Bump semver and @types/semver (#652)

* Bump semver and @types/semver

Bumps [semver](https://github.com/npm/node-semver) and [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver). These dependencies needed to be updated together.

Updates `semver` from 7.7.1 to 7.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.7.1...v7.7.2)

Updates `@types/semver` from 7.5.8 to 7.7.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver)

---
updated-dependencies:
- dependency-name: semver
  dependency-version: 7.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: "@types/semver"
  dependency-version: 7.7.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: add license information for semver dependency

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>

.github/ISSUE_TEMPLATE/bug_report.md

@@ -7,7 +7,7 @@ assignees: ''
 
 ---
 
-<!--- Please direct any generic questions related to actions to our support community forum at https://github.community/c/code-to-cloud/github-actions/41 --->
+<!--- Please direct any generic questions related to actions to our support community forum at https://github.com/orgs/community/discussions/categories/actions --->
 <!--- Before opening up a new bug report, please make sure to check for similar existing issues -->
 
 **Description:**

.github/ISSUE_TEMPLATE/feature_request.md

@@ -5,7 +5,7 @@ title: ''
 labels: feature request, needs triage
 assignees: ''
 ---
-<!--- Please direct any generic questions related to actions to our support community forum at https://github.community/c/code-to-cloud/github-actions/41 --->
+<!--- Please direct any generic questions related to actions to our support community forum at https://github.com/orgs/community/discussions/categories/actions --->
 <!--- Before opening up a new feature request, please make sure to check for similar existing issues and pull requests -->
 
 **Description:**

.github/dependabot.yml

@@ -0,0 +1,22 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  # Enable version updates for npm
+  - package-ecosystem: 'npm'
+    # Look for `package.json` and `lock` files in the `root` directory
+    directory: '/'
+    # Check the npm registry for updates every day (weekdays)
+    schedule:
+      interval: 'weekly'
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: 'github-actions'
+    # Workflow files stored in the default location of `.github/workflows`
+    # You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.
+    directory: '/'
+    schedule:
+      interval: 'weekly'

.github/workflows/basic-validation.yml

@@ -14,3 +14,5 @@ jobs:
   call-basic-validation:
     name: Basic validation
     uses: actions/reusable-workflows/.github/workflows/basic-validation.yml@main
+    with:
+      node-version: '24.x'

.github/workflows/check-dist.yml

@@ -15,3 +15,5 @@ jobs:
   call-check-dist:
     name: Check dist/
     uses: actions/reusable-workflows/.github/workflows/check-dist.yml@main
+    with:
+      node-version: '24.x'

.github/workflows/publish-immutable-actions.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checking out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Publish
         id: publish
         uses: actions/publish-immutable-action@v0.0.4

.github/workflows/release-new-action-version.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Update the ${{ env.TAG_NAME }} tag
-        uses: actions/publish-action@v0.2.2
+        uses: actions/publish-action@v0.4.0
         with:
           source-tag: ${{ env.TAG_NAME }}
           slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/versions.yml

@@ -18,9 +18,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go Stable
         uses: ./
         with:
@@ -33,9 +33,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go oldStable
         uses: ./
         with:
@@ -48,14 +48,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
         version: [stable, oldstable]
         architecture: [x64, x32]
         exclude:
           - os: macos-latest
             architecture: x32
+          - os: macos-latest-large
+            architecture: x32
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go ${{ matrix.version }} ${{ matrix.architecture }}
         uses: ./
         with:
@@ -70,11 +72,17 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
-        go: [1.17, 1.18, 1.19]
+        os: [macos-latest, windows-latest, ubuntu-latest, macos-latest-large]
+        go: [1.21.13, 1.22.8, 1.23.2]
+        include:
+          - os: windows-latest
+            go: 1.20.14
+        exclude:
+          - os: windows-latest
+            go: 1.23.2
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
 
       - name: setup-go ${{ matrix.go }}
         uses: ./
@@ -90,10 +98,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
-        go-version: [1.16, 1.17]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        go-version: ['1.20', '1.21', '1.22', '1.23']
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go and check latest
         uses: ./
         with:
@@ -107,15 +115,15 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-13]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go and check latest
         uses: ./
         with:
           go-version-file: __tests__/data/go.mod
       - name: verify go
-        run: __tests__/verify-go.sh 1.14
+        run: __tests__/verify-go.sh 1.20.14
         shell: bash
 
   go-version-file-with-gowork:
@@ -123,28 +131,59 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go and check latest
         uses: ./
         with:
           go-version-file: __tests__/data/go.work
       - name: verify go
-        run: __tests__/verify-go.sh 1.19
+        run: __tests__/verify-go.sh 1.21
         shell: bash
 
-  setup-versions-from-manifest:
-    name: Setup ${{ matrix.go }} ${{ matrix.os }}
+  go-version-file-with-tool-versions:
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [macos-13, windows-latest, ubuntu-latest]
-        go: [1.12.16, 1.13.11, 1.14.3]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+    steps:
+      - uses: actions/checkout@v5
+      - name: Setup Go and check latest
+        uses: ./
+        with:
+          go-version-file: __tests__/data/.tool-versions
+      - name: verify go
+        run: __tests__/verify-go.sh 1.23.2
+        shell: bash
+
+  go-version-file-with-go-version:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+    steps:
+      - uses: actions/checkout@v5
+      - name: Setup Go from .go-version file
+        uses: ./
+        with:
+          go-version-file: __tests__/data/.go-version
+      - name: verify go
+        run: __tests__/verify-go.sh 1.22.4
+        shell: bash
+
+  setup-versions-from-manifest:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-latest, windows-latest, ubuntu-latest, macos-latest-large]
+        go: [1.20.14, 1.21.10, 1.22.8, 1.23.2]
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
 
       - name: setup-go ${{ matrix.go }}
         uses: ./
@@ -156,19 +195,15 @@ jobs:
         shell: bash
 
   setup-versions-from-dist:
-    name: Setup ${{ matrix.go }} ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [macos-13, windows-latest, ubuntu-latest]
-        go: [1.11.12, 1.8.6]
-        exclude:
-          - os: macos-13
-            go: 1.8.6
+        os: [windows-latest, ubuntu-latest, macos-latest-large]
+        go: [1.11.12]
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
 
       - name: setup-go ${{ matrix.go }}
         uses: ./
@@ -184,14 +219,23 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
-        go-version: [1.16, 1.17]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        go-version: [1.20.14, 1.21, 1.22, 1.23]
+        include:
+          - os: macos-latest
+            architecture: arm64
+          - os: ubuntu-latest
+            architecture: x64
+          - os: windows-latest
+            architecture: x64
+          - os: macos-latest-large
+            architecture: x64
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
       - name: Setup Go and check latest
         uses: ./
         with:
           go-version: ${{ matrix.go-version }}
-          architecture: x64
+          architecture: ${{ matrix.architecture }}
       - name: Verify Go
         run: go version

.github/workflows/windows-validation.yml

@@ -19,7 +19,7 @@ jobs:
         cache: [false, true]
         go: [1.20.1]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
 
       - name: 'Setup ${{ matrix.cache }}, cache: ${{ matrix.go }}'
         uses: ./
@@ -61,7 +61,7 @@ jobs:
             echo 'which go should return "/c/hostedtoolcache/windows/go/${{ matrix.go }}/x64/bin/go"'
             exit 1
           fi
-          if [ $(go env GOROOT) != 'C:\hostedtoolcache\windows\go\${{ matrix.go }}\x64' ];then 
+          if [ $(go env GOROOT) != 'C:\hostedtoolcache\windows\go\${{ matrix.go }}\x64' ];then
             echo 'go env GOROOT should return "C:\hostedtoolcache\windows\go\${{ matrix.go }}\x64"'
             exit 1
           fi
@@ -88,7 +88,7 @@ jobs:
       matrix:
         cache: [false, true]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
 
       - name: 'Setup default go, cache: ${{ matrix.cache }}'
         uses: ./
@@ -105,10 +105,32 @@ jobs:
           fi
         shell: bash
 
-      - name: 'Drive D: should not have Go installation, cache: ${{ matrix.cache}}'
+      - name: 'Drive D: should not have Go installation, cache: ${{ matrix.cache }}'
         run: |
           if [ -e 'D:\hostedtoolcache\windows\go\${{ needs.find-default-go.outputs.version }}\x64' ];then
             echo 'D:\hostedtoolcache\windows\go\${{ needs.find-default-go.outputs.version }}\x64 should not exist for hosted version of go';
             exit 1
           fi
         shell: bash
+
+  hostedtoolcache:
+    name: 'Validate if hostedtoolcache works as expected'
+    runs-on: windows-latest
+    strategy:
+      matrix:
+        cache: [false]
+        go: [1.20.1]
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: 'Setup ${{ matrix.go }}, cache: ${{ matrix.cache }}'
+        uses: ./
+        with:
+          go-version: ${{ matrix.go }}
+          cache: ${{ matrix.cache }}
+
+      - name: 'Setup ${{ matrix.go }}, cache: ${{ matrix.cache }} (from hostedtoolcache)'
+        uses: ./
+        with:
+          go-version: ${{ matrix.go }}
+          cache: ${{ matrix.cache }}

.licenses/npm/@actions/glob-0.5.0.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/glob"
-version: 0.2.1
+version: 0.5.0
 type: npm
 summary: Actions glob lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/glob

.licenses/npm/@actions/http-client-1.0.11.dep.yml

@@ -1,32 +0,0 @@
----
-name: "@actions/http-client"
-version: 1.0.11
-type: npm
-summary: Actions Http Client
-homepage: https://github.com/actions/http-client#readme
-license: mit
-licenses:
-- sources: LICENSE
-  text: |
-    Actions Http Client for Node.js
-
-    Copyright (c) GitHub, Inc.
-
-    All rights reserved.
-
-    MIT License
-
-    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
-    associated documentation files (the "Software"), to deal in the Software without restriction,
-    including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
-    and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
-    subject to the following conditions:
-
-    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
-    LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
-    NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-    WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-    SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-notices: []

.licenses/npm/@actions/http-client.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/http-client"
-version: 2.2.3
+version: 2.2.1
 type: npm
 summary: Actions Http Client
 homepage: https://github.com/actions/toolkit/tree/main/packages/http-client

.licenses/npm/@actions/io.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/io"
-version: 1.1.2
+version: 1.1.3
 type: npm
 summary: Actions io lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/io

.licenses/npm/@actions/tool-cache.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/tool-cache"
-version: 1.7.2
+version: 2.0.2
 type: npm
 summary: Actions tool-cache lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/tool-cache

.licenses/npm/@azure/core-auth.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/core-auth"
-version: 1.3.2
+version: 1.5.0
 type: npm
 summary: Provides low-level interfaces and helper methods for authentication in Azure
   SDK

.licenses/npm/@azure/core-http.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/core-http"
-version: 3.0.1
+version: 3.0.4
 type: npm
 summary: Isomorphic client Runtime for Typescript/node.js/browser javascript client
   libraries generated using AutoRest

.licenses/npm/@azure/core-lro.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/core-lro"
-version: 2.2.4
+version: 2.5.4
 type: npm
 summary: Isomorphic client library for supporting long-running operations in node.js
   and browser.

.licenses/npm/@azure/core-paging.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/core-paging"
-version: 1.2.1
+version: 1.5.0
 type: npm
 summary: Core types for paging async iterable iterators
 homepage: https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/core/core-paging/README.md

.licenses/npm/@azure/core-util.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/core-util"
-version: 1.3.1
+version: 1.6.1
 type: npm
 summary: Core library for shared utility methods
 homepage: https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/core/core-util/

.licenses/npm/@azure/logger.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/logger"
-version: 1.0.3
+version: 1.0.4
 type: npm
 summary: Microsoft Azure SDK for JavaScript - Logger
 homepage: https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/core/logger/README.md

.licenses/npm/@azure/storage-blob.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@azure/storage-blob"
-version: 12.14.0
+version: 12.17.0
 type: npm
 summary: Microsoft Azure Storage SDK for JavaScript - Blob
 homepage: https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/storage/storage-blob/

.licenses/npm/@fastify/busboy.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@fastify/busboy"
-version: 2.1.1
+version: 2.1.0
 type: npm
 summary: A streaming parser for HTML form data for node.js
-homepage:
+homepage: 
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@opentelemetry/api.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@opentelemetry/api"
-version: 1.0.4
+version: 1.7.0
 type: npm
 summary: Public API for OpenTelemetry
-homepage: https://github.com/open-telemetry/opentelemetry-js-api#readme
+homepage: https://github.com/open-telemetry/opentelemetry-js/tree/main/api
 license: apache-2.0
 licenses:
 - sources: LICENSE
@@ -216,10 +216,8 @@ licenses:
     [opentelemetry-js]: https://github.com/open-telemetry/opentelemetry-js
 
     [discussions-url]: https://github.com/open-telemetry/opentelemetry-js/discussions
-    [license-url]: https://github.com/open-telemetry/opentelemetry-js-api/blob/main/LICENSE
+    [license-url]: https://github.com/open-telemetry/opentelemetry-js/blob/main/api/LICENSE
     [license-image]: https://img.shields.io/badge/license-Apache_2.0-green.svg?style=flat
-    [npm-url]: https://www.npmjs.com/package/@opentelemetry/api
-    [npm-img]: https://badge.fury.io/js/%40opentelemetry%2Fapi.svg
-    [docs-tracing]: https://github.com/open-telemetry/opentelemetry-js-api/blob/main/docs/tracing.md
-    [docs-sdk-registration]: https://github.com/open-telemetry/opentelemetry-js-api/blob/main/docs/sdk-registration.md
+    [docs-tracing]: https://github.com/open-telemetry/opentelemetry-js/blob/main/doc/tracing.md
+    [docs-sdk-registration]: https://github.com/open-telemetry/opentelemetry-js/blob/main/doc/sdk-registration.md
 notices: []

.licenses/npm/@protobuf-ts/plugin-framework.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@protobuf-ts/plugin-framework"
-version: 2.9.6
+version: 2.9.5
 type: npm
 summary: framework to create protoc plugins
 homepage: https://github.com/timostamm/protobuf-ts

.licenses/npm/@protobuf-ts/plugin.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@protobuf-ts/plugin"
-version: 2.9.6
+version: 2.9.5
 type: npm
 summary: The protocol buffer compiler plugin "protobuf-ts" generates TypeScript, gRPC-web,
   Twirp, and more.

.licenses/npm/@protobuf-ts/protoc.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@protobuf-ts/protoc"
-version: 2.9.6
+version: 2.9.5
 type: npm
 summary: Installs the protocol buffer compiler "protoc" for you.
 homepage: https://github.com/timostamm/protobuf-ts

.licenses/npm/@protobuf-ts/runtime-rpc.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@protobuf-ts/runtime-rpc"
-version: 2.9.6
+version: 2.9.5
 type: npm
 summary: Runtime library for RPC clients generated by the protoc plugin "protobuf-ts"
 homepage: https://github.com/timostamm/protobuf-ts

.licenses/npm/@protobuf-ts/runtime.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@protobuf-ts/runtime"
-version: 2.9.6
+version: 2.9.5
 type: npm
 summary: Runtime library for code generated by the protoc plugin "protobuf-ts"
 homepage: https://github.com/timostamm/protobuf-ts

.licenses/npm/@types/node-fetch.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@types/node-fetch"
-version: 2.6.3
+version: 2.6.9
 type: npm
 summary: TypeScript definitions for node-fetch
 homepage: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-fetch

.licenses/npm/@types/node.dep.yml

@@ -1,8 +1,8 @@
 ---
 name: "@types/node"
-version: 16.11.26
+version: 24.1.0
 type: npm
-summary: TypeScript definitions for Node.js
+summary: TypeScript definitions for node
 homepage: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node
 license: mit
 licenses:

.licenses/npm/brace-expansion.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: brace-expansion
-version: 1.1.11
+version: 1.1.12
 type: npm
 summary: Brace expansion as known from sh/bash
 homepage: https://github.com/juliangruber/brace-expansion

.licenses/npm/call-bind-apply-helpers.dep.yml

@@ -1,16 +1,16 @@
 ---
-name: "@azure/core-asynciterator-polyfill"
+name: call-bind-apply-helpers
 version: 1.0.2
 type: npm
-summary: Polyfill for IE/Node 8 for Symbol.asyncIterator
-homepage: https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/core/core-asynciterator-polyfill/README.md
+summary: Helper functions around Function call/apply/bind, for use in `call-bind`
+homepage: https://github.com/ljharb/call-bind-apply-helpers#readme
 license: mit
 licenses:
 - sources: LICENSE
   text: |
-    The MIT License (MIT)
+    MIT License
 
-    Copyright (c) 2020 Microsoft
+    Copyright (c) 2024 Jordan Harband
 
     Permission is hereby granted, free of charge, to any person obtaining a copy
     of this software and associated documentation files (the "Software"), to deal

.licenses/npm/dunder-proto.dep.yml

@@ -1,16 +1,16 @@
 ---
-name: uuid
-version: 3.4.0
+name: dunder-proto
+version: 1.0.1
 type: npm
-summary: RFC4122 (v1, v4, and v5) UUIDs
-homepage: https://github.com/uuidjs/uuid#readme
+summary: If available, the `Object.prototype.__proto__` accessor and mutator, call-bound
+homepage: https://github.com/es-shims/dunder-proto#readme
 license: mit
 licenses:
-- sources: LICENSE.md
+- sources: LICENSE
   text: |
-    The MIT License (MIT)
+    MIT License
 
-    Copyright (c) 2010-2016 Robert Kieffer and other contributors
+    Copyright (c) 2024 ECMAScript Shims
 
     Permission is hereby granted, free of charge, to any person obtaining a copy
     of this software and associated documentation files (the "Software"), to deal
@@ -29,11 +29,4 @@ licenses:
     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
     SOFTWARE.
-notices:
-- sources: AUTHORS
-  text: |-
-    Robert Kieffer <robert@broofa.com>
-    Christoph Tavan <dev@tavan.de>
-    AJ ONeal <coolaj86@gmail.com>
-    Vincent Voyer <vincent@zeroload.net>
-    Roman Shtylman <shtylman@gmail.com>
+notices: []

.licenses/npm/es-define-property.dep.yml

@@ -0,0 +1,32 @@
+---
+name: es-define-property
+version: 1.0.1
+type: npm
+summary: "`Object.defineProperty`, but not IE 8's broken one."
+homepage: https://github.com/ljharb/es-define-property#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/es-errors.dep.yml

@@ -0,0 +1,32 @@
+---
+name: es-errors
+version: 1.3.0
+type: npm
+summary: A simple cache for a few of the JS Error constructors.
+homepage: https://github.com/ljharb/es-errors#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/es-object-atoms.dep.yml

@@ -0,0 +1,32 @@
+---
+name: es-object-atoms
+version: 1.1.1
+type: npm
+summary: 'ES Object-related atoms: Object, ToObject, RequireObjectCoercible'
+homepage: https://github.com/ljharb/es-object-atoms#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/es-set-tostringtag.dep.yml

@@ -0,0 +1,32 @@
+---
+name: es-set-tostringtag
+version: 2.1.0
+type: npm
+summary: A helper to optimistically set Symbol.toStringTag, when possible.
+homepage: https://github.com/es-shims/es-set-tostringtag#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2022 ECMAScript Shims
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/form-data-2.5.5.dep.yml

@@ -1,10 +1,10 @@
 ---
 name: form-data
-version: 2.5.1
+version: 2.5.5
 type: npm
 summary: A library to create readable "multipart/form-data" streams. Can be used to
   submit forms and file uploads to other web applications.
-homepage: https://github.com/form-data/form-data#readme
+homepage: 
 license: mit
 licenses:
 - sources: License

.licenses/npm/form-data-4.0.0.dep.yml

@@ -1,33 +0,0 @@
----
-name: form-data
-version: 4.0.0
-type: npm
-summary: A library to create readable "multipart/form-data" streams. Can be used to
-  submit forms and file uploads to other web applications.
-homepage: https://github.com/form-data/form-data#readme
-license: mit
-licenses:
-- sources: License
-  text: |
-    Copyright (c) 2012 Felix Geisendörfer (felix@debuggable.com) and contributors
-
-     Permission is hereby granted, free of charge, to any person obtaining a copy
-     of this software and associated documentation files (the "Software"), to deal
-     in the Software without restriction, including without limitation the rights
-     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-     copies of the Software, and to permit persons to whom the Software is
-     furnished to do so, subject to the following conditions:
-
-     The above copyright notice and this permission notice shall be included in
-     all copies or substantial portions of the Software.
-
-     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-     THE SOFTWARE.
-- sources: Readme.md
-  text: Form-Data is released under the [MIT](License) license.
-notices: []

.licenses/npm/form-data-4.0.4.dep.yml

@@ -1,10 +1,10 @@
 ---
 name: form-data
-version: 3.0.1
+version: 4.0.4
 type: npm
 summary: A library to create readable "multipart/form-data" streams. Can be used to
   submit forms and file uploads to other web applications.
-homepage: https://github.com/form-data/form-data#readme
+homepage: 
 license: mit
 licenses:
 - sources: License
@@ -28,6 +28,6 @@ licenses:
      LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
      OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
      THE SOFTWARE.
-- sources: Readme.md
+- sources: README.md
   text: Form-Data is released under the [MIT](License) license.
 notices: []

.licenses/npm/function-bind.dep.yml

@@ -0,0 +1,31 @@
+---
+name: function-bind
+version: 1.1.2
+type: npm
+summary: Implementation of Function.prototype.bind
+homepage: https://github.com/Raynos/function-bind
+license: mit
+licenses:
+- sources: LICENSE
+  text: |+
+    Copyright (c) 2013 Raynos.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in
+    all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+    THE SOFTWARE.
+
+notices: []

.licenses/npm/get-intrinsic.dep.yml

@@ -0,0 +1,33 @@
+---
+name: get-intrinsic
+version: 1.3.0
+type: npm
+summary: Get and robustly cache all JS language-level intrinsics at first require
+  time
+homepage: https://github.com/ljharb/get-intrinsic#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2020 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/get-proto.dep.yml

@@ -0,0 +1,32 @@
+---
+name: get-proto
+version: 1.0.1
+type: npm
+summary: Robustly get the [[Prototype]] of an object
+homepage: https://github.com/ljharb/get-proto#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2025 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/gopd.dep.yml

@@ -0,0 +1,32 @@
+---
+name: gopd
+version: 1.2.0
+type: npm
+summary: "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation."
+homepage: https://github.com/ljharb/gopd#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2022 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/has-symbols.dep.yml

@@ -0,0 +1,32 @@
+---
+name: has-symbols
+version: 1.1.0
+type: npm
+summary: Determine if the JS environment has Symbol support. Supports spec, or shams.
+homepage: https://github.com/ljharb/has-symbols#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2016 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/has-tostringtag.dep.yml

@@ -0,0 +1,33 @@
+---
+name: has-tostringtag
+version: 1.0.2
+type: npm
+summary: Determine if the JS environment has `Symbol.toStringTag` support. Supports
+  spec, or shams.
+homepage: https://github.com/inspect-js/has-tostringtag#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2021 Inspect JS
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/hasown.dep.yml

@@ -0,0 +1,32 @@
+---
+name: hasown
+version: 2.0.2
+type: npm
+summary: A robust, ES3 compatible, "has own property" predicate.
+homepage: https://github.com/inspect-js/hasOwn#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) Jordan Harband and contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/math-intrinsics.dep.yml

@@ -0,0 +1,32 @@
+---
+name: math-intrinsics
+version: 1.1.0
+type: npm
+summary: ES Math-related intrinsics and helpers, robustly cached.
+homepage: https://github.com/es-shims/math-intrinsics#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 ECMAScript Shims
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/node-fetch.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: node-fetch
-version: 2.6.7
+version: 2.7.0
 type: npm
 summary: A light-weight module that brings window.fetch to node.js
 homepage: https://github.com/bitinn/node-fetch

.licenses/npm/safe-buffer.dep.yml

@@ -0,0 +1,34 @@
+---
+name: safe-buffer
+version: 5.2.1
+type: npm
+summary: Safer Node.js Buffer API
+homepage: https://github.com/feross/safe-buffer
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    The MIT License (MIT)
+
+    Copyright (c) Feross Aboukhadijeh
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in
+    all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+    THE SOFTWARE.
+- sources: README.md
+  text: MIT. Copyright (C) [Feross Aboukhadijeh](http://feross.org)
+notices: []

.licenses/npm/sax.dep.yml

@@ -1,16 +1,16 @@
 ---
 name: sax
-version: 1.2.4
+version: 1.3.0
 type: npm
 summary: An evented streaming XML parser in JavaScript
-homepage: https://github.com/isaacs/sax-js#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE
   text: |
     The ISC License
 
-    Copyright (c) Isaac Z. Schlueter and Contributors
+    Copyright (c) 2010-2022 Isaac Z. Schlueter and Contributors
 
     Permission to use, copy, modify, and/or distribute this software for any
     purpose with or without fee is hereby granted, provided that the above
@@ -29,7 +29,7 @@ licenses:
     `String.fromCodePoint` by Mathias Bynens used according to terms of MIT
     License, as follows:
 
-        Copyright Mathias Bynens <https://mathiasbynens.be/>
+    Copyright (c) 2010-2022 Mathias Bynens <https://mathiasbynens.be/>
 
         Permission is hereby granted, free of charge, to any person obtaining
         a copy of this software and associated documentation files (the

.licenses/npm/semver-6.3.1.dep.yml

@@ -3,7 +3,7 @@ name: semver
 version: 6.3.1
 type: npm
 summary: The semantic version parser used by npm.
-homepage: https://github.com/npm/node-semver#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/semver-7.7.3.dep.yml

@@ -0,0 +1,26 @@
+---
+name: semver
+version: 7.7.3
+type: npm
+summary: The semantic version parser used by npm.
+homepage:
+license: isc
+licenses:
+- sources: LICENSE
+  text: |
+    The ISC License
+
+    Copyright (c) Isaac Z. Schlueter and Contributors
+
+    Permission to use, copy, modify, and/or distribute this software for any
+    purpose with or without fee is hereby granted, provided that the above
+    copyright notice and this permission notice appear in all copies.
+
+    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+    IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+notices: []

.licenses/npm/tslib-2.3.1.dep.yml

@@ -1,35 +0,0 @@
----
-name: tslib
-version: 2.3.1
-type: npm
-summary: Runtime library for TypeScript helper functions
-homepage: https://www.typescriptlang.org/
-license: 0bsd
-licenses:
-- sources: LICENSE.txt
-  text: |-
-    Copyright (c) Microsoft Corporation.
-
-    Permission to use, copy, modify, and/or distribute this software for any
-    purpose with or without fee is hereby granted.
-
-    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-    REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-    INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-    LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-    OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-    PERFORMANCE OF THIS SOFTWARE.
-notices:
-- sources: CopyrightNotice.txt
-  text: "/*! *****************************************************************************\r\nCopyright
-    (c) Microsoft Corporation.\r\n\r\nPermission to use, copy, modify, and/or distribute
-    this software for any\r\npurpose with or without fee is hereby granted.\r\n\r\nTHE
-    SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH\r\nREGARD
-    TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\r\nAND FITNESS.
-    IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,\r\nINDIRECT, OR
-    CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\r\nLOSS OF USE,
-    DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\r\nOTHER TORTIOUS
-    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\r\nPERFORMANCE OF THIS
-    SOFTWARE.\r\n*****************************************************************************
-    */"

.licenses/npm/tslib-2.6.2.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: tslib
-version: 2.5.0
+version: 2.6.2
 type: npm
 summary: Runtime library for TypeScript helper functions
 homepage: https://www.typescriptlang.org/

.licenses/npm/undici-types.dep.yml

@@ -0,0 +1,32 @@
+---
+name: undici-types
+version: 7.8.0
+type: npm
+summary: A stand-alone types package for Undici
+homepage: https://undici.nodejs.org
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) Matteo Collina and Undici contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/uuid.dep.yml

@@ -3,7 +3,7 @@ name: uuid
 version: 8.3.2
 type: npm
 summary: RFC4122 (v1, v4, and v5) UUIDs
-homepage: https://github.com/uuidjs/uuid#readme
+homepage:
 license: mit
 licenses:
 - sources: LICENSE.md

README.md

@@ -3,263 +3,422 @@
 [![Basic validation](https://github.com/actions/setup-go/actions/workflows/basic-validation.yml/badge.svg)](https://github.com/actions/setup-go/actions/workflows/basic-validation.yml)
 [![Validate 'setup-go'](https://github.com/actions/setup-go/actions/workflows/versions.yml/badge.svg)](https://github.com/actions/setup-go/actions/workflows/versions.yml)
 
-This action sets up a go environment for use in actions by:
+This action sets up a Go environment for use in GitHub Actions by:
 
-- Optionally downloading and caching a version of Go by version and adding to `PATH`.
-- Registering problem matchers for error output.
+- Optionally downloading and caching a version of Go by version and adding to PATH
+- Registering problem matchers for error output
+- Providing intelligent caching for Go modules and build outputs
 
-# V4
-
-The V4 edition of the action offers:
-
- - Enabled caching by default
-
-The action will try to enable caching unless the `cache` input is explicitly set to false.
-
-Please see "[Caching dependency files and build outputs](https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs)" for more information.
-
-# V3
-
-The V3 edition of the action offers:
-
-- Adds `GOBIN` to the `PATH`
-- Proxy support
-- Check latest version
-- Caching packages dependencies
-- stable and oldstable aliases
-- Bug Fixes (including issues around version matching and semver)
-
-The action will first check the local cache for a version match. If a version is not found locally, it will pull it from
-the `main` branch of the [go-versions](https://github.com/actions/go-versions/blob/main/versions-manifest.json)
-repository. On miss or failure, it will fall back to downloading directly
-from [go dist](https://storage.googleapis.com/golang). To change the default behavior, please use
-the [check-latest input](#check-latest-version).
-
-**Note:** The `setup-go` action uses executable binaries which are built by Golang side. The action does not build
-golang from source code.
-
-Matching by [semver spec](https://github.com/npm/node-semver):
+## Quick Start
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
-  - uses: actions/setup-go@v4
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
     with:
-      go-version: '^1.13.1' # The Go version to download (if necessary) and use.
+      go-version: '1.23'
+  - run: go version
+```
+
+## Breaking Changes
+
+### V6 Changes
+
+#### Node Runtime Upgrade
+- **Upgraded from Node 20 to Node 24**
+- ⚠️ **Action Required**: Ensure your runner is on version v2.327.1 or later for compatibility
+- See [Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1) for more details
+
+#### Enhanced Go Toolchain Management
+
+V6 introduces significant improvements for reliable and consistent Go version selection:
+
+**Toolchain Directive Support**
+Now correctly interprets both `go` and `toolchain` directives from `go.mod`:
+```go
+go 1.23.0           // Minimum required version
+toolchain go1.23.2  // V6 uses this exact version
+```
+
+**Intelligent Caching**
+Cache keys now incorporate the `toolchain` directive version from `go.mod`, eliminating cache conflicts when switching between different toolchain versions within the same Go minor release.
+
+For more details, see the [full release notes](https://github.com/actions/setup-go/releases/tag/v6.0.0).
+
+### V5 Changes
+
+- **Upgraded Node.js runtime from node16 to node20**
+- See [full release notes](https://github.com/actions/setup-go/releases) for complete details
+
+## Version Resolution Behavior
+
+The action follows this resolution order:
+1. **Local cache** - Checks for a cached version match
+2. **go-versions repository** - Pulls from the main branch of the [go-versions repository](https://github.com/actions/go-versions/blob/main/versions-manifest.json)
+3. **Direct download** - Falls back to downloading directly from [go.dev](https://go.dev/dl)
+
+To change the default behavior, use the `check-latest` input.
+
+> **Note**: The setup-go action uses executable binaries built by the Golang team. The action does not build golang from source code.
+
+## Usage
+
+### Basic Setup
+
+```yaml
+steps:
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
+    with:
+      go-version: '1.23'
+  - run: go run hello.go
+```
+
+### Version Specifications
+
+#### Semantic Versioning
+
+```yaml
+steps:
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
+    with:
+      go-version: '^1.23.1' # The Go version to download (if necessary) and use.
   - run: go version
 ```
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
-  - uses: actions/setup-go@v4
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
     with:
-      go-version: '>=1.17.0'
+      go-version: '>=1.22.0'
   - run: go version
 ```
 
-> **Note**: Due to the peculiarities of YAML parsing, it is recommended to wrap the version in single quotation marks:
-> 
+> **Important**: Due to YAML parsing behavior, always wrap version numbers in single quotes:
 > ```yaml
->   go-version: '1.20'
->  ```
->  
-> The recommendation is based on the YAML parser's behavior, which interprets non-wrapped values as numbers and, in the case of version 1.20, trims it down to 1.2, which may not be very obvious.
-Matching an unstable pre-release:
+> go-version: '1.22'  # Correct
+> go-version: 1.22    # Incorrect - YAML parser interprets as 1.2
+> ```
+
+#### Pre-release Versions
 
 ```yaml
+# RC version
 steps:
-  - uses: actions/checkout@v3
-  - uses: actions/setup-go@v4
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
     with:
-      go-version: '1.18.0-rc.1' # The Go version to download (if necessary) and use.
+       go-version: '1.24.0-rc.1' # The Go version to download (if necessary) and use
   - run: go version
 ```
 
 ```yaml
+# Beta version
 steps:
-  - uses: actions/checkout@v3
-  - uses: actions/setup-go@v4
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
     with:
-      go-version: '1.16.0-beta.1' # The Go version to download (if necessary) and use.
+      go-version: '1.23.0-beta.1' # The Go version to download (if necessary) and use
   - run: go version
 ```
 
-# Usage
+#### Version Aliases
 
-See [action.yml](action.yml)
+**Stable Release**
 
-## Basic
+If `stable` is provided, action will get the latest stable version from the [go-versions](https://github.com/actions/go-versions/blob/main/versions-manifest.json) repository manifest.
+```yaml
+steps:
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
+    with:
+      go-version: 'stable' # Latest stable version
+  - run: go version
+```
+
+**Previous Stable Release**
+
+If `oldstable` is provided, when the current release is 1.23.x, the action will resolve version as 1.22.x, where x is the latest patch release.
+```yaml
+steps:
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
+    with:
+      go-version: 'oldstable' # Previous stable version
+  - run: go version
+```
+
+> **Note**: Using aliases is equivalent to using the corresponding minor release with `check-latest: true`
+
+### go-version-file
+
+The action can automatically detect the Go version from various project files using the `go-version-file` input. This parameter supports `go.mod`, `go.work`, `.go-version`, and `.tool-versions` files.
+
+> **Note**: If both `go-version` and `go-version-file` are provided, `go-version` takes precedence.
+
+#### go.mod File
+
+Automatically detect the Go version from your project's `go.mod` file:
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
-  - uses: actions/setup-go@v4
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
     with:
-      go-version: '1.16.1' # The Go version to download (if necessary) and use.
+      go-version-file: 'go.mod'
+  - run: go version
+```
+
+**Version Resolution from go.mod:**
+1. Uses the `toolchain` directive version if present
+2. Falls back to the `go` directive version
+3. If no patch version is specified, uses the latest available patch
+
+#### go.work File
+
+Use the Go version specified in your `go.work` file:
+
+```yaml
+steps:
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
+    with:
+      go-version-file: 'go.work'
+  - run: go version
+```
+
+#### .go-version File
+
+Read the Go version from a `.go-version` file:
+
+```yaml
+steps:
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
+    with:
+      go-version-file: '.go-version'
+  - run: go version
+```
+
+#### .tool-versions File
+
+Use the Go version from an [`.tool-versions`](https://asdf-vm.com/manage/configuration.html#tool-versions) file:
+
+```yaml
+steps:
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
+    with:
+      go-version-file: '.tool-versions'
+  - run: go version
+```
+
+#### Custom File Paths
+
+The action searches for version files relative to the repository root by default. You can specify a custom path:
+
+```yaml
+steps:
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
+    with:
+      go-version-file: 'path/to/.go-version'
+  - run: go version
+```
+
+**Supported Version Formats:**
+- Major and minor only: `1.25` (action will use the latest patch version, e.g., `1.25.4`)
+- Major, minor, and patch: `1.25.4` (exact version)
+
+### Check Latest Version
+
+The check-latest flag defaults to false for stability. This ensures your workflow uses a specific, predictable Go version.
+When `check-latest: true`, the action verifies if your cached Go version is the latest available. If not, it downloads and uses the newest version.
+
+```yaml
+steps:
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
+    with:
+      go-version: '1.23'
+      check-latest: true # Always check for the latest patch release
+  - run: go version
+```
+
+**Performance Considerations:**
+- `check-latest: false` (default) - Uses cached versions for faster builds
+- `check-latest: true` - Downloads the latest version, slower but ensures up-to-date releases
+
+### Caching
+
+The action features integrated caching for Go modules and build outputs. Built on [toolkit/cache](https://github.com/actions/toolkit/tree/main/packages/cache), it simplifies the caching process by requiring fewer configuration options. The cache input is optional, and caching is turned on by default.
+
+#### Automatic Caching
+
+Default behavior: Searches for `go.sum` in the repository root and uses its hash for the cache key.
+
+```yaml
+steps:
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
+    with:
+      go-version: '1.23'
+      # cache: true (default)
   - run: go run hello.go
 ```
 
-## Check latest version
+#### Advanced Caching Scenarios
 
-The `check-latest` flag defaults to `false`. Use the default or set `check-latest` to `false` if you prefer stability
-and if you want to ensure a specific Go version is always used.
-
-If `check-latest` is set to `true`, the action first checks if the cached version is the latest one. If the locally
-cached version is not the most up-to-date, a Go version will then be downloaded. Set `check-latest` to `true` if you
-want the most up-to-date Go version to always be used.
-
-> Setting `check-latest` to `true` has performance implications as downloading Go versions is slower than using cached
-> versions.
+For advanced scenarios, use `cache-dependency-path` to specify:
+- **Multiple dependency files**: When your project has dependencies in different directories
+- **Custom locations**: When your `go.sum` files are not in the repository root
+- **Monorepos**: When managing multiple Go modules in a single repository
+- **Glob patterns**: For flexible file matching
 
 ```yaml
+# Example: Monorepo with multiple go.sum files
 steps:
-  - uses: actions/checkout@v3
-  - uses: actions/setup-go@v4
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
     with:
-      go-version: '1.14'
+      go-version: '1.23'
       check-latest: true
-  - run: go run hello.go
-```
-
-## Using stable/oldstable aliases
-
-If `stable` is provided, action will get the latest stable version from
-the [`go-versions`](https://github.com/actions/go-versions/blob/main/versions-manifest.json) repository manifest.
-
-If `oldstable` is provided, when current release is 1.19.x, action will resolve version as 1.18.x, where x is the latest
-patch release.
-
-**Note:** using these aliases will result in same version as using corresponding minor release with `check-latest` input
-set to `true`
-
-```yaml
-steps:
-  - uses: actions/checkout@v3
-  - uses: actions/setup-go@v4
-    with:
-      go-version: 'stable'
+      cache-dependency-path: |
+        subdir/go.sum
+        tools/go.sum
   - run: go run hello.go
 ```
 
 ```yaml
+# Example: Using glob patterns to match all go.sum files
 steps:
-  - uses: actions/checkout@v3
-  - uses: actions/setup-go@v4
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
     with:
-      go-version: 'oldstable'
+      go-version: '1.23'
+      cache-dependency-path: "**/*.sum"
   - run: go run hello.go
 ```
 
-## Caching dependency files and build outputs:
-
-The action has a built-in functionality for caching and restoring go modules and build outputs. It
-uses [toolkit/cache](https://github.com/actions/toolkit/tree/main/packages/cache) under the hood but requires less configuration settings.
-The `cache` input is optional, and caching is turned on by default.
-
-The action defaults to search for the dependency file - go.sum in the repository root, and uses its hash as a part of
-the cache key. Use `cache-dependency-path` input for cases when multiple dependency files are used, or they are located
-in different subdirectories.
-
-If some problem that prevents success caching happens then the action issues the warning in the log and continues the execution of the pipeline. 
-
-**Caching in monorepos**
+#### Disable Caching
 
 ```yaml
 steps:
-  - uses: actions/checkout@v3
-  - uses: actions/setup-go@v4
+  - uses: actions/checkout@v5
+  - uses: actions/setup-go@v6
     with:
-      go-version: '1.17'
-      check-latest: true
-      cache-dependency-path: subdir/go.sum
+      go-version: '1.23'
+      cache: false
   - run: go run hello.go
-  ```
-
-## Getting go version from the go.mod file
-
-The `go-version-file` input accepts a path to a `go.mod` file or a `go.work` file that contains the version of Go to be
-used by a project. As the `go.mod` file contains only major and minor (e.g. 1.18) tags, the action will search for the
-latest available patch version sequentially in the runner's directory with the cached tools, in
-the [versions-manifest.json](https://github.com/actions/go-versions/blob/main/versions-manifest.json) file or at the go
-servers.
-
-If both the `go-version` and the `go-version-file` inputs are provided then the `go-version` input is used.
-> The action will search for the `go.mod` file relative to the repository root
-
-```yaml
-steps:
-  - uses: actions/checkout@v3
-  - uses: actions/setup-go@v4
-    with:
-      go-version-file: 'path/to/go.mod'
-  - run: go version
 ```
 
-## Matrix testing
+> **Note**: If caching fails, the action logs a warning but continues execution without interrupting your workflow.
+
+### Matrix Testing
+
+Test across multiple Go versions:
 
 ```yaml
 jobs:
-  build:
+  test:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go: [ '1.14', '1.13' ]
-    name: Go ${{ matrix.go }} sample
+        go-version: ['1.21', '1.22', '1.23']
     steps:
-      - uses: actions/checkout@v3
-      - name: Setup go
-        uses: actions/setup-go@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-go@v6
         with:
-          go-version: ${{ matrix.go }}
-      - run: go run hello.go
+          go-version: ${{ matrix.go-version }}
+      - run: go test ./...
 ```
 
-### Supported version syntax
+## Advanced Configuration
+
+### Supported Version Syntax
 
 The `go-version` input supports the following syntax:
 
-- Specific versions: `1.15`, `1.16.1`, `1.17.0-rc.2`, `1.16.0-beta.1`
-- SemVer's version range syntax: `^1.13.1`, `>=1.18.0-rc.1`
+| Syntax Type | Example | Description |
+|-------------|---------|-------------|
+| Specific version | `1.23.2` | Installs this exact version |
+| Semantic range (caret) | `^1.23.0` | Allows newer minor/patch versions (1.24.x, 1.25.x, etc.) |
+| Semantic range (tilde) | `~1.23.0` | Allows newer patch versions only (1.23.1, 1.23.2, etc.) |
+| Comparison (gte) | `>=1.22.0` | Any version equal to or newer than specified |
+| Comparison (lt) | `<1.24.0` | Any version older than specified |
+| Comparison range | `>=1.22.0 <1.24.0` | Any version within the specified range |
+| Wildcard (patch) | `1.23.x` | Latest patch version of the specified minor release |
+| Wildcard (minor) | `1.*` | Latest available version in the major version |
+| Pre-release | `1.24.0-rc.1` | Beta/RC versions for testing upcoming releases |
+| Aliases | `stable`, `oldstable` | Latest stable or previous stable release |
 
-For more information about semantic versioning, please refer to [semver](https://github.com/npm/node-semver)
-documentation.
+For more information about semantic versioning, see the [semver documentation](https://semver.org/).
 
-## Using `setup-go` on GHES
-
-`setup-go` comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Go
-distributions, `setup-go` downloads distributions from [`actions/go-versions`](https://github.com/actions/go-versions)
-on github.com (outside of the appliance). These calls to `actions/go-versions` are made via unauthenticated requests,
-which are limited
-to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting). If
-more requests are made within the time frame, then you will start to see rate-limit errors during downloading that looks
-like: `##[error]API rate limit exceeded for...`. After that error the action will try to download versions directly
-from https://storage.googleapis.com/golang, but it also can have rate limit so it's better to put token.
-
-To get a higher rate limit, you
-can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token`
-input for the action:
+### Complete Input Reference
 
 ```yaml
-uses: actions/setup-go@v4
-with:
-  token: ${{ secrets.GH_DOTCOM_TOKEN }}
-  go-version: '1.18'
+- uses: actions/setup-go@v6
+  with:
+    # Version or version range of Go to use
+    go-version: '1.23'
+    
+    # Path to go.mod, go.work, .go-version, or .tool-versions file
+    go-version-file: 'go.mod'
+    
+    # Check for latest version
+    check-latest: false
+    
+    # GitHub token for authentication
+    token: ${{ github.token }}
+    
+    # Enable/disable caching
+    cache: true
+    
+    # Path to dependency files for caching
+    cache-dependency-path: 'go.sum'
+    
+    # Architecture to install (auto-detected if not specified)
+    architecture: 'x64'
 ```
 
-If the runner is not able to access github.com, any Go versions requested during a workflow run must come from the
-runner's tool cache.
-See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)"
-for more information.
+## Using setup-go on GHES
 
-# License
+setup-go comes pre-installed on GHES when Actions is enabled. For dynamic Go version downloads, the action fetches distributions from the [go-versions repository](https://github.com/actions/go-versions/) on github.com (external to your appliance).
 
-The scripts and documentation in this project are released under the [MIT License](LICENSE)
+These calls to `actions/go-versions` are made via unauthenticated requests, which are limited to 60 requests per hour per IP. If more requests are made within the time frame, then the action leverages the raw API to retrieve the version-manifest. This approach does not impose a rate limit and hence facilitates unrestricted consumption. This is particularly beneficial for GHES runners, which often share the same IP, to avoid the quick exhaustion of the unauthenticated rate limit. If that fails as well the action will try to download versions directly from [go.dev](https://go.dev/dl).
 
-# Contributions
+If that fails as well you can get a higher rate limit with generating a personal access token on github.com and passing it as the token input to the action:
 
-Contributions are welcome! See [Contributor's Guide](docs/contributors.md)
+```yaml
+uses: actions/setup-go@v6
+with:
+  token: ${{ secrets.GH_DOTCOM_TOKEN }}
+  go-version: '1.23'
+```
+
+### Offline Runners
+
+For runners without github.com access, Go versions must be pre-cached in the runner's tool cache. See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)".
+
+## Recommended Permissions
+
+When using the setup-go action in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:
+
+```yaml
+permissions:
+  contents: read # Required to checkout code and install dependencies
+```
+
+## License
+
+The scripts and documentation in this project are released under the [MIT License](LICENSE).
+
+## Contributions
+
+Contributions are welcome! See our [Contributor's Guide](docs/contributors.md) for details.
 
 ## Code of Conduct
 
-:wave: Be nice. See [our code of conduct](CODE_OF_CONDUCT.md)
+👋 Be nice. See our [Code of Conduct](CODE_OF_CONDUCT.md).

__tests__/cache-utils.test.ts

@@ -209,3 +209,41 @@ describe('isCacheFeatureAvailable', () => {
     expect(warningSpy).toHaveBeenCalledWith(warningMessage);
   });
 });
+
+describe('isGhes', () => {
+  const pristineEnv = process.env;
+
+  beforeEach(() => {
+    jest.resetModules();
+    process.env = {...pristineEnv};
+  });
+
+  afterAll(() => {
+    process.env = pristineEnv;
+  });
+
+  it('returns false when the GITHUB_SERVER_URL environment variable is not defined', async () => {
+    delete process.env['GITHUB_SERVER_URL'];
+    expect(cacheUtils.isGhes()).toBeFalsy();
+  });
+
+  it('returns false when the GITHUB_SERVER_URL environment variable is set to github.com', async () => {
+    process.env['GITHUB_SERVER_URL'] = 'https://github.com';
+    expect(cacheUtils.isGhes()).toBeFalsy();
+  });
+
+  it('returns false when the GITHUB_SERVER_URL environment variable is set to a GitHub Enterprise Cloud-style URL', async () => {
+    process.env['GITHUB_SERVER_URL'] = 'https://contoso.ghe.com';
+    expect(cacheUtils.isGhes()).toBeFalsy();
+  });
+
+  it('returns false when the GITHUB_SERVER_URL environment variable has a .localhost suffix', async () => {
+    process.env['GITHUB_SERVER_URL'] = 'https://mock-github.localhost';
+    expect(cacheUtils.isGhes()).toBeFalsy();
+  });
+
+  it('returns true when the GITHUB_SERVER_URL environment variable is set to some other URL', async () => {
+    process.env['GITHUB_SERVER_URL'] = 'https://src.onpremise.fabrikam.com';
+    expect(cacheUtils.isGhes()).toBeTruthy();
+  });
+});

__tests__/data/.go-version

@@ -0,0 +1 @@
+1.22.4

__tests__/data/.tool-versions

@@ -0,0 +1 @@
+golang 1.23.2

__tests__/data/go.mod

@@ -1,6 +1,6 @@
 module example.com/mymodule
 
-go 1.14
+go 1.20
 
 require (
 	example.com/othermodule v1.2.3

__tests__/data/go.work

@@ -1,3 +1,3 @@
-go 1.19
+go 1.21
 
 use .

__tests__/setup-go.test.ts

@@ -7,6 +7,7 @@ import osm, {type} from 'os';
 import path from 'path';
 import * as main from '../src/main';
 import * as im from '../src/installer';
+import * as httpm from '@actions/http-client';
 
 import goJsonData from './data/golang-dl.json';
 import matchers from '../matchers.json';
@@ -46,6 +47,7 @@ describe('setup-go', () => {
   let execSpy: jest.SpyInstance;
   let getManifestSpy: jest.SpyInstance;
   let getAllVersionsSpy: jest.SpyInstance;
+  let httpmGetJsonSpy: jest.SpyInstance;
 
   beforeAll(async () => {
     process.env['GITHUB_ENV'] = ''; // Stub out Environment file functionality so we can verify it writes to standard out (toolkit is backwards compatible)
@@ -90,6 +92,9 @@ describe('setup-go', () => {
     getManifestSpy = jest.spyOn(tc, 'getManifestFromRepo');
     getAllVersionsSpy = jest.spyOn(im, 'getManifest');
 
+    // httm
+    httpmGetJsonSpy = jest.spyOn(httpm.HttpClient.prototype, 'getJson');
+
     // io
     whichSpy = jest.spyOn(io, 'which');
     existsSpy = jest.spyOn(fs, 'existsSync');
@@ -124,6 +129,9 @@ describe('setup-go', () => {
   });
 
   afterEach(() => {
+    // clear out env var set during 'run'
+    delete process.env[im.GOTOOLCHAIN_ENV_VAR];
+
     //jest.resetAllMocks();
     jest.clearAllMocks();
     //jest.restoreAllMocks();
@@ -151,6 +159,21 @@ describe('setup-go', () => {
     );
   });
 
+  it('should return manifest from repo', async () => {
+    const manifest = await im.getManifest(undefined);
+    expect(manifest).toEqual(goTestManifest);
+  });
+
+  it('should return manifest from raw URL if repo fetch fails', async () => {
+    getManifestSpy.mockRejectedValue(new Error('Fetch failed'));
+    httpmGetJsonSpy.mockResolvedValue({
+      result: goTestManifest
+    });
+    const manifest = await im.getManifest(undefined);
+    expect(httpmGetJsonSpy).toHaveBeenCalled();
+    expect(manifest).toEqual(goTestManifest);
+  });
+
   it('can find 1.9 from manifest on linux', async () => {
     os.platform = 'linux';
     os.arch = 'x64';
@@ -265,7 +288,7 @@ describe('setup-go', () => {
     expect(logSpy).toHaveBeenCalledWith(`Setup go version spec 1.13.0`);
   });
 
-  it('does not export any variables for Go versions >=1.9', async () => {
+  it('does not export GOROOT for Go versions >=1.9', async () => {
     inputs['go-version'] = '1.13.0';
     inSpy.mockImplementation(name => inputs[name]);
 
@@ -278,7 +301,7 @@ describe('setup-go', () => {
     });
 
     await main.run();
-    expect(vars).toStrictEqual({});
+    expect(vars).not.toHaveProperty('GOROOT');
   });
 
   it('exports GOROOT for Go versions <1.9', async () => {
@@ -294,9 +317,7 @@ describe('setup-go', () => {
     });
 
     await main.run();
-    expect(vars).toStrictEqual({
-      GOROOT: toolPath
-    });
+    expect(vars).toHaveProperty('GOROOT', toolPath);
   });
 
   it('finds a version of go already in the cache', async () => {
@@ -368,7 +389,7 @@ describe('setup-go', () => {
 
     const expPath = path.win32.join(toolPath, 'bin');
     expect(dlSpy).toHaveBeenCalledWith(
-      'https://storage.googleapis.com/golang/go1.13.1.windows-amd64.zip',
+      'https://go.dev/dl/go1.13.1.windows-amd64.zip',
       'C:\\temp\\go1.13.1.windows-amd64.zip',
       undefined
     );
@@ -790,6 +811,9 @@ describe('setup-go', () => {
       getManifestSpy.mockImplementation(() => {
         throw new Error('Unable to download manifest');
       });
+      httpmGetJsonSpy.mockRejectedValue(
+        new Error('Unable to download manifest from raw URL')
+      );
       getAllVersionsSpy.mockImplementationOnce(() => undefined);
 
       dlSpy.mockImplementation(async () => '/some/temp/path');
@@ -842,6 +866,9 @@ exclude example.com/thismodule v1.3.0
 
 use .
 
+`;
+
+    const toolVersionsContents = `golang 1.23
 `;
 
     it('reads version from go.mod', async () => {
@@ -868,6 +895,18 @@ use .
       expect(logSpy).toHaveBeenCalledWith('matching 1.19...');
     });
 
+    it('reads version from .tool-versions', async () => {
+      inputs['go-version-file'] = '.tool-versions';
+      existsSpy.mockImplementation(() => true);
+      readFileSpy.mockImplementation(() => Buffer.from(toolVersionsContents));
+
+      await main.run();
+
+      expect(logSpy).toHaveBeenCalledWith('Setup go version spec 1.23');
+      expect(logSpy).toHaveBeenCalledWith('Attempting to download 1.23...');
+      expect(logSpy).toHaveBeenCalledWith('matching 1.23...');
+    });
+
     it('reads version from .go-version', async () => {
       inputs['go-version-file'] = '.go-version';
       existsSpy.mockImplementation(() => true);
@@ -922,7 +961,7 @@ use .
         const expectedUrl =
           platform === 'win32'
             ? `https://github.com/actions/go-versions/releases/download/${version}/go-${version}-${platform}-${arch}.${fileExtension}`
-            : `https://storage.googleapis.com/golang/go${version}.${osSpec}-${arch}.${fileExtension}`;
+            : `https://go.dev/dl/go${version}.${osSpec}-${arch}.${fileExtension}`;
 
         // ... but not in the local cache
         findSpy.mockImplementation(() => '');
@@ -966,4 +1005,104 @@ use .
       }
     );
   });
+
+  describe('go-version-file-toolchain', () => {
+    const goVersions = ['1.22.0', '1.21rc2', '1.18'];
+    const placeholderVersion = '1.19';
+    const buildGoMod = (
+      goVersion: string,
+      toolchainVersion: string
+    ) => `module example.com/mymodule
+
+go ${goVersion}
+
+toolchain go${toolchainVersion}
+
+require (
+	example.com/othermodule v1.2.3
+	example.com/thismodule v1.2.3
+	example.com/thatmodule v1.2.3
+)
+
+replace example.com/thatmodule => ../thatmodule
+exclude example.com/thismodule v1.3.0
+`;
+
+    const buildGoWork = (
+      goVersion: string,
+      toolchainVersion: string
+    ) => `go 1.19
+
+toolchain go${toolchainVersion}
+
+use .
+
+`;
+
+    goVersions.forEach(version => {
+      [
+        {
+          goVersionfile: 'go.mod',
+          fileContents: Buffer.from(buildGoMod(placeholderVersion, version)),
+          expected_version: version,
+          desc: 'from toolchain directive'
+        },
+        {
+          goVersionfile: 'go.work',
+          fileContents: Buffer.from(buildGoMod(placeholderVersion, version)),
+          expected_version: version,
+          desc: 'from toolchain directive'
+        },
+        {
+          goVersionfile: 'go.mod',
+          fileContents: Buffer.from(buildGoMod(placeholderVersion, version)),
+          gotoolchain_env: 'local',
+          expected_version: placeholderVersion,
+          desc: 'from go directive when GOTOOLCHAIN is local'
+        },
+        {
+          goVersionfile: 'go.work',
+          fileContents: Buffer.from(buildGoMod(placeholderVersion, version)),
+          gotoolchain_env: 'local',
+          expected_version: placeholderVersion,
+          desc: 'from go directive when GOTOOLCHAIN is local'
+        }
+      ].forEach(test => {
+        it(`reads version (${version}) in ${test.goVersionfile} ${test.desc}`, async () => {
+          inputs['go-version-file'] = test.goVersionfile;
+          if (test.gotoolchain_env !== undefined) {
+            process.env[im.GOTOOLCHAIN_ENV_VAR] = test.gotoolchain_env;
+          }
+          existsSpy.mockImplementation(() => true);
+          readFileSpy.mockImplementation(() => Buffer.from(test.fileContents));
+
+          await main.run();
+
+          expect(logSpy).toHaveBeenCalledWith(
+            `Setup go version spec ${test.expected_version}`
+          );
+          expect(logSpy).toHaveBeenCalledWith(
+            `Attempting to download ${test.expected_version}...`
+          );
+          expect(logSpy).toHaveBeenCalledWith(
+            `matching ${test.expected_version}...`
+          );
+        });
+      });
+    });
+  });
+
+  it('exports GOTOOLCHAIN and sets it in current process env', async () => {
+    inputs['go-version'] = '1.21.0';
+    inSpy.mockImplementation(name => inputs[name]);
+
+    const vars: {[key: string]: string} = {};
+    exportVarSpy.mockImplementation((name: string, val: string) => {
+      vars[name] = val;
+    });
+
+    await main.run();
+    expect(vars).toStrictEqual({GOTOOLCHAIN: 'local'});
+    expect(process.env).toHaveProperty('GOTOOLCHAIN', 'local');
+  });
 });

__tests__/utils.test.ts

@@ -0,0 +1,52 @@
+import {isSelfHosted} from '../src/utils';
+
+describe('utils', () => {
+  describe('isSelfHosted', () => {
+    let AGENT_ISSELFHOSTED: string | undefined;
+    let RUNNER_ENVIRONMENT: string | undefined;
+
+    beforeEach(() => {
+      AGENT_ISSELFHOSTED = process.env['AGENT_ISSELFHOSTED'];
+      delete process.env['AGENT_ISSELFHOSTED'];
+      RUNNER_ENVIRONMENT = process.env['RUNNER_ENVIRONMENT'];
+      delete process.env['RUNNER_ENVIRONMENT'];
+    });
+
+    afterEach(() => {
+      if (AGENT_ISSELFHOSTED === undefined) {
+        delete process.env['AGENT_ISSELFHOSTED'];
+      } else {
+        process.env['AGENT_ISSELFHOSTED'] = AGENT_ISSELFHOSTED;
+      }
+      if (RUNNER_ENVIRONMENT === undefined) {
+        delete process.env['RUNNER_ENVIRONMENT'];
+      } else {
+        process.env['RUNNER_ENVIRONMENT'] = RUNNER_ENVIRONMENT;
+      }
+    });
+
+    it('isSelfHosted should be true if no environment variables set', () => {
+      expect(isSelfHosted()).toBeTruthy();
+    });
+
+    it('isSelfHosted should be true if environment variable is not set to denote GitHub hosted', () => {
+      process.env['RUNNER_ENVIRONMENT'] = 'some';
+      expect(isSelfHosted()).toBeTruthy();
+    });
+
+    it('isSelfHosted should be true if environment variable set to denote Azure Pipelines self hosted', () => {
+      process.env['AGENT_ISSELFHOSTED'] = '1';
+      expect(isSelfHosted()).toBeTruthy();
+    });
+
+    it('isSelfHosted should be false if environment variable set to denote GitHub hosted', () => {
+      process.env['RUNNER_ENVIRONMENT'] = 'github-hosted';
+      expect(isSelfHosted()).toBeFalsy();
+    });
+
+    it('isSelfHosted should be false if environment variable is not set to denote Azure Pipelines self hosted', () => {
+      process.env['AGENT_ISSELFHOSTED'] = 'some';
+      expect(isSelfHosted()).toBeFalsy();
+    });
+  });
+});

action.yml

@@ -5,7 +5,7 @@ inputs:
   go-version:
     description: 'The Go version to download (if necessary) and use. Supports semver spec and ranges. Be sure to enclose this option in single quotation marks.'
   go-version-file:
-    description: 'Path to the go.mod or go.work file.'
+    description: 'Path to the go.mod, go.work, .go-version, or .tool-versions file.'
   check-latest:
     description: 'Set this option to true if you want the action to always check for the latest available version that satisfies the version spec'
     default: false
@@ -25,7 +25,7 @@ outputs:
   cache-hit:
     description: 'A boolean value to indicate if a cache was hit'
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'dist/setup/index.js'
   post: 'dist/cache-save/index.js'
   post-if: success()

docs/adrs/0000-caching-dependencies.md

@@ -4,7 +4,7 @@ Date: 2022-04-13
 Status: Accepted
 
 # Context
-`actions/setup-go` is the one of the most popular action related to Golang in GitHub Actions. Many customers use it in conjunction with [actions/cache](https://github.com/actions/cache) to speed up dependency installation process.  
+`actions/setup-go` is the one of the most popular action related to Golang in GitHub Actions. Many customers use it in conjunction with [actions/cache](https://github.com/actions/cache) to speed up dependency installation process.
 See more examples on proper usage in [actions/cache documentation](https://github.com/actions/cache/blob/main/examples.md#go---modules).
 
 # Goals & Anti-Goals
@@ -16,7 +16,7 @@ Integration of caching functionality into `actions/setup-go` action will bring t
 We don't pursue the goal to provide wide customization of caching in scope of `actions/setup-go` action. The purpose of this integration is covering ~90% of basic use-cases. If user needs flexible customization, we should advice them to use `actions/cache` directly.
 
 # Decision
-- Add `cache` input parameter to `actions/setup-go`. For now, input will accept the following values: 
+- Add `cache` input parameter to `actions/setup-go`. For now, input will accept the following values:
   - `true` - enable caching for go dependencies
   - `false`- disable caching for go dependencies. This value will be set as default value
 - Cache feature will be disabled by default to make sure that we don't break existing customers. We will consider enabling cache by default in next major releases
@@ -32,7 +32,7 @@ We don't pursue the goal to provide wide customization of caching in scope of `a
 
 ```yml
 steps:
-- uses: actions/checkout@v3
+- uses: actions/checkout@v4
 - uses: actions/setup-go@v3
   with:
     go-version: '18'
@@ -43,7 +43,7 @@ steps:
 
  ```yml
 steps:
-- uses: actions/checkout@v3
+- uses: actions/checkout@v4
 - uses: actions/setup-go@v3
   with:
     go-version: '18'
@@ -53,7 +53,7 @@ steps:
 
  ```yml
 steps:
-- uses: actions/checkout@v3
+- uses: actions/checkout@v4
 - uses: actions/setup-go@v3
   with:
     go-version: '18'
@@ -66,4 +66,4 @@ steps:
 # Release process
 
 As soon as functionality is implemented, we will release minor update of action. No need to bump major version since there are no breaking changes for existing users.
-After that, we will update [starter-workflows](https://github.com/actions/starter-workflows/blob/main/ci/go.yml)
+After that, we will update [starter-workflows](https://github.com/actions/starter-workflows/blob/main/ci/go.yml)

docs/contributors.md

@@ -6,13 +6,13 @@ We have prepared a short guide so that the process of making your contribution i
 
 ## How can I contribute...
 
-* [Contribute Documentation:green_book:](#contribute-documentation)
+* [Contribute Documentation :green_book:](#contribute-documentation)
 
 * [Contribute Code :computer:](#contribute-code)
 
-* [Provide Support on Issues:pencil:](#provide-support-on-issues)
+* [Provide Support on Issues :pencil:](#provide-support-on-issues)
 
-* [Review Pull Requests:mag:](#review-pull-requests)
+* [Review Pull Requests :mag:](#review-pull-requests)
 
 ## Contribute documentation
 
@@ -113,4 +113,4 @@ Another great way to contribute is pull request reviews. Please, be extra kind:
 - Make sure you're familiar with the code or documentation is updated, unless it's a minor change (spellchecking, minor formatting, etc.)
 - Review changes using the GitHub functionality. You can ask a clarifying question, point out an error or suggest an alternative. 
 > Note: You may ask for minor changes - "nitpicks", but consider whether they are real blockers to merging or not
-- Submit your review, which may include comments, an approval, or a changes request
+- Submit your review, which may include comments, an approval, or a changes request

package.json

@@ -1,9 +1,12 @@
 {
   "name": "setup-go",
-  "version": "4.0.0",
+  "version": "6.0.0",
   "private": true,
   "description": "setup go action",
   "main": "lib/setup-go.js",
+  "engines": {
+    "node": ">=24.0.0"
+  },
   "scripts": {
     "build": "tsc && ncc build -o dist/setup src/setup-go.ts && ncc build -o dist/cache-save src/cache-save.ts",
     "format": "prettier --no-error-on-unmatched-pattern --config ./.prettierrc.js --write \"**/*.{ts,yml,yaml}\"",
@@ -26,30 +29,30 @@
   "license": "MIT",
   "dependencies": {
     "@actions/cache": "^4.0.3",
-    "@actions/core": "^1.10.0",
-    "@actions/exec": "^1.1.0",
-    "@actions/glob": "^0.2.0",
-    "@actions/http-client": "^2.0.1",
+    "@actions/core": "^1.11.1",
+    "@actions/exec": "^1.1.1",
+    "@actions/glob": "^0.5.0",
+    "@actions/http-client": "^2.2.1",
     "@actions/io": "^1.0.2",
-    "@actions/tool-cache": "^1.5.5",
-    "semver": "^6.3.1"
+    "@actions/tool-cache": "^2.0.2",
+    "semver": "^7.7.3"
   },
   "devDependencies": {
-    "@types/jest": "^27.0.2",
-    "@types/node": "^16.11.25",
-    "@types/semver": "^6.0.0",
-    "@typescript-eslint/eslint-plugin": "^5.54.0",
-    "@typescript-eslint/parser": "^5.54.0",
-    "@vercel/ncc": "^0.33.4",
-    "eslint": "^8.35.0",
-    "eslint-config-prettier": "^8.6.0",
-    "eslint-plugin-jest": "^27.2.1",
+    "@types/jest": "^29.5.14",
+    "@types/node": "^24.1.0",
+    "@types/semver": "^7.7.1",
+    "@typescript-eslint/eslint-plugin": "^8.31.1",
+    "@typescript-eslint/parser": "^8.35.1",
+    "@vercel/ncc": "^0.38.1",
+    "eslint": "^8.57.0",
+    "eslint-config-prettier": "^10.1.8",
+    "eslint-plugin-jest": "^29.0.1",
     "eslint-plugin-node": "^11.1.0",
-    "jest": "^27.2.5",
-    "jest-circus": "^27.2.5",
+    "jest": "^29.7.0",
+    "jest-circus": "^29.7.0",
     "nock": "^10.0.6",
     "prettier": "^2.8.4",
-    "ts-jest": "^27.0.5",
-    "typescript": "^4.3.3"
+    "ts-jest": "^29.3.2",
+    "typescript": "^5.8.3"
   }
 }

src/cache-restore.ts

@@ -15,6 +15,7 @@ export const restoreCache = async (
 ) => {
   const packageManagerInfo = await getPackageManagerInfo(packageManager);
   const platform = process.env.RUNNER_OS;
+  const arch = process.arch;
 
   const cachePaths = await getCacheDirectoryPath(packageManagerInfo);
 
@@ -31,7 +32,7 @@ export const restoreCache = async (
 
   const linuxVersion =
     process.env.RUNNER_OS === 'Linux' ? `${process.env.ImageOS}-` : '';
-  const primaryKey = `setup-go-${platform}-${linuxVersion}go-${versionSpec}-${fileHash}`;
+  const primaryKey = `setup-go-${platform}-${arch}-${linuxVersion}go-${versionSpec}-${fileHash}`;
   core.debug(`primary key is ${primaryKey}`);
 
   core.saveState(State.CachePrimaryKey, primaryKey);

src/cache-save.ts

@@ -12,9 +12,20 @@ process.on('uncaughtException', e => {
   core.info(`${warningPrefix}${e.message}`);
 });
 
-export async function run() {
+// Added early exit to resolve issue with slow post action step:
+// - https://github.com/actions/setup-node/issues/878
+// https://github.com/actions/cache/pull/1217
+
+export async function run(earlyExit?: boolean) {
   try {
-    await cachePackages();
+    const cacheInput = core.getBooleanInput('cache');
+    if (cacheInput) {
+      await cachePackages();
+
+      if (earlyExit) {
+        process.exit(0);
+      }
+    }
   } catch (error) {
     let message = 'Unknown error!';
     if (error instanceof Error) {
@@ -28,11 +39,6 @@ export async function run() {
 }
 
 const cachePackages = async () => {
-  const cacheInput = core.getBooleanInput('cache');
-  if (!cacheInput) {
-    return;
-  }
-
   const packageManager = 'default';
 
   const state = core.getState(State.CacheMatchedKey);
@@ -85,4 +91,4 @@ function logWarning(message: string): void {
   core.info(`${warningPrefix}${message}`);
 }
 
-run();
+run(true);

src/cache-utils.ts

@@ -63,7 +63,13 @@ export function isGhes(): boolean {
   const ghUrl = new URL(
     process.env['GITHUB_SERVER_URL'] || 'https://github.com'
   );
-  return ghUrl.hostname.toUpperCase() !== 'GITHUB.COM';
+
+  const hostname = ghUrl.hostname.trimEnd().toUpperCase();
+  const isGitHubHost = hostname === 'GITHUB.COM';
+  const isGitHubEnterpriseCloudHost = hostname.endsWith('.GHE.COM');
+  const isLocalHost = hostname.endsWith('.LOCALHOST');
+
+  return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost;
 }
 
 export function isCacheFeatureAvailable(): boolean {

src/installer.ts

@@ -6,7 +6,15 @@ import * as httpm from '@actions/http-client';
 import * as sys from './system';
 import fs from 'fs';
 import os from 'os';
-import {StableReleaseAlias} from './utils';
+import {StableReleaseAlias, isSelfHosted} from './utils';
+import {Architecture} from './types';
+
+export const GOTOOLCHAIN_ENV_VAR = 'GOTOOLCHAIN';
+export const GOTOOLCHAIN_LOCAL_VAL = 'local';
+const MANIFEST_REPO_OWNER = 'actions';
+const MANIFEST_REPO_NAME = 'go-versions';
+const MANIFEST_REPO_BRANCH = 'main';
+const MANIFEST_URL = `https://raw.githubusercontent.com/${MANIFEST_REPO_OWNER}/${MANIFEST_REPO_NAME}/${MANIFEST_REPO_BRANCH}/versions-manifest.json`;
 
 type InstallationType = 'dist' | 'manifest';
 
@@ -34,7 +42,7 @@ export async function getGo(
   versionSpec: string,
   checkLatest: boolean,
   auth: string | undefined,
-  arch = os.arch()
+  arch: Architecture = os.arch() as Architecture
 ) {
   let manifest: tc.IToolRelease[] | undefined;
   const osPlat: string = os.platform();
@@ -114,9 +122,9 @@ export async function getGo(
         `Received HTTP status code ${err.httpStatusCode}.  This usually indicates the rate limit has been exceeded`
       );
     } else {
-      core.info(err.message);
+      core.info((err as Error).message);
     }
-    core.debug(err.stack);
+    core.debug((err as Error).stack ?? '');
     core.info('Falling back to download directly from Go');
   }
 
@@ -146,7 +154,7 @@ async function resolveVersionFromManifest(
   versionSpec: string,
   stable: boolean,
   auth: string | undefined,
-  arch: string,
+  arch: Architecture,
   manifest: tc.IToolRelease[] | undefined
 ): Promise<string | undefined> {
   try {
@@ -160,7 +168,7 @@ async function resolveVersionFromManifest(
     return info?.resolvedVersion;
   } catch (err) {
     core.info('Unable to resolve a version from the manifest...');
-    core.debug(err.message);
+    core.debug((err as Error).message);
   }
 }
 
@@ -175,11 +183,7 @@ async function cacheWindowsDir(
   if (os.platform() !== 'win32') return false;
 
   // make sure the action runs in the hosted environment
-  if (
-    process.env['RUNNER_ENVIRONMENT'] !== 'github-hosted' &&
-    process.env['AGENT_ISSELFHOSTED'] === '1'
-  )
-    return false;
+  if (isSelfHosted()) return false;
 
   const defaultToolCacheRoot = process.env['RUNNER_TOOL_CACHE'];
   if (!defaultToolCacheRoot) return false;
@@ -203,6 +207,17 @@ async function cacheWindowsDir(
   fs.symlinkSync(actualToolCacheDir, defaultToolCacheDir, 'junction');
   core.info(`Created link ${defaultToolCacheDir} => ${actualToolCacheDir}`);
 
+  const actualToolCacheCompleteFile = `${actualToolCacheDir}.complete`;
+  const defaultToolCacheCompleteFile = `${defaultToolCacheDir}.complete`;
+  fs.symlinkSync(
+    actualToolCacheCompleteFile,
+    defaultToolCacheCompleteFile,
+    'file'
+  );
+  core.info(
+    `Created link ${defaultToolCacheCompleteFile} => ${actualToolCacheCompleteFile}`
+  );
+
   // make outer code to continue using toolcache as if it were installed on c:
   // restore toolcache root to default drive c:
   process.env['RUNNER_TOOL_CACHE'] = defaultToolCacheRoot;
@@ -263,15 +278,85 @@ export async function extractGoArchive(archivePath: string): Promise<string> {
   return extPath;
 }
 
-export async function getManifest(auth: string | undefined) {
-  return tc.getManifestFromRepo('actions', 'go-versions', auth, 'main');
+function isIToolRelease(obj: any): obj is tc.IToolRelease {
+  return (
+    typeof obj === 'object' &&
+    obj !== null &&
+    typeof obj.version === 'string' &&
+    typeof obj.stable === 'boolean' &&
+    Array.isArray(obj.files) &&
+    obj.files.every(
+      (file: any) =>
+        typeof file.filename === 'string' &&
+        typeof file.platform === 'string' &&
+        typeof file.arch === 'string' &&
+        typeof file.download_url === 'string'
+    )
+  );
+}
+
+export async function getManifest(
+  auth: string | undefined
+): Promise<tc.IToolRelease[]> {
+  try {
+    const manifest = await getManifestFromRepo(auth);
+    if (
+      Array.isArray(manifest) &&
+      manifest.length &&
+      manifest.every(isIToolRelease)
+    ) {
+      return manifest;
+    }
+
+    let errorMessage =
+      'An unexpected error occurred while fetching the manifest.';
+    if (
+      typeof manifest === 'object' &&
+      manifest !== null &&
+      'message' in manifest
+    ) {
+      errorMessage = (manifest as {message: string}).message;
+    }
+    throw new Error(errorMessage);
+  } catch (err) {
+    core.debug('Fetching the manifest via the API failed.');
+    if (err instanceof Error) {
+      core.debug(err.message);
+    }
+  }
+  return await getManifestFromURL();
+}
+
+function getManifestFromRepo(
+  auth: string | undefined
+): Promise<tc.IToolRelease[]> {
+  core.debug(
+    `Getting manifest from ${MANIFEST_REPO_OWNER}/${MANIFEST_REPO_NAME}@${MANIFEST_REPO_BRANCH}`
+  );
+  return tc.getManifestFromRepo(
+    MANIFEST_REPO_OWNER,
+    MANIFEST_REPO_NAME,
+    auth,
+    MANIFEST_REPO_BRANCH
+  );
+}
+
+async function getManifestFromURL(): Promise<tc.IToolRelease[]> {
+  core.debug('Falling back to fetching the manifest using raw URL.');
+
+  const http: httpm.HttpClient = new httpm.HttpClient('tool-cache');
+  const response = await http.getJson<tc.IToolRelease[]>(MANIFEST_URL);
+  if (!response.result) {
+    throw new Error(`Unable to get manifest from ${MANIFEST_URL}`);
+  }
+  return response.result;
 }
 
 export async function getInfoFromManifest(
   versionSpec: string,
   stable: boolean,
   auth: string | undefined,
-  arch = os.arch(),
+  arch: Architecture = os.arch() as Architecture,
   manifest?: tc.IToolRelease[] | undefined
 ): Promise<IGoVersionInfo | null> {
   let info: IGoVersionInfo | null = null;
@@ -297,14 +382,14 @@ export async function getInfoFromManifest(
 
 async function getInfoFromDist(
   versionSpec: string,
-  arch: string
+  arch: Architecture
 ): Promise<IGoVersionInfo | null> {
   const version: IGoVersion | undefined = await findMatch(versionSpec, arch);
   if (!version) {
     return null;
   }
 
-  const downloadUrl = `https://storage.googleapis.com/golang/${version.files[0].filename}`;
+  const downloadUrl = `https://go.dev/dl/${version.files[0].filename}`;
 
   return <IGoVersionInfo>{
     type: 'dist',
@@ -316,7 +401,7 @@ async function getInfoFromDist(
 
 export async function findMatch(
   versionSpec: string,
-  arch = os.arch()
+  arch: Architecture = os.arch() as Architecture
 ): Promise<IGoVersion | undefined> {
   const archFilter = sys.getArch(arch);
   const platFilter = sys.getPlatform();
@@ -413,14 +498,33 @@ export function parseGoVersionFile(versionFilePath: string): string {
     path.basename(versionFilePath) === 'go.mod' ||
     path.basename(versionFilePath) === 'go.work'
   ) {
-    const match = contents.match(/^go (\d+(\.\d+)*)/m);
-    return match ? match[1] : '';
+    // for backwards compatibility: use version from go directive if
+    // 'GOTOOLCHAIN' has been explicitly set
+    if (process.env[GOTOOLCHAIN_ENV_VAR] !== GOTOOLCHAIN_LOCAL_VAL) {
+      // toolchain directive: https://go.dev/ref/mod#go-mod-file-toolchain
+      const matchToolchain = contents.match(
+        /^toolchain go(1\.\d+(?:\.\d+|rc\d+)?)/m
+      );
+      if (matchToolchain) {
+        return matchToolchain[1];
+      }
+    }
+
+    // go directive: https://go.dev/ref/mod#go-mod-file-go
+    const matchGo = contents.match(/^go (\d+(\.\d+)*)/m);
+    return matchGo ? matchGo[1] : '';
+  } else if (path.basename(versionFilePath) === '.tool-versions') {
+    const match = contents.match(/^golang\s+([^\n#]+)/m);
+    return match ? match[1].trim() : '';
   }
 
   return contents.trim();
 }
 
-async function resolveStableVersionDist(versionSpec: string, arch: string) {
+async function resolveStableVersionDist(
+  versionSpec: string,
+  arch: Architecture
+) {
   const archFilter = sys.getArch(arch);
   const platFilter = sys.getPlatform();
   const dlUrl = 'https://golang.org/dl/?mode=json&include=all';

src/main.ts

@@ -8,6 +8,7 @@ import {isCacheFeatureAvailable} from './cache-utils';
 import cp from 'child_process';
 import fs from 'fs';
 import os from 'os';
+import {Architecture} from './types';
 
 export async function run() {
   try {
@@ -16,14 +17,15 @@ export async function run() {
     // If not supplied then problem matchers will still be setup.  Useful for self-hosted.
     //
     const versionSpec = resolveVersionInput();
+    setGoToolchain();
 
     const cache = core.getBooleanInput('cache');
     core.info(`Setup go version spec ${versionSpec}`);
 
-    let arch = core.getInput('architecture');
+    let arch = core.getInput('architecture') as Architecture;
 
     if (!arch) {
-      arch = os.arch();
+      arch = os.arch() as Architecture;
     }
 
     if (versionSpec) {
@@ -74,7 +76,7 @@ export async function run() {
           cacheDependencyPath
         );
       } catch (error) {
-        core.warning(`Restore cache failed: ${error.message}`);
+        core.warning(`Restore cache failed: ${(error as Error).message}`);
       }
     }
 
@@ -92,7 +94,7 @@ export async function run() {
     core.info(goEnv);
     core.endGroup();
   } catch (error) {
-    core.setFailed(error.message);
+    core.setFailed((error as Error).message);
   }
 }
 
@@ -160,3 +162,20 @@ function resolveVersionInput(): string {
 
   return version;
 }
+
+function setGoToolchain() {
+  // docs: https://go.dev/doc/toolchain
+  // "local indicates the bundled Go toolchain (the one that shipped with the go command being run)"
+  // this is so any 'go' command is run with the selected Go version
+  // and doesn't trigger a toolchain download and run commands with that
+  // see e.g. issue #424
+  // and a similar discussion: https://github.com/docker-library/golang/issues/472.
+  // Set the value in process env so any `go` commands run as child-process
+  // don't cause toolchain downloads
+  process.env[installer.GOTOOLCHAIN_ENV_VAR] = installer.GOTOOLCHAIN_LOCAL_VAL;
+  // and in the runner env so e.g. a user running `go mod tidy` won't cause it
+  core.exportVariable(
+    installer.GOTOOLCHAIN_ENV_VAR,
+    installer.GOTOOLCHAIN_LOCAL_VAL
+  );
+}

src/system.ts

@@ -1,4 +1,5 @@
 import os from 'os';
+import {Architecture} from './types';
 
 export function getPlatform(): string {
   // darwin and linux match already
@@ -15,7 +16,7 @@ export function getPlatform(): string {
   return plat;
 }
 
-export function getArch(arch: string): string {
+export function getArch(arch: Architecture): string {
   // 'arm', 'arm64', 'ia32', 'mips', 'mipsel', 'ppc', 'ppc64', 's390', 's390x', 'x32', and 'x64'.
 
   // wants amd64, 386, arm64, armv61, ppc641e, s390x

src/types.ts

@@ -0,0 +1,2 @@
+// match what @actions/tool-cache expects
+export type Architecture = string;

src/utils.ts

@@ -2,3 +2,13 @@ export enum StableReleaseAlias {
   Stable = 'stable',
   OldStable = 'oldstable'
 }
+
+export const isSelfHosted = (): boolean =>
+  process.env['RUNNER_ENVIRONMENT'] !== 'github-hosted' &&
+  (process.env['AGENT_ISSELFHOSTED'] === '1' ||
+    process.env['AGENT_ISSELFHOSTED'] === undefined);
+/* the above is simplified from:
+    process.env['RUNNER_ENVIRONMENT'] !== 'github-hosted' && process.env['AGENT_ISSELFHOSTED'] === '1'
+    ||
+    process.env['RUNNER_ENVIRONMENT'] !== 'github-hosted' && process.env['AGENT_ISSELFHOSTED'] === undefined
+*/