         "uuid": "^3.3.3"
       }
     },
+    "node_modules/@actions/buildjet-cache/node_modules/@actions/core": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
+      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
+      "dependencies": {
+        "@actions/exec": "^1.1.1",
+        "@actions/http-client": "^2.0.1"
+      }
+    },
+    "node_modules/@actions/buildjet-cache/node_modules/@actions/exec": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
+      "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
+      "dependencies": {
+        "@actions/io": "^1.0.1"
+      }
+    },
     "node_modules/@actions/buildjet-cache/node_modules/@actions/glob": {
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/@actions/glob/-/glob-0.1.2.tgz",
@@ -52,47 +69,87 @@
         "minimatch": "^3.0.4"
       }
     },
+    "node_modules/@actions/buildjet-cache/node_modules/@actions/io": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
+      "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
+    },
     "node_modules/@actions/cache": {
-      "version": "4.0.5",
+      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.5.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-6.0.0.tgz",
-      "integrity": "sha512-RjLz1/vvntOfp3FpkY3wB0MjVRbLq7bfQEuQG9UUTKwdtcYmFrKVmuD+9B6ADbzbkSfHM+dM4sMjdr3R4XIkFg==",
+      "integrity": "sha512-+tCs634SyGBQJ3KU1rtAVabmN/gYiT9WgzTSJzWwdPCLmM3zWrdbysaErKv8HyI6OozClrxNvDgPjJimbHZZvw==",
       "dependencies": {
-        "@actions/core": "^1.11.1",
+        "@actions/core": "^3.0.0",
-        "@actions/exec": "^1.0.1",
+        "@actions/exec": "^3.0.0",
-        "@actions/glob": "^0.1.0",
+        "@actions/glob": "^0.6.1",
-        "@actions/http-client": "^2.1.1",
+        "@actions/http-client": "^4.0.0",
-        "@actions/io": "^1.0.1",
+        "@actions/io": "^3.0.0",
-        "@azure/abort-controller": "^1.1.0",
+        "@azure/core-rest-pipeline": "^1.22.0",
-        "@azure/ms-rest-js": "^2.6.0",
+        "@azure/storage-blob": "^12.30.0",
-        "@azure/storage-blob": "^12.13.0",
         "@protobuf-ts/runtime-rpc": "^2.11.1",
-        "semver": "^6.3.1"
+        "semver": "^7.7.3"
       }
     },
-    "node_modules/@actions/cache/node_modules/@actions/glob": {
+    "node_modules/@actions/cache/node_modules/@actions/http-client": {
-      "version": "0.1.2",
+      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/@actions/glob/-/glob-0.1.2.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-4.0.0.tgz",
-      "integrity": "sha512-SclLR7Ia5sEqjkJTPs7Sd86maMDw43p769YxBOxvPvEWuPEhpAnBsQfENOpXjFYMmhCqd127bmf+YdvJqVqR4A==",
+      "integrity": "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g==",
       "dependencies": {
-        "@actions/core": "^1.2.6",
+        "tunnel": "^0.0.6",
-        "minimatch": "^3.0.4"
+        "undici": "^6.23.0"
+      }
+    },
+    "node_modules/@actions/cache/node_modules/semver": {
+      "version": "7.7.4",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
+      "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@actions/cache/node_modules/undici": {
+      "version": "6.23.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
+      "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
+      "engines": {
+        "node": ">=18.17"
       }
     },
     "node_modules/@actions/core": {
-      "version": "1.11.1",
+      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-3.0.0.tgz",
-      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
+      "integrity": "sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg==",
       "dependencies": {
-        "@actions/exec": "^1.1.1",
+        "@actions/exec": "^3.0.0",
-        "@actions/http-client": "^2.0.1"
+        "@actions/http-client": "^4.0.0"
+      }
+    },
+    "node_modules/@actions/core/node_modules/@actions/http-client": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-4.0.0.tgz",
+      "integrity": "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g==",
+      "dependencies": {
+        "tunnel": "^0.0.6",
+        "undici": "^6.23.0"
+      }
+    },
+    "node_modules/@actions/core/node_modules/undici": {
+      "version": "6.23.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
+      "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
+      "engines": {
+        "node": ">=18.17"
       }
     },
     "node_modules/@actions/exec": {
-      "version": "1.1.1",
+      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-3.0.0.tgz",
-      "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
+      "integrity": "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw==",
       "dependencies": {
-        "@actions/io": "^1.0.1"
+        "@actions/io": "^3.0.2"
       }
     },
     "node_modules/@actions/github": {
@@ -110,11 +167,11 @@
       }
     },
     "node_modules/@actions/glob": {
-      "version": "0.5.0",
+      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/@actions/glob/-/glob-0.5.0.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/glob/-/glob-0.6.1.tgz",
-      "integrity": "sha512-tST2rjPvJLRZLuT9NMUtyBjvj9Yo0MiJS3ow004slMvm8GFM+Zv9HvMJ7HWzfUyJnGrJvDsYkWBaaG3YKXRtCw==",
+      "integrity": "sha512-K4+2Ac5ILcf2ySdJCha+Pop9NcKjxqCL4xL4zI50dgB2PbXgC0+AcP011xfH4Of6b4QEJJg8dyZYv7zl4byTsw==",
       "dependencies": {
-        "@actions/core": "^1.9.1",
+        "@actions/core": "^3.0.0",
         "minimatch": "^3.0.4"
       }
     },
@@ -128,9 +185,9 @@
       }
     },
     "node_modules/@actions/io": {
-      "version": "1.1.3",
+      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/io/-/io-3.0.2.tgz",
-      "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
+      "integrity": "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw=="
     },
     "node_modules/@actions/warpbuild-cache": {
       "name": "github-actions.warp-cache",
@@ -155,6 +212,23 @@
         "uuid": "^3.3.3"
       }
     },
+    "node_modules/@actions/warpbuild-cache/node_modules/@actions/core": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
+      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
+      "dependencies": {
+        "@actions/exec": "^1.1.1",
+        "@actions/http-client": "^2.0.1"
+      }
+    },
+    "node_modules/@actions/warpbuild-cache/node_modules/@actions/exec": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
+      "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
+      "dependencies": {
+        "@actions/io": "^1.0.1"
+      }
+    },
     "node_modules/@actions/warpbuild-cache/node_modules/@actions/glob": {
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/@actions/glob/-/glob-0.1.2.tgz",
@@ -164,6 +238,11 @@
         "minimatch": "^3.0.4"
       }
     },
+    "node_modules/@actions/warpbuild-cache/node_modules/@actions/io": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
+      "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
+    },
     "node_modules/@azure/abort-controller": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/@azure/abort-controller/-/abort-controller-1.1.0.tgz",
@@ -228,16 +307,18 @@
       }
     },
     "node_modules/@azure/core-http-compat": {
-      "version": "2.3.1",
+      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/@azure/core-http-compat/-/core-http-compat-2.3.1.tgz",
+      "resolved": "https://registry.npmjs.org/@azure/core-http-compat/-/core-http-compat-2.3.2.tgz",
-      "integrity": "sha512-az9BkXND3/d5VgdRRQVkiJb2gOmDU8Qcq4GvjtBmDICNiQ9udFmDk4ZpSB5Qq1OmtDJGlQAfBaS4palFsazQ5g==",
+      "integrity": "sha512-Tf6ltdKzOJEgxZeWLCjMxrxbodB/ZeCbzzA1A2qHbhzAjzjHoBVSUeSl/baT/oHAxhc4qdqVaDKnc2+iE932gw==",
       "dependencies": {
-        "@azure/abort-controller": "^2.1.2",
+        "@azure/abort-controller": "^2.1.2"
-        "@azure/core-client": "^1.10.0",
-        "@azure/core-rest-pipeline": "^1.22.0"
       },
       "engines": {
         "node": ">=20.0.0"
+      },
+      "peerDependencies": {
+        "@azure/core-client": "^1.10.0",
+        "@azure/core-rest-pipeline": "^1.22.0"
       }
     },
     "node_modules/@azure/core-http-compat/node_modules/@azure/abort-controller": {
@@ -288,16 +369,16 @@
       }
     },
     "node_modules/@azure/core-rest-pipeline": {
-      "version": "1.22.1",
+      "version": "1.23.0",
-      "resolved": "https://registry.npmjs.org/@azure/core-rest-pipeline/-/core-rest-pipeline-1.22.1.tgz",
+      "resolved": "https://registry.npmjs.org/@azure/core-rest-pipeline/-/core-rest-pipeline-1.23.0.tgz",
-      "integrity": "sha512-UVZlVLfLyz6g3Hy7GNDpooMQonUygH7ghdiSASOOHy97fKj/mPLqgDX7aidOijn+sCMU+WU8NjlPlNTgnvbcGA==",
+      "integrity": "sha512-Evs1INHo+jUjwHi1T6SG6Ua/LHOQBCLuKEEE6efIpt4ZOoNonaT1kP32GoOcdNDbfqsD2445CPri3MubBy5DEQ==",
       "dependencies": {
         "@azure/abort-controller": "^2.1.2",
         "@azure/core-auth": "^1.10.0",
         "@azure/core-tracing": "^1.3.0",
         "@azure/core-util": "^1.13.0",
         "@azure/logger": "^1.3.0",
-        "@typespec/ts-http-runtime": "^0.3.0",
+        "@typespec/ts-http-runtime": "^0.3.4",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -403,9 +484,9 @@
       }
     },
     "node_modules/@azure/storage-blob": {
-      "version": "12.28.0",
+      "version": "12.31.0",
-      "resolved": "https://registry.npmjs.org/@azure/storage-blob/-/storage-blob-12.28.0.tgz",
+      "resolved": "https://registry.npmjs.org/@azure/storage-blob/-/storage-blob-12.31.0.tgz",
-      "integrity": "sha512-VhQHITXXO03SURhDiGuHhvc/k/sD2WvJUS7hqhiVNbErVCuQoLtWql7r97fleBlIRKHJaa9R7DpBjfE0pfLYcA==",
+      "integrity": "sha512-DBgNv10aCSxopt92DkTDD0o9xScXeBqPKGmR50FPZQaEcH4JLQ+GEOGEDv19V5BMkB7kxr+m4h6il/cCDPvmHg==",
       "dependencies": {
         "@azure/abort-controller": "^2.1.2",
         "@azure/core-auth": "^1.9.0",
@@ -418,7 +499,7 @@
         "@azure/core-util": "^1.11.0",
         "@azure/core-xml": "^1.4.5",
         "@azure/logger": "^1.1.4",
-        "@azure/storage-common": "^12.0.0-beta.2",
+        "@azure/storage-common": "^12.3.0",
         "events": "^3.0.0",
         "tslib": "^2.8.1"
       },
@@ -438,9 +519,9 @@
       }
     },
     "node_modules/@azure/storage-common": {
-      "version": "12.0.0",
+      "version": "12.3.0",
-      "resolved": "https://registry.npmjs.org/@azure/storage-common/-/storage-common-12.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/@azure/storage-common/-/storage-common-12.3.0.tgz",
-      "integrity": "sha512-QyEWXgi4kdRo0wc1rHum9/KnaWZKCdQGZK1BjU4fFL6Jtedp7KLbQihgTTVxldFy1z1ZPtuDPx8mQ5l3huPPbA==",
+      "integrity": "sha512-/OFHhy86aG5Pe8dP5tsp+BuJ25JOAl9yaMU3WZbkeoiFMHFtJ7tu5ili7qEdBXNW9G5lDB19trwyI6V49F/8iQ==",
       "dependencies": {
         "@azure/abort-controller": "^2.1.2",
         "@azure/core-auth": "^1.9.0",
@@ -504,9 +585,9 @@
       }
     },
     "node_modules/@google-cloud/storage": {
-      "version": "7.17.1",
+      "version": "7.19.0",
-      "resolved": "https://registry.npmjs.org/@google-cloud/storage/-/storage-7.17.1.tgz",
+      "resolved": "https://registry.npmjs.org/@google-cloud/storage/-/storage-7.19.0.tgz",
-      "integrity": "sha512-2FMQbpU7qK+OtBPaegC6n+XevgZksobUGo6mGKnXNmeZpvLiAo1gTAE3oTKsrMGDV4VtL8Zzpono0YsK/Q7Iqg==",
+      "integrity": "sha512-n2FjE7NAOYyshogdc7KQOl/VZb4sneqPjWouSyia9CMDdMhRX5+RIbqalNmC7LOLzuLAN89VlF2HvG8na9G+zQ==",
       "dependencies": {
         "@google-cloud/paginator": "^5.0.0",
         "@google-cloud/projectify": "^4.0.0",
@@ -514,7 +595,7 @@
         "abort-controller": "^3.0.0",
         "async-retry": "^1.3.3",
         "duplexify": "^4.1.3",
-        "fast-xml-parser": "^4.4.1",
+        "fast-xml-parser": "^5.3.4",
         "gaxios": "^6.0.2",
         "google-auth-library": "^9.6.3",
         "html-entities": "^2.5.2",
@@ -528,34 +609,6 @@
         "node": ">=14"
       }
     },
-    "node_modules/@google-cloud/storage/node_modules/fast-xml-parser": {
-      "version": "4.5.3",
-      "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.5.3.tgz",
-      "integrity": "sha512-RKihhV+SHsIUGXObeVy9AXiBbFwkVk7Syp8XgwN5U3JV416+Gwp/GO9i0JYKmikykgz/UHRrrV4ROuZEo/T0ig==",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/NaturalIntelligence"
-        }
-      ],
-      "dependencies": {
-        "strnum": "^1.1.1"
-      },
-      "bin": {
-        "fxparser": "src/cli/cli.js"
-      }
-    },
-    "node_modules/@google-cloud/storage/node_modules/strnum": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/strnum/-/strnum-1.1.2.tgz",
-      "integrity": "sha512-vrN+B7DBIoTTZjnPNewwhx6cBA/H+IS7rfW68n7XxC1y7uoiGQBxaKzqucGUgavX15dJgiGztLJ8vxuEzwqBdA==",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/NaturalIntelligence"
-        }
-      ]
-    },
     "node_modules/@google-cloud/storage/node_modules/uuid": {
       "version": "8.3.2",
       "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
@@ -741,11 +794,11 @@
       "integrity": "sha512-hWtVTC2q7hc7xZ/RLbxapMvDMgUnDvKvMOpKal4DrMyfGBUfB1oKaZlIRr6mJL+If3bAP6sV/QneGzF6tJjZDg=="
     },
     "node_modules/@types/node": {
-      "version": "24.5.2",
+      "version": "25.4.0",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.5.2.tgz",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.4.0.tgz",
-      "integrity": "sha512-FYxk1I7wPv3K2XBaoyH2cTnocQEu8AOZ60hPbsyukMPLv5/5qr7V1i8PLHdl6Zf87I+xZXFvPCXYjiTFq+YSDQ==",
+      "integrity": "sha512-9wLpoeWuBlcbBpOY3XmzSTG3oscB6xjBEEtn+pYXTfhyXhIxC5FsBer2KTopBlvKEiW9l13po9fq+SJY/5lkhw==",
       "dependencies": {
-        "undici-types": "~7.12.0"
+        "undici-types": "~7.18.0"
       }
     },
     "node_modules/@types/request": {
@@ -765,9 +818,9 @@
       "integrity": "sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA=="
     },
     "node_modules/@typespec/ts-http-runtime": {
-      "version": "0.3.1",
+      "version": "0.3.4",
-      "resolved": "https://registry.npmjs.org/@typespec/ts-http-runtime/-/ts-http-runtime-0.3.1.tgz",
+      "resolved": "https://registry.npmjs.org/@typespec/ts-http-runtime/-/ts-http-runtime-0.3.4.tgz",
-      "integrity": "sha512-SnbaqayTVFEA6/tYumdF0UmybY0KHyKwGPBXnyckFlrrKdhWFrL3a2HIPXHjht5ZOElKGcXfD2D63P36btb+ww==",
+      "integrity": "sha512-CI0NhTrz4EBaa0U+HaaUZrJhPoso8sG7ZFya8uQoBA57fjzrjRSv87ekCjLZOFExN+gXE/z0xuN2QfH4H2HrLQ==",
       "dependencies": {
         "http-proxy-agent": "^7.0.0",
         "https-proxy-agent": "^7.0.0",
@@ -778,9 +831,9 @@
       }
     },
     "node_modules/@vercel/ncc": {
-      "version": "0.38.3",
+      "version": "0.38.4",
-      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.3.tgz",
+      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.4.tgz",
-      "integrity": "sha512-rnK6hJBS6mwc+Bkab+PGPs9OiS0i/3kdTO+CkI8V0/VrW3vmz7O2Pxjw/owOlmo6PKEIxRSeZKv/kuL9itnpYA==",
+      "integrity": "sha512-8LwjnlP39s08C08J5NstzriPvW1SP8Zfpp1BvC2sI35kPeZnHfxVkCwu4/+Wodgnd60UtT1n8K8zw+Mp7J9JmQ==",
       "dev": true,
       "bin": {
         "ncc": "dist/ncc/cli.js"
@@ -827,19 +880,19 @@
       "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="
     },
     "node_modules/axios": {
-      "version": "1.12.2",
+      "version": "1.13.6",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.6.tgz",
-      "integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==",
+      "integrity": "sha512-ChTCHMouEe2kn713WHbQGcuYrr6fXTBiu460OTwWrWob16g1bXn4vtz07Ope7ewMozJAnEquLk5lWQWtBig9DQ==",
       "dependencies": {
-        "follow-redirects": "^1.15.6",
+        "follow-redirects": "^1.15.11",
-        "form-data": "^4.0.4",
+        "form-data": "^4.0.5",
         "proxy-from-env": "^1.1.0"
       }
     },
     "node_modules/axios/node_modules/form-data": {
-      "version": "4.0.4",
+      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz",
-      "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
+      "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==",
       "dependencies": {
         "asynckit": "^0.4.0",
         "combined-stream": "^1.0.8",
@@ -1061,10 +1114,10 @@
       "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
       "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="
     },
-    "node_modules/fast-xml-parser": {
+    "node_modules/fast-xml-builder": {
-      "version": "5.2.5",
+      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.2.5.tgz",
+      "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.2.tgz",
-      "integrity": "sha512-pfX9uG9Ki0yekDHx2SiuRIyFdyAr1kMIMitPvb0YBo8SUfKvia7w7FIyd/l6av85pFYRhZscS75MwMnbvY+hcQ==",
+      "integrity": "sha512-NJAmiuVaJEjVa7TjLZKlYd7RqmzOC91EtPFXHvlTcqBVo50Qh7XV5IwvXi1c7NRz2Q/majGX9YLcwJtWgHjtkA==",
       "funding": [
         {
           "type": "github",
@@ -1072,7 +1125,23 @@
         }
       ],
       "dependencies": {
-        "strnum": "^2.1.0"
+        "path-expression-matcher": "^1.1.3"
+      }
+    },
+    "node_modules/fast-xml-parser": {
+      "version": "5.5.3",
+      "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.5.3.tgz",
+      "integrity": "sha512-Ymnuefk6VzAhT3SxLzVUw+nMio/wB1NGypHkgetwtXcK1JfryaHk4DWQFGVwQ9XgzyS5iRZ7C2ZGI4AMsdMZ6A==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/NaturalIntelligence"
+        }
+      ],
+      "dependencies": {
+        "fast-xml-builder": "^1.1.2",
+        "path-expression-matcher": "^1.1.3",
+        "strnum": "^2.1.2"
       },
       "bin": {
         "fxparser": "src/cli/cli.js"
@@ -1353,11 +1422,11 @@
       }
     },
     "node_modules/jws": {
-      "version": "4.0.0",
+      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.1.tgz",
-      "integrity": "sha512-KDncfTmOZoOMTFG4mBlG0qUIOlc03fmzH+ru6RgYVZhPkyiy/92Owlt/8UEN+a4TXR1FQetfIpJE8ApdvdVxTg==",
+      "integrity": "sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==",
       "dependencies": {
-        "jwa": "^2.0.0",
+        "jwa": "^2.0.1",
         "safe-buffer": "^5.0.1"
       }
     },
@@ -1409,9 +1478,9 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "3.1.2",
+      "version": "3.1.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "dependencies": {
         "brace-expansion": "^1.1.7"
       },
@@ -1465,6 +1534,20 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/path-expression-matcher": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.1.3.tgz",
+      "integrity": "sha512-qdVgY8KXmVdJZRSS1JdEPOKPdTiEK/pi0RkcT2sw1RhXxohdujUlJFPuS1TSkevZ9vzd3ZlL7ULl1MHGTApKzQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/NaturalIntelligence"
+        }
+      ],
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
     "node_modules/proxy-from-env": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
@@ -1524,9 +1607,12 @@
       ]
     },
     "node_modules/sax": {
-      "version": "1.4.1",
+      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/sax/-/sax-1.4.1.tgz",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.5.0.tgz",
-      "integrity": "sha512-+aWOz7yVScEGoKNd4PA10LZ8sk0A/z5+nXQG5giUO5rprX9jgYsTdov9qCchZiPIZezbZH+jRut8nPodFAX4Jg=="
+      "integrity": "sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA==",
+      "engines": {
+        "node": ">=11.0.0"
+      }
     },
     "node_modules/semver": {
       "version": "6.3.1",
@@ -1537,9 +1623,9 @@
       }
     },
     "node_modules/smol-toml": {
-      "version": "1.4.2",
+      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.4.2.tgz",
+      "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.6.0.tgz",
-      "integrity": "sha512-rInDH6lCNiEyn3+hH8KVGFdbjc099j47+OSgbMrfDYX1CmXLfdKd7qi6IfcWj2wFxvSVkuI46M+wPGYfEOEj6g==",
+      "integrity": "sha512-4zemZi0HvTnYwLfrpk/CF9LOd9Lt87kAt50GnqhMpyF9U3poDAP2+iukq2bZsO/ufegbYehBkqINbsWxj4l4cw==",
       "engines": {
         "node": ">= 18"
       },
@@ -1569,9 +1655,9 @@
       }
     },
     "node_modules/strnum": {
-      "version": "2.1.1",
+      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.2.0.tgz",
-      "integrity": "sha512-7ZvoFTiCnGxBtDqJ//Cu6fWtZtc7Y3x+QOirG15wztbdngGSkht27o2pyGWrVy0b4WAy3jbKmnoK6g5VlVNUUw==",
+      "integrity": "sha512-Y7Bj8XyJxnPAORMZj/xltsfo55uOiyHcU2tnAVzHUnSJR/KsEX+9RoDeXEnsXtl/CX4fAcrt64gZ13aGaWPeBg==",
       "funding": [
         {
           "type": "github",
@@ -1666,9 +1752,9 @@
       }
     },
     "node_modules/typescript": {
-      "version": "5.9.2",
+      "version": "5.9.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.2.tgz",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
-      "integrity": "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A==",
+      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
       "dev": true,
       "bin": {
         "tsc": "bin/tsc",
@@ -1690,9 +1776,9 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "7.12.0",
+      "version": "7.18.2",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.12.0.tgz",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
-      "integrity": "sha512-goOacqME2GYyOZZfb5Lgtu+1IDmAlAEu5xnD3+xTzS10hT0vzpf0SPjkXwAw9Jm+4n/mQGDP3LO8CPbYROeBfQ=="
+      "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w=="
     },
     "node_modules/universal-user-agent": {
       "version": "6.0.1",

package.json

@@ -1,7 +1,7 @@
 {
   "private": true,
   "name": "rust-cache",
-  "version": "2.8.1",
+  "version": "2.9.0",
   "description": "A GitHub Action that implements smart caching for rust/cargo projects with sensible defaults.",
   "keywords": [
     "actions",
@@ -24,18 +24,18 @@
   "dependencies": {
     "@actions/buildjet-cache": "npm:github-actions.cache-buildjet@0.2.0",
     "@actions/warpbuild-cache": "npm:github-actions.warp-cache@1.4.7",
-    "@actions/cache": "^4.0.5",
+    "@actions/cache": "^6.0.0",
-    "@actions/core": "^1.11.1",
+    "@actions/core": "^3.0.0",
-    "@actions/exec": "^1.1.1",
+    "@actions/exec": "^3.0.0",
-    "@actions/glob": "^0.5.0",
+    "@actions/glob": "^0.6.1",
-    "@actions/io": "^1.1.3",
+    "@actions/io": "^3.0.2",
-    "smol-toml": "^1.4.2"
+    "smol-toml": "^1.6.0"
   },
   "devDependencies": {
-    "@types/node": "^24.3.0",
+    "@types/node": "^25.4.0",
-    "@vercel/ncc": "^0.38.3",
+    "@vercel/ncc": "^0.38.4",
     "linefix": "^0.1.1",
-    "typescript": "5.9.2"
+    "typescript": "5.9.3"
   },
   "scripts": {
     "prepare": "ncc build --target es2020 -o dist/restore src/restore.ts && ncc build --target es2020 -o dist/save src/save.ts && linefix dist"

src/config.ts

@@ -1,8 +1,9 @@
 import * as core from "@actions/core";
 import * as glob from "@actions/glob";
 import crypto from "crypto";
-import fs from "fs";
+import fs from "fs/promises";
-import fs_promises from "fs/promises";
+import { createReadStream } from "fs";
+import { pipeline } from "stream/promises";
 import os from "os";
 import path from "path";
 import * as toml from "smol-toml";
@@ -18,6 +19,9 @@ const STATE_CONFIG = "RUST_CACHE_CONFIG";
 const HASH_LENGTH = 8;
 
 export class CacheConfig {
+  /** A format string for running commands */
+  public cmdFormat: string = "";
+
   /** All the paths we want to cache */
   public cachePaths: Array<string> = [];
   /** The primary cache key */
@@ -37,7 +41,7 @@ export class CacheConfig {
   /** The prefix portion of the cache key */
   private keyPrefix = "";
   /** The rust version considered for the cache key */
-  private keyRust = "";
+  private keyRust: Array<string> = [];
   /** The environment variables considered for the cache key */
   private keyEnvs: Array<string> = [];
   /** The files considered for the cache key */
@@ -53,6 +57,17 @@ export class CacheConfig {
   static async new(): Promise<CacheConfig> {
     const self = new CacheConfig();
 
+    let cmdFormat = core.getInput("cmd-format");
+    if (cmdFormat) {
+      const placeholderMatches = cmdFormat.match(/\{0\}/g);
+      if (!placeholderMatches || placeholderMatches.length !== 1) {
+        cmdFormat = "{0}";
+      }
+    } else {
+      cmdFormat = "{0}";
+    }
+    self.cmdFormat = cmdFormat;
+
     // Construct key prefix:
     // This uses either the `shared-key` input,
     // or the `key` input combined with the `job` key.
@@ -69,7 +84,7 @@ export class CacheConfig {
       }
 
       const job = process.env.GITHUB_JOB;
-      if (job) {
+      if ((job) && core.getInput("add-job-id-key").toLowerCase() == "true") {
         key += `-${job}`;
       }
     }
@@ -89,14 +104,16 @@ export class CacheConfig {
     // resulting environment hash.
 
     let hasher = crypto.createHash("sha1");
-    const rustVersion = await getRustVersion();
+    const rustVersions = Array.from(await getRustVersions(cmdFormat));
+    // Doesn't matter how they're sorted, just as long as it's deterministic.
+    rustVersions.sort();
 
-    let keyRust = `${rustVersion.release} ${rustVersion.host}`;
+    for (const rustVersion of rustVersions) {
+      const { release, host, "commit-hash": commitHash } = rustVersion;
+      const keyRust = `${release} ${host} ${commitHash}`;
       hasher.update(keyRust);
-    hasher.update(rustVersion["commit-hash"]);
+      self.keyRust.push(keyRust);
-
+    }
-    keyRust += ` (${rustVersion["commit-hash"]})`;
-    self.keyRust = keyRust;
 
     // these prefixes should cover most of the compiler / rust / cargo keys
     const envPrefixes = ["CARGO", "CC", "CFLAGS", "CXX", "CMAKE", "RUST"];
@@ -116,7 +133,10 @@ export class CacheConfig {
 
     self.keyEnvs = keyEnvs;
 
+    // Add job hash suffix if 'add-rust-environment-hash-key' is true
+    if (core.getInput("add-rust-environment-hash-key").toLowerCase() == "true") {
       key += `-${digest(hasher)}`;
+    }
 
     self.restoreKey = key;
 
@@ -139,6 +159,9 @@ export class CacheConfig {
     }
     self.workspaces = workspaces;
 
+    // Add hash suffix of all rust environment lockfiles + manifests if
+    // 'add-rust-environment-hash-key' is true
+    if (core.getInput("add-rust-environment-hash-key").toLowerCase() == "true") {
       let keyFiles = await globFiles(".cargo/config.toml\nrust-toolchain\nrust-toolchain.toml");
       const parsedKeyFiles = []; // keyFiles that are parsed, pre-processed and hashed
 
@@ -152,13 +175,13 @@ export class CacheConfig {
           )),
         );
 
-      const workspaceMembers = await workspace.getWorkspaceMembers();
+        const workspaceMembers = await workspace.getWorkspaceMembers(cmdFormat);
 
         const cargo_manifests = sort_and_uniq(workspaceMembers.map((member) => path.join(member.path, "Cargo.toml")));
 
         for (const cargo_manifest of cargo_manifests) {
           try {
-          const content = await fs_promises.readFile(cargo_manifest, { encoding: "utf8" });
+            const content = await fs.readFile(cargo_manifest, { encoding: "utf8" });
             // Use any since TomlPrimitive is not exposed
             const parsed = toml.parse(content) as { [key: string]: any };
 
@@ -205,7 +228,7 @@ export class CacheConfig {
         const cargo_lock = path.join(workspace.root, "Cargo.lock");
         if (await exists(cargo_lock)) {
           try {
-          const content = await fs_promises.readFile(cargo_lock, { encoding: "utf8" });
+            const content = await fs.readFile(cargo_lock, { encoding: "utf8" });
             const parsed = toml.parse(content);
 
             if ((parsed.version !== 3 && parsed.version !== 4) || !("package" in parsed)) {
@@ -233,17 +256,16 @@ export class CacheConfig {
       keyFiles = sort_and_uniq(keyFiles);
 
       for (const file of keyFiles) {
-      for await (const chunk of fs.createReadStream(file)) {
+        await pipeline(createReadStream(file), hasher);
-        hasher.update(chunk);
       }
-    }
-
-    let lockHash = digest(hasher);
 
       keyFiles.push(...parsedKeyFiles);
       self.keyFiles = sort_and_uniq(keyFiles);
 
+      let lockHash = digest(hasher);
       key += `-${lockHash}`;
+    }
+
     self.cacheKey = key;
 
     self.cachePaths = [path.join(CARGO_HOME, "registry"), path.join(CARGO_HOME, "git")];
@@ -314,7 +336,10 @@ export class CacheConfig {
     core.info(`.. Prefix:`);
     core.info(`  - ${this.keyPrefix}`);
     core.info(`.. Environment considered:`);
-    core.info(`  - Rust Version: ${this.keyRust}`);
+    core.info(`  - Rust Versions:`);
+    for (const rust of this.keyRust) {
+      core.info(`    - ${rust}`);
+    }
     for (const env of this.keyEnvs) {
       core.info(`  - ${env}`);
     }
@@ -359,9 +384,33 @@ interface RustVersion {
   "commit-hash": string;
 }
 
-async function getRustVersion(): Promise<RustVersion> {
+async function getRustVersions(cmdFormat: string): Promise<Set<RustVersion>> {
-  const stdout = await getCmdOutput("rustc", ["-vV"]);
+  const versions = new Set<RustVersion>();
-  let splits = stdout
+
+  versions.add(parseRustVersion(await getCmdOutput(cmdFormat, "rustc -vV")));
+
+  const stdout = await (async () => {
+    try {
+      return await getCmdOutput(cmdFormat, "rustup toolchain list --quiet");
+    } catch (e) {
+      core.warning(`Error running rustup toolchain list, falling back to default toolchain only: ${e}`);
+      return undefined;
+    }
+  })();
+  if (stdout !== undefined) {
+    for (const toolchain of stdout.split(/[\n\r]+/)) {
+      const trimmed = toolchain.trim();
+      if (!trimmed) {
+        continue;
+      }
+      versions.add(parseRustVersion(await getCmdOutput(cmdFormat, `rustup run ${toolchain} rustc -vV`)));
+    }
+  }
+  return versions;
+}
+
+function parseRustVersion(stdout: string): RustVersion {
+  const splits = stdout
     .split(/[\n\r]+/)
     .filter(Boolean)
     .map((s) => s.split(":").map((s) => s.trim()))
@@ -373,10 +422,17 @@ async function globFiles(pattern: string): Promise<string[]> {
   const globber = await glob.create(pattern, {
     followSymbolicLinks: false,
   });
-  // fs.statSync resolve the symbolic link and returns stat for the
+  // fs.stat resolve the symbolic link and returns stat for the
   // file it pointed to, so isFile would make sure the resolved
   // file is actually a regular file.
-  return (await globber.glob()).filter((file) => fs.statSync(file).isFile());
+  const files = [];
+  for (const file of await globber.glob()) {
+    const stats = await fs.stat(file);
+    if (stats.isFile()) {
+      files.push(file);
+    }
+  }
+  return files;
 }
 
 function sort_and_uniq(a: string[]) {

src/restore.ts

@@ -42,7 +42,9 @@ async function run() {
       lookupOnly,
     });
     if (restoreKey) {
-      const match = restoreKey === key;
+      const match = restoreKey.localeCompare(key, undefined, {
+	sensitivity: "accent"
+      }) === 0;
       core.info(`${lookupOnly ? "Found" : "Restored from"} cache key "${restoreKey}" full match: ${match}.`);
       if (!match) {
         // pre-clean the target directory on cache mismatch

src/save.ts

@@ -39,9 +39,9 @@ async function run() {
     const workspaceCrates = core.getInput("cache-workspace-crates").toLowerCase() || "false";
     const allPackages = [];
     for (const workspace of config.workspaces) {
-      const packages = await workspace.getPackagesOutsideWorkspaceRoot();
+      const packages = await workspace.getPackagesOutsideWorkspaceRoot(config.cmdFormat);
       if (workspaceCrates === "true") {
-        const wsMembers = await workspace.getWorkspaceMembers();
+        const wsMembers = await workspace.getWorkspaceMembers(config.cmdFormat);
         packages.push(...wsMembers);
       }
       allPackages.push(...packages);

src/utils.ts

@@ -16,14 +16,15 @@ export function reportError(e: any) {
 }
 
 export async function getCmdOutput(
+  cmdFormat: string,
   cmd: string,
-  args: Array<string> = [],
   options: exec.ExecOptions = {},
 ): Promise<string> {
+  cmd = cmdFormat.replace("{0}", cmd);
   let stdout = "";
   let stderr = "";
   try {
-    await exec.exec(cmd, args, {
+    await exec.exec(cmd, [], {
       silent: true,
       listeners: {
         stdout(data) {
@@ -37,7 +38,7 @@ export async function getCmdOutput(
     });
   } catch (e) {
     (e as any).commandFailed = {
-      command: `${cmd} ${args.join(" ")}`,
+      command: cmd,
       stderr,
     };
     throw e;

src/workspace.ts

@@ -8,14 +8,15 @@ const SAVE_TARGETS = new Set(["lib", "proc-macro"]);
 export class Workspace {
   constructor(public root: string, public target: string) {}
 
-  async getPackages(filter: (p: Meta["packages"][0]) => boolean, ...extraArgs: string[]): Promise<Packages> {
+  async getPackages(cmdFormat: string, filter: (p: Meta["packages"][0]) => boolean, extraArgs?: string): Promise<Packages> {
+    const cmd = "cargo metadata --all-features --format-version 1" + (extraArgs ? ` ${extraArgs}` : "");
     let packages: Packages = [];
     try {
       core.debug(`collecting metadata for "${this.root}"`);
       const meta: Meta = JSON.parse(
-        await getCmdOutput("cargo", ["metadata", "--all-features", "--format-version", "1", ...extraArgs], {
+        await getCmdOutput(cmdFormat, cmd, {
           cwd: this.root,
-          env: { "CARGO_ENCODED_RUSTFLAGS": "" },
+          env: { ...process.env, "CARGO_ENCODED_RUSTFLAGS": "" },
         }),
       );
       core.debug(`workspace "${this.root}" has ${meta.packages.length} packages`);
@@ -29,12 +30,12 @@ export class Workspace {
     return packages;
   }
 
-  public async getPackagesOutsideWorkspaceRoot(): Promise<Packages> {
+  public async getPackagesOutsideWorkspaceRoot(cmdFormat: string): Promise<Packages> {
-    return await this.getPackages((pkg) => !pkg.manifest_path.startsWith(this.root));
+    return await this.getPackages(cmdFormat, (pkg) => !pkg.manifest_path.startsWith(this.root));
   }
 
-  public async getWorkspaceMembers(): Promise<Packages> {
+  public async getWorkspaceMembers(cmdFormat: string): Promise<Packages> {
-    return await this.getPackages((_) => true, "--no-deps");
+    return await this.getPackages(cmdFormat, (_) => true, "--no-deps");
   }
 }
 

tests/flake.nix

@@ -0,0 +1,31 @@
+{
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
+    flake-utils.url = "github:numtide/flake-utils";
+    rust-overlay = {
+      url = "github:oxalica/rust-overlay";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = inputs @ { self, nixpkgs, flake-utils, rust-overlay, ... }:
+    flake-utils.lib.eachDefaultSystem (
+      system: let
+        overlays = [ (import rust-overlay) ];
+        pkgs = import nixpkgs { inherit system overlays; };
+      in {
+        devShells.default = with pkgs; mkShell {
+          buildInputs = [
+            autoconf
+            gcc
+            gnumake
+            openssl
+            pkg-config
+            rust-bin.stable.latest.minimal
+          ];
+          CARGO_TERM_COLOR = "always";
+        };
+      }
+    );
+}
+