Bump fast-xml-builder from 1.1.4 to 1.2.0

Bumps [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) from 1.1.4 to 1.2.0.
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-builder/compare/v1.1.4...v1.2.0)

---
updated-dependencies:
- dependency-name: fast-xml-builder
  dependency-version: 1.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

__tests__/authutil.test.ts

@@ -118,27 +118,6 @@ describe('authutil tests', () => {
     expect(process.env.NODE_AUTH_TOKEN).toEqual('foobar');
   });
 
-  it('should not export NODE_AUTH_TOKEN if not set in environment', async () => {
-    const exportSpy = jest.spyOn(core, 'exportVariable');
-    delete process.env.NODE_AUTH_TOKEN;
-    await auth.configAuthentication('https://registry.npmjs.org/');
-    expect(fs.statSync(rcFile)).toBeDefined();
-    const rc = readRcFile(rcFile);
-    expect(rc['registry']).toBe('https://registry.npmjs.org/');
-    expect(exportSpy).not.toHaveBeenCalledWith(
-      'NODE_AUTH_TOKEN',
-      expect.anything()
-    );
-  });
-
-  it('should export NODE_AUTH_TOKEN if set to empty string', async () => {
-    const exportSpy = jest.spyOn(core, 'exportVariable');
-    process.env.NODE_AUTH_TOKEN = '';
-    await auth.configAuthentication('https://registry.npmjs.org/');
-    expect(fs.statSync(rcFile)).toBeDefined();
-    expect(exportSpy).toHaveBeenCalledWith('NODE_AUTH_TOKEN', '');
-  });
-
   it('configAuthentication should overwrite non-scoped with non-scoped', async () => {
     fs.writeFileSync(rcFile, 'registry=NNN');
     await auth.configAuthentication('https://registry.npmjs.org/');

dist/setup/index.js

@@ -78875,10 +78875,8 @@ function writeRegistryToFile(registryUrl, fileLocation) {
     newContents += `${authString}${os.EOL}${registryString}`;
     fs.writeFileSync(fileLocation, newContents);
     core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation);
-    // Only export NODE_AUTH_TOKEN if explicitly provided by user
-    if (Object.prototype.hasOwnProperty.call(process.env, 'NODE_AUTH_TOKEN')) {
-        core.exportVariable('NODE_AUTH_TOKEN', process.env.NODE_AUTH_TOKEN);
-    }
+    // Export empty node_auth_token if didn't exist so npm doesn't complain about not being able to find it
+    core.exportVariable('NODE_AUTH_TOKEN', process.env.NODE_AUTH_TOKEN || 'XXXXX-XXXXX-XXXXX-XXXXX');
 }
 
 

docs/advanced-usage.md

@@ -329,51 +329,36 @@ steps:
 - run: npm test
 ```
 
-**Restore-only cache**
-
-You can restore caches without saving new entries, which helps reduce cache writes and storage usage in read-only cache workflows.
+**Restore-Only Cache**
 
 ```yaml
-steps:
-- uses: actions/checkout@v6
-# - uses: pnpm/action-setup@v6 
-#   with:
-#     version: 10
-
-- name: Setup Node.js
-  uses: actions/setup-node@v6
-  with:
-    node-version: '24'
-
-- name: Normalize runner architecture
-  shell: bash
-  run: echo "ARCH=$(echo '${{ runner.arch }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
-    
-- name: Output of cache path
-  id: cachepath
-  shell: bash
-  run: echo "path=$(npm config get cache)" >> $GITHUB_OUTPUT
-  # run: echo "path=$(pnpm store path --silent)" >> $GITHUB_OUTPUT
-  # For yarn workflow, output of yarn cache dir (v1) or yarn config get cacheFolder (v2+)
-  # run: echo "path=$(yarn cache dir)" >> $GITHUB_OUTPUT 
-    
-- name: Restore Node cache
-  uses: actions/cache/restore@v5
-  with:
-    path: ${{ steps.cachepath.outputs.path }}
-    key: node-cache-${{ runner.os }}-${{ env.ARCH }}-npm-${{ hashFiles('**/package-lock.json') }}
-    # key: node-cache-${{ runner.os }}-${{ env.ARCH }}-yarn-${{ hashFiles('**/yarn.lock') }}
-    # key: node-cache-${{ runner.os }}-${{ env.ARCH }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}
-    
-- run: npm ci
-# - run: yarn install --frozen-lockfile # optional, --immutable
-# - run: pnpm install
+## In some workflows, you may want to restore a cache without saving it. This can help reduce cache writes and storage usage in workflows that only need to read from cache
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      # Restore Node.js modules cache (restore-only)
+      - name: Restore Node modules cache
+        uses: actions/cache@v5
+        id: cache-node-modules
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+      # Setup Node.js
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '24'
+      # Install dependencies
+      - run: npm install
 ```
-> **Note**: Uncomment the commands relevant to your project's package manager.
 
-> For more details related to cache scenarios, please refer [actions/cache/restore](https://github.com/actions/cache/tree/main/restore#only-restore-cache).
+> For more details related to cache scenarios, please refer [Node – npm](https://github.com/actions/cache/blob/main/examples.md#node---npm).
 
-## Multiple operating systems and architectures
+## Multiple Operating Systems and Architectures
 
 ```yaml
 jobs:

package-lock.json

@@ -3320,9 +3320,9 @@
       "license": "MIT"
     },
     "node_modules/fast-xml-builder": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.4.tgz",
-      "integrity": "sha512-f2jhpN4Eccy0/Uz9csxh3Nu6q4ErKxf0XIsasomfOihuSUa3/xw6w8dnOtCDgEItQFJG8KyXPzQXzcODDrrbOg==",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.2.0.tgz",
+      "integrity": "sha512-00aAWieqff+ZJhsXA4g1g7M8k+7AYoMUUHF+/zFb5U6Uv/P0Vl4QZo84/IcufzYalLuEj9928bXN9PbbFzMF0Q==",
       "funding": [
         {
           "type": "github",
@@ -3331,7 +3331,8 @@
       ],
       "license": "MIT",
       "dependencies": {
-        "path-expression-matcher": "^1.1.3"
+        "path-expression-matcher": "^1.5.0",
+        "xml-naming": "^0.1.0"
       }
     },
     "node_modules/fast-xml-parser": {
@@ -4977,9 +4978,9 @@
       }
     },
     "node_modules/path-expression-matcher": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.4.0.tgz",
-      "integrity": "sha512-s4DQMxIdhj3jLFWd9LxHOplj4p9yQ4ffMGowFf3cpEgrrJjEhN0V5nxw4Ye1EViAGDoL4/1AeO6qHpqYPOzE4Q==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.5.0.tgz",
+      "integrity": "sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ==",
       "funding": [
         {
           "type": "github",
@@ -5981,6 +5982,21 @@
         "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
       }
     },
+    "node_modules/xml-naming": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/xml-naming/-/xml-naming-0.1.0.tgz",
+      "integrity": "sha512-k8KO9hrMyNk6tUWqUfkTEZbezRRpONVOzUTnc97VnCvyj6Tf9lyUR9EDAIeiVLv56jsMcoXEwjW8Kv5yPY52lw==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/NaturalIntelligence"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/y18n": {
       "version": "5.0.8",
       "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",

src/authutil.ts

@@ -46,8 +46,9 @@ function writeRegistryToFile(registryUrl: string, fileLocation: string) {
   newContents += `${authString}${os.EOL}${registryString}`;
   fs.writeFileSync(fileLocation, newContents);
   core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation);
-  // Only export NODE_AUTH_TOKEN if explicitly provided by user
-  if (Object.prototype.hasOwnProperty.call(process.env, 'NODE_AUTH_TOKEN')) {
-    core.exportVariable('NODE_AUTH_TOKEN', process.env.NODE_AUTH_TOKEN);
-  }
+  // Export empty node_auth_token if didn't exist so npm doesn't complain about not being able to find it
+  core.exportVariable(
+    'NODE_AUTH_TOKEN',
+    process.env.NODE_AUTH_TOKEN || 'XXXXX-XXXXX-XXXXX-XXXXX'
+  );
 }