Include changes in typespec/ts-http-runtime 0.3.5

Readme: bump all the example versions to v7 (#796 )
Update the readme with direct upload details (#795 )
2026-04-10 17:38:27 +01:00 · 2026-04-10 11:58:04 -04:00 · 2026-04-10 10:55:51 -04:00 · 2026-04-10 10:49:57 -04:00
5 changed files with 259 additions and 240 deletions
--- a/README.md
+++ b/README.md
@@ -11,15 +11,14 @@ Upload [Actions Artifacts](https://docs.github.com/en/actions/using-workflows/st
 See also [download-artifact](https://github.com/actions/download-artifact).

 - [`@actions/upload-artifact`](#actionsupload-artifact)
-  - [v6 - What's new](#v6---whats-new)
-  - [v4 - What's new](#v4---whats-new)
-    - [Improvements](#improvements)
-    - [Breaking Changes](#breaking-changes)
+  - [What's new](#whats-new)
+  - [GHES Support](#ghes-support)
  - [Usage](#usage)
    - [Inputs](#inputs)
    - [Outputs](#outputs)
  - [Examples](#examples)
-    - [Upload an Individual File](#upload-an-individual-file)
+    - [Upload an Individual File (Zipped)](#upload-an-individual-file-zipped)
+    - [Upload an Individual File (Unzipped)](#upload-an-individual-file-unzipped)
    - [Upload an Entire Directory](#upload-an-entire-directory)
    - [Upload using a Wildcard Pattern](#upload-using-a-wildcard-pattern)
    - [Upload using Multiple Paths and Exclusions](#upload-using-multiple-paths-and-exclusions)
@@ -34,53 +33,16 @@ See also [download-artifact](https://github.com/actions/download-artifact).
    - [Overwriting an Artifact](#overwriting-an-artifact)
  - [Limitations](#limitations)
    - [Number of Artifacts](#number-of-artifacts)
-    - [Zip archives](#zip-archives)
    - [Permission Loss](#permission-loss)
  - [Where does the upload go?](#where-does-the-upload-go)

+## What's new

-## v6 - What's new
-
-> [!IMPORTANT]
-> actions/upload-artifact@v6 now runs on Node.js 24 (`runs.using: node24`) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.
-
-### Node.js 24
-
-This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.
-
-## v4 - What's new
-
-> [!IMPORTANT]
-> upload-artifact@v4+ is not currently supported on GitHub Enterprise Server (GHES) yet. If you are on GHES, you must use [v3](https://github.com/actions/upload-artifact/releases/tag/v3) (Node 16) or [v3-node20](https://github.com/actions/upload-artifact/releases/tag/v3-node20) (Node 20).
-
-The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.
-
-For more information, see the [`@actions/artifact`](https://github.com/actions/toolkit/tree/main/packages/artifact) documentation.
-
-There is also a new sub-action, `actions/upload-artifact/merge`. For more info, check out that action's [README](./merge/README.md).
-
-### Improvements
-
-1. Uploads are significantly faster, upwards of 90% improvement in worst case scenarios.
-2. Once uploaded, an Artifact ID is returned and Artifacts are immediately available in the UI and [REST API](https://docs.github.com/en/rest/actions/artifacts). Previously, you would have to wait for the run to be completed before an ID was available or any APIs could be utilized.
-3. The contents of an Artifact are uploaded together into an _immutable_ archive. They cannot be altered by subsequent jobs unless the Artifacts are deleted and recreated (where they will have a new ID). Both of these factors help reduce the possibility of accidentally corrupting Artifact files.
-4. The compression level of an Artifact can be manually tweaked for speed or size reduction.
-
-### Breaking Changes
-
-1. On self hosted runners, additional [firewall rules](https://github.com/actions/toolkit/tree/main/packages/artifact#breaking-changes) may be required.
-2. Uploading to the same named Artifact multiple times.
-
-    Due to how Artifacts are created in this new version, it is no longer possible to upload to the same named Artifact multiple times. You must either split the uploads into multiple Artifacts with different names, or only upload once. Otherwise you _will_ encounter an error.
-
-3. Limit of Artifacts for an individual job. Each job in a workflow run now has a limit of 500 artifacts.
-4. With `v4.4` and later, hidden files are excluded by default.
-
-For assistance with breaking changes, see [MIGRATION.md](docs/MIGRATION.md).
+Check out the [releases page](https://github.com/actions/upload-artifact/releases) for details on what's new.

 ## Note

-Thank you for your interest in this GitHub repo, however, right now we are not taking contributions. 
+Thank you for your interest in this GitHub repo, however, right now we are not taking contributions.

 We continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time. The GitHub public roadmap is the best place to follow along for any updates on features we’re working on and what stage they’re in.

@@ -96,12 +58,16 @@ We will still provide security updates for this project and fix major breaking c

 You are welcome to still raise bugs in this repo.

+## GHES Support
+
+`upload-artifact@v4+` is not currently supported on GitHub Enterprise Server (GHES). If you are on GHES, you must use [v3.2.2](https://github.com/actions/upload-artifact/releases/tag/v3.2.2) (Node 24) or [v3.2.2-node20](https://github.com/actions/upload-artifact/releases/tag/v3.2.2-node20) (Node 20).
+
 ## Usage

 ### Inputs

 ```yaml
- uses: actions/upload-artifact@v4
+- uses: actions/upload-artifact@v7
  with:
    # Name of the artifact to upload.
    # Optional. Default is 'artifact'
@@ -142,6 +108,11 @@ You are welcome to still raise bugs in this repo.
    # enabled this to avoid uploading sensitive information.
    # Optional. Default is 'false'
    include-hidden-files:
+
+    # Whether to zip the artifact files before upload
+    # If 'false', only a single file can be uploaded. The name of the file will be used as the artifact name (the 'name' parameter is ignored)
+    # Optional. Default is 'true'
+    archive:
 ```

 ### Outputs
@@ -154,22 +125,34 @@ You are welcome to still raise bugs in this repo.

 ## Examples

-### Upload an Individual File
+### Upload an Individual File (Zipped)

 ```yaml
 steps:
 - run: mkdir -p path/to/artifact
 - run: echo hello > path/to/artifact/world.txt
- uses: actions/upload-artifact@v4
+- uses: actions/upload-artifact@v7
  with:
    name: my-artifact
    path: path/to/artifact/world.txt
 ```

+### Upload an Individual File (Unzipped)
+
+```yaml
+steps:
+- run: mkdir -p path/to/artifact
+- run: echo hello > path/to/artifact/world.txt
+- uses: actions/upload-artifact@v7
+  with:
+    path: path/to/artifact/world.txt
+    archive: false
+```
+
 ### Upload an Entire Directory

 ```yaml
- uses: actions/upload-artifact@v4
+- uses: actions/upload-artifact@v7
  with:
    name: my-artifact
    path: path/to/artifact/ # or path/to/artifact
@@ -178,7 +161,7 @@ steps:
 ### Upload using a Wildcard Pattern

 ```yaml
- uses: actions/upload-artifact@v4
+- uses: actions/upload-artifact@v7
  with:
    name: my-artifact
    path: path/**/[abc]rtifac?/*
@@ -187,7 +170,7 @@ steps:
 ### Upload using Multiple Paths and Exclusions

 ```yaml
- uses: actions/upload-artifact@v4
+- uses: actions/upload-artifact@v7
  with:
    name: my-artifact
    path: |
@@ -235,7 +218,7 @@ For instance, if you are uploading random binary data, you can save a lot of tim
 - name: Make a 1GB random binary file
  run: |
    dd if=/dev/urandom of=my-1gb-file bs=1M count=1000
- uses: actions/upload-artifact@v4
+- uses: actions/upload-artifact@v7
  with:
    name: my-artifact
    path: my-1gb-file
@@ -248,7 +231,7 @@ But, if you are uploading data that is easily compressed (like plaintext, code,
 - name: Make a file with a lot of repeated text
  run: |
    for i in {1..100000}; do echo -n 'foobar' >> foobar.txt; done
- uses: actions/upload-artifact@v4
+- uses: actions/upload-artifact@v7
  with:
    name: my-artifact
    path: foobar.txt
@@ -260,7 +243,7 @@ But, if you are uploading data that is easily compressed (like plaintext, code,
 If a path (or paths), result in no files being found for the artifact, the action will succeed but print out a warning. In certain scenarios it may be desirable to fail the action or suppress the warning. The `if-no-files-found` option allows you to customize the behavior of the action if no files are found:

 ```yaml
- uses: actions/upload-artifact@v4
+- uses: actions/upload-artifact@v7
  with:
    name: my-artifact
    path: path/to/artifact/
@@ -273,13 +256,13 @@ Unlike earlier versions of `upload-artifact`, uploading to the same artifact via

 ```yaml
 - run: echo hi > world.txt
- uses: actions/upload-artifact@v4
+- uses: actions/upload-artifact@v7
  with:
    # implicitly named as 'artifact'
    path: world.txt

 - run: echo howdy > extra-file.txt
- uses: actions/upload-artifact@v4
+- uses: actions/upload-artifact@v7
  with:
    # also implicitly named as 'artifact', will fail here!
    path: extra-file.txt
@@ -305,7 +288,7 @@ jobs:
    - name: Build
      run: ./some-script --version=${{ matrix.version }} > my-binary
    - name: Upload
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v7
      with:
        name: binary-${{ matrix.os }}-${{ matrix.version }}
        path: my-binary
@@ -323,7 +306,7 @@ You can use `~` in the path input as a substitute for `$HOME`. Basic tilde expan
  - run: |
      mkdir -p ~/new/artifact
      echo hello > ~/new/artifact/world.txt
-  - uses: actions/upload-artifact@v4
+  - uses: actions/upload-artifact@v7
    with:
      name: my-artifacts
      path: ~/new/**/*
@@ -338,7 +321,7 @@ Environment variables along with context expressions can also be used for input.
    - run: |
        mkdir -p ${{ github.workspace }}/artifact
        echo hello > ${{ github.workspace }}/artifact/world.txt
-    - uses: actions/upload-artifact@v4
+    - uses: actions/upload-artifact@v7
      with:
        name: ${{ env.name }}-name
        path: ${{ github.workspace }}/artifact/**/*
@@ -352,7 +335,7 @@ For environment variables created in other steps, make sure to use the `env` exp
        mkdir testing
        echo "This is a file to upload" > testing/file.txt
        echo "artifactPath=testing/file.txt" >> $GITHUB_ENV
-    - uses: actions/upload-artifact@v4
+    - uses: actions/upload-artifact@v7
      with:
        name: artifact
        path: ${{ env.artifactPath }} # this will resolve to testing/file.txt at runtime
@@ -367,7 +350,7 @@ Artifacts are retained for 90 days by default. You can specify a shorter retenti
    run: echo "I won't live long" > my_file.txt

  - name: Upload Artifact
-    uses: actions/upload-artifact@v4
+    uses: actions/upload-artifact@v7
    with:
      name: my-artifact
      path: my_file.txt
@@ -383,7 +366,7 @@ If an artifact upload is successful then an `artifact-id` output is available. T
 #### Example output between steps

 ```yml
-    - uses: actions/upload-artifact@v4
+    - uses: actions/upload-artifact@v7
      id: artifact-upload-step
      with:
        name: my-artifact
@@ -402,7 +385,7 @@ jobs:
    outputs:
      output1: ${{ steps.artifact-upload-step.outputs.artifact-id }}
    steps:
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v7
        id: artifact-upload-step
        with:
          name: my-artifact
@@ -428,7 +411,7 @@ jobs:
      - name: Create a file
        run: echo "hello world" > my-file.txt
      - name: Upload Artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
        with:
          name: my-artifact # NOTE: same artifact name
          path: my-file.txt
@@ -439,7 +422,7 @@ jobs:
      - name: Create a different file
        run: echo "goodbye world" > my-file.txt
      - name: Upload Artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
        with:
          name: my-artifact # NOTE: same artifact name
          path: my-file.txt
@@ -455,7 +438,7 @@ Any files that contain sensitive information that should not be in the uploaded
 using the `path`:

 ```yaml
- uses: actions/upload-artifact@v4
+- uses: actions/upload-artifact@v7
  with:
    name: my-artifact
    include-hidden-files: true
@@ -476,25 +459,21 @@ Within an individual job, there is a limit of 500 artifacts that can be created

 You may also be limited by Artifacts if you have exceeded your shared storage quota. Storage is calculated every 6-12 hours. See [the documentation](https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions#calculating-minute-and-storage-spending) for more info.

-### Zip archives
-
-When an Artifact is uploaded, all the files are assembled into an immutable Zip archive. There is currently no way to download artifacts in a format other than a Zip or to download individual artifact contents.
-
 ### Permission Loss

-File permissions are not maintained during artifact upload. All directories will have `755` and all files will have `644`. For example, if you make a file executable using `chmod` and then upload that file, post-download the file is no longer guaranteed to be set as an executable.
+File permissions are not maintained during zipped artifact upload. All directories will have `755` and all files will have `644`. For example, if you make a file executable using `chmod` and then upload that file with `archive: true`, post-download the file is no longer guaranteed to be set as an executable.

-If you must preserve permissions, you can `tar` all of your files together before artifact upload. Post download, the `tar` file will maintain file permissions and case sensitivity.
+If you must preserve permissions, you can `tar` all of your files together before artifact upload and upload that file directly with `archive: false`. Post download, the `tar` file will maintain file permissions and case sensitivity.

 ```yaml
 - name: 'Tar files'
  run: tar -cvf my_files.tar /path/to/my/directory

 - name: 'Upload Artifact'
-  uses: actions/upload-artifact@v4
+  uses: actions/upload-artifact@v7
  with:
-    name: my-artifact
    path: my_files.tar
+    archive: false
 ```

 ## Where does the upload go?
--- a/dist/merge/index.js
+++ b/dist/merge/index.js
@@ -88021,13 +88021,13 @@ class Sanitizer {
                    message: value.message,
                };
            }
-            if (key === "headers") {
+            if (key === "headers" && isObject(value)) {
                return this.sanitizeHeaders(value);
            }
-            else if (key === "url") {
+            else if (key === "url" && typeof value === "string") {
                return this.sanitizeUrl(value);
            }
-            else if (key === "query") {
+            else if (key === "query" && isObject(value)) {
                return this.sanitizeQuery(value);
            }
            else if (key === "body") {
@@ -88598,6 +88598,68 @@ function logPolicy_logPolicy(options = {}) {
    };
 }
 //# sourceMappingURL=logPolicy.js.map
+;// CONCATENATED MODULE: ./node_modules/@typespec/ts-http-runtime/dist/esm/policies/redirectPolicy.js
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+/**
+ * The programmatic identifier of the redirectPolicy.
+ */
+const redirectPolicyName = "redirectPolicy";
+/**
+ * Methods that are allowed to follow redirects 301 and 302
+ */
+const allowedRedirect = ["GET", "HEAD"];
+/**
+ * A policy to follow Location headers from the server in order
+ * to support server-side redirection.
+ * In the browser, this policy is not used.
+ * @param options - Options to control policy behavior.
+ */
+function redirectPolicy_redirectPolicy(options = {}) {
+    const { maxRetries = 20, allowCrossOriginRedirects = false } = options;
+    return {
+        name: redirectPolicyName,
+        async sendRequest(request, next) {
+            const response = await next(request);
+            return handleRedirect(next, response, maxRetries, allowCrossOriginRedirects);
+        },
+    };
+}
+async function handleRedirect(next, response, maxRetries, allowCrossOriginRedirects, currentRetries = 0) {
+    const { request, status, headers } = response;
+    const locationHeader = headers.get("location");
+    if (locationHeader &&
+        (status === 300 ||
+            (status === 301 && allowedRedirect.includes(request.method)) ||
+            (status === 302 && allowedRedirect.includes(request.method)) ||
+            (status === 303 && request.method === "POST") ||
+            status === 307) &&
+        currentRetries < maxRetries) {
+        const url = new URL(locationHeader, request.url);
+        // Only follow redirects to the same origin by default.
+        if (!allowCrossOriginRedirects) {
+            const originalUrl = new URL(request.url);
+            if (url.origin !== originalUrl.origin) {
+                log_logger.verbose(`Skipping cross-origin redirect from ${originalUrl.origin} to ${url.origin}.`);
+                return response;
+            }
+        }
+        request.url = url.toString();
+        // POST request with Status code 303 should be converted into a
+        // redirected GET request if the redirect url is present in the location header
+        if (status === 303) {
+            request.method = "GET";
+            request.headers.delete("Content-Length");
+            delete request.body;
+        }
+        request.headers.delete("Authorization");
+        const res = await next(request);
+        return handleRedirect(next, res, maxRetries, allowCrossOriginRedirects, currentRetries + 1);
+    }
+    return response;
+}
+//# sourceMappingURL=redirectPolicy.js.map
 ;// CONCATENATED MODULE: ./node_modules/@typespec/ts-http-runtime/dist/esm/util/userAgentPlatform.js
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
@@ -88615,15 +88677,14 @@ function getHeaderName() {
 async function userAgentPlatform_setPlatformSpecificData(map) {
    if (process && process.versions) {
        const osInfo = `${os.type()} ${os.release()}; ${os.arch()}`;
-        const versions = process.versions;
-        if (versions.bun) {
-            map.set("Bun", `${versions.bun} (${osInfo})`);
+        if (process.versions.bun) {
+            map.set("Bun", `${process.versions.bun} (${osInfo})`);
        }
-        else if (versions.deno) {
-            map.set("Deno", `${versions.deno} (${osInfo})`);
+        else if (process.versions.deno) {
+            map.set("Deno", `${process.versions.deno} (${osInfo})`);
        }
-        else if (versions.node) {
-            map.set("Node", `${versions.node} (${osInfo})`);
+        else if (process.versions.node) {
+            map.set("Node", `${process.versions.node} (${osInfo})`);
        }
    }
 }
@@ -88930,7 +88991,7 @@ function isSystemError(err) {
 ;// CONCATENATED MODULE: ./node_modules/@typespec/ts-http-runtime/dist/esm/constants.js
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
-const constants_SDK_VERSION = "0.3.3";
+const constants_SDK_VERSION = "0.3.5";
 const constants_DEFAULT_RETRY_POLICY_COUNT = 3;
 //# sourceMappingURL=constants.js.map
 ;// CONCATENATED MODULE: ./node_modules/@typespec/ts-http-runtime/dist/esm/policies/retryPolicy.js
@@ -88940,6 +89001,7 @@ const constants_DEFAULT_RETRY_POLICY_COUNT = 3;



+
 const retryPolicyLogger = createClientLogger("ts-http-runtime retryPolicy");
 /**
 * The programmatic identifier of the retryPolicy.
@@ -88970,11 +89032,11 @@ function retryPolicy_retryPolicy(strategies, options = { maxRetries: constants_D
                    // RestErrors are valid targets for the retry strategies.
                    // If none of the retry strategies can work with them, they will be thrown later in this policy.
                    // If the received error is not a RestError, it is immediately thrown.
-                    responseError = e;
-                    if (!e || responseError.name !== "RestError") {
+                    if (!restError_isRestError(e)) {
                        throw e;
                    }
-                    response = responseError.response;
+                    responseError = e;
+                    response = e.response;
                }
                if (request.abortSignal?.aborted) {
                    logger.error(`Retry ${retryCount}: Request aborted.`);
@@ -89375,16 +89437,15 @@ function setProxyAgentOnRequest(request, cachedAgents, proxyUrl) {
    if (request.tlsSettings) {
        log_logger.warning("TLS settings are not supported in combination with custom Proxy, certificates provided to the client will be ignored.");
    }
-    const headers = request.headers.toJSON();
    if (isInsecure) {
        if (!cachedAgents.httpProxyAgent) {
-            cachedAgents.httpProxyAgent = new http_proxy_agent_dist.HttpProxyAgent(proxyUrl, { headers });
+            cachedAgents.httpProxyAgent = new http_proxy_agent_dist.HttpProxyAgent(proxyUrl);
        }
        request.agent = cachedAgents.httpProxyAgent;
    }
    else {
        if (!cachedAgents.httpsProxyAgent) {
-            cachedAgents.httpsProxyAgent = new dist.HttpsProxyAgent(proxyUrl, { headers });
+            cachedAgents.httpsProxyAgent = new dist.HttpsProxyAgent(proxyUrl);
        }
        request.agent = cachedAgents.httpsProxyAgent;
    }
@@ -89436,13 +89497,13 @@ function typeGuards_isBinaryBody(body) {
        (body instanceof Uint8Array ||
            typeGuards_isReadableStream(body) ||
            typeof body === "function" ||
-            body instanceof Blob));
+            (typeof Blob !== "undefined" && body instanceof Blob)));
 }
 function typeGuards_isReadableStream(x) {
    return isNodeReadableStream(x) || isWebReadableStream(x);
 }
-function isBlob(x) {
-    return typeof x.stream === "function";
+function typeGuards_isBlob(x) {
+    return typeof Blob !== "undefined" && x instanceof Blob;
 }
 //# sourceMappingURL=typeGuards.js.map
 // EXTERNAL MODULE: external "stream"
@@ -89488,7 +89549,7 @@ function toStream(source) {
    if (source instanceof Uint8Array) {
        return external_stream_.Readable.from(Buffer.from(source));
    }
-    else if (isBlob(source)) {
+    else if (typeGuards_isBlob(source)) {
        return ensureNodeStream(source.stream());
    }
    else {
@@ -89538,7 +89599,7 @@ function getLength(source) {
    if (source instanceof Uint8Array) {
        return source.byteLength;
    }
-    else if (isBlob(source)) {
+    else if (typeGuards_isBlob(source)) {
        // if was created using createFile then -1 means we have an unknown size
        return source.size === -1 ? undefined : source.size;
    }
@@ -90067,9 +90128,14 @@ async function sendRequest_sendRequest(method, url, pipeline, options = {}, cust
 * @returns returns the content-type
 */
 function getRequestContentType(options = {}) {
-    return (options.contentType ??
-        options.headers?.["content-type"] ??
-        getContentType(options.body));
+    if (options.contentType) {
+        return options.contentType;
+    }
+    const headerContentType = options.headers?.["content-type"];
+    if (typeof headerContentType === "string") {
+        return headerContentType;
+    }
+    return getContentType(options.body);
 }
 /**
 * Function to determine the content-type of a body
@@ -90084,6 +90150,9 @@ function getContentType(body) {
    if (ArrayBuffer.isView(body)) {
        return "application/octet-stream";
    }
+    if (isBlob(body) && body.type) {
+        return body.type;
+    }
    if (typeof body === "string") {
        try {
            JSON.parse(body);
@@ -90134,9 +90203,15 @@ function getRequestBody(body, contentType = "") {
    if (typeof FormData !== "undefined" && body instanceof FormData) {
        return { body };
    }
+    if (isBlob(body)) {
+        return { body };
+    }
    if (isReadableStream(body)) {
        return { body };
    }
+    if (typeof body === "function") {
+        return { body: body };
+    }
    if (ArrayBuffer.isView(body)) {
        return { body: body instanceof Uint8Array ? body : JSON.stringify(body) };
    }
@@ -90326,8 +90401,6 @@ function statusCodeToNumber(statusCode) {



-
-
 //# sourceMappingURL=index.js.map
 ;// CONCATENATED MODULE: ./node_modules/@azure/core-rest-pipeline/dist/esm/pipeline.js
 // Copyright (c) Microsoft Corporation.
@@ -90524,59 +90597,6 @@ function throttlingRetryPolicy(options = {}) {
    };
 }
 //# sourceMappingURL=throttlingRetryPolicy.js.map
-;// CONCATENATED MODULE: ./node_modules/@typespec/ts-http-runtime/dist/esm/policies/redirectPolicy.js
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-/**
- * The programmatic identifier of the redirectPolicy.
- */
-const redirectPolicyName = "redirectPolicy";
-/**
- * Methods that are allowed to follow redirects 301 and 302
- */
-const allowedRedirect = ["GET", "HEAD"];
-/**
- * A policy to follow Location headers from the server in order
- * to support server-side redirection.
- * In the browser, this policy is not used.
- * @param options - Options to control policy behavior.
- */
-function redirectPolicy_redirectPolicy(options = {}) {
-    const { maxRetries = 20 } = options;
-    return {
-        name: redirectPolicyName,
-        async sendRequest(request, next) {
-            const response = await next(request);
-            return handleRedirect(next, response, maxRetries);
-        },
-    };
-}
-async function handleRedirect(next, response, maxRetries, currentRetries = 0) {
-    const { request, status, headers } = response;
-    const locationHeader = headers.get("location");
-    if (locationHeader &&
-        (status === 300 ||
-            (status === 301 && allowedRedirect.includes(request.method)) ||
-            (status === 302 && allowedRedirect.includes(request.method)) ||
-            (status === 303 && request.method === "POST") ||
-            status === 307) &&
-        currentRetries < maxRetries) {
-        const url = new URL(locationHeader, request.url);
-        request.url = url.toString();
-        // POST request with Status code 303 should be converted into a
-        // redirected GET request if the redirect url is present in the location header
-        if (status === 303) {
-            request.method = "GET";
-            request.headers.delete("Content-Length");
-            delete request.body;
-        }
-        request.headers.delete("Authorization");
-        const res = await next(request);
-        return handleRedirect(next, res, maxRetries, currentRetries + 1);
-    }
-    return response;
-}
-//# sourceMappingURL=redirectPolicy.js.map
 ;// CONCATENATED MODULE: ./node_modules/@typespec/ts-http-runtime/dist/esm/policies/tlsPolicy.js
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
--- a/dist/upload/index.js
+++ b/dist/upload/index.js
@@ -85596,13 +85596,13 @@ class Sanitizer {
                    message: value.message,
                };
            }
-            if (key === "headers") {
+            if (key === "headers" && isObject(value)) {
                return this.sanitizeHeaders(value);
            }
-            else if (key === "url") {
+            else if (key === "url" && typeof value === "string") {
                return this.sanitizeUrl(value);
            }
-            else if (key === "query") {
+            else if (key === "query" && isObject(value)) {
                return this.sanitizeQuery(value);
            }
            else if (key === "body") {
@@ -86173,6 +86173,68 @@ function logPolicy_logPolicy(options = {}) {
    };
 }
 //# sourceMappingURL=logPolicy.js.map
+;// CONCATENATED MODULE: ./node_modules/@typespec/ts-http-runtime/dist/esm/policies/redirectPolicy.js
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+/**
+ * The programmatic identifier of the redirectPolicy.
+ */
+const redirectPolicyName = "redirectPolicy";
+/**
+ * Methods that are allowed to follow redirects 301 and 302
+ */
+const allowedRedirect = ["GET", "HEAD"];
+/**
+ * A policy to follow Location headers from the server in order
+ * to support server-side redirection.
+ * In the browser, this policy is not used.
+ * @param options - Options to control policy behavior.
+ */
+function redirectPolicy_redirectPolicy(options = {}) {
+    const { maxRetries = 20, allowCrossOriginRedirects = false } = options;
+    return {
+        name: redirectPolicyName,
+        async sendRequest(request, next) {
+            const response = await next(request);
+            return handleRedirect(next, response, maxRetries, allowCrossOriginRedirects);
+        },
+    };
+}
+async function handleRedirect(next, response, maxRetries, allowCrossOriginRedirects, currentRetries = 0) {
+    const { request, status, headers } = response;
+    const locationHeader = headers.get("location");
+    if (locationHeader &&
+        (status === 300 ||
+            (status === 301 && allowedRedirect.includes(request.method)) ||
+            (status === 302 && allowedRedirect.includes(request.method)) ||
+            (status === 303 && request.method === "POST") ||
+            status === 307) &&
+        currentRetries < maxRetries) {
+        const url = new URL(locationHeader, request.url);
+        // Only follow redirects to the same origin by default.
+        if (!allowCrossOriginRedirects) {
+            const originalUrl = new URL(request.url);
+            if (url.origin !== originalUrl.origin) {
+                log_logger.verbose(`Skipping cross-origin redirect from ${originalUrl.origin} to ${url.origin}.`);
+                return response;
+            }
+        }
+        request.url = url.toString();
+        // POST request with Status code 303 should be converted into a
+        // redirected GET request if the redirect url is present in the location header
+        if (status === 303) {
+            request.method = "GET";
+            request.headers.delete("Content-Length");
+            delete request.body;
+        }
+        request.headers.delete("Authorization");
+        const res = await next(request);
+        return handleRedirect(next, res, maxRetries, allowCrossOriginRedirects, currentRetries + 1);
+    }
+    return response;
+}
+//# sourceMappingURL=redirectPolicy.js.map
 ;// CONCATENATED MODULE: ./node_modules/@typespec/ts-http-runtime/dist/esm/util/userAgentPlatform.js
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
@@ -86190,15 +86252,14 @@ function getHeaderName() {
 async function userAgentPlatform_setPlatformSpecificData(map) {
    if (process && process.versions) {
        const osInfo = `${os.type()} ${os.release()}; ${os.arch()}`;
-        const versions = process.versions;
-        if (versions.bun) {
-            map.set("Bun", `${versions.bun} (${osInfo})`);
+        if (process.versions.bun) {
+            map.set("Bun", `${process.versions.bun} (${osInfo})`);
        }
-        else if (versions.deno) {
-            map.set("Deno", `${versions.deno} (${osInfo})`);
+        else if (process.versions.deno) {
+            map.set("Deno", `${process.versions.deno} (${osInfo})`);
        }
-        else if (versions.node) {
-            map.set("Node", `${versions.node} (${osInfo})`);
+        else if (process.versions.node) {
+            map.set("Node", `${process.versions.node} (${osInfo})`);
        }
    }
 }
@@ -86505,7 +86566,7 @@ function isSystemError(err) {
 ;// CONCATENATED MODULE: ./node_modules/@typespec/ts-http-runtime/dist/esm/constants.js
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
-const constants_SDK_VERSION = "0.3.3";
+const constants_SDK_VERSION = "0.3.5";
 const constants_DEFAULT_RETRY_POLICY_COUNT = 3;
 //# sourceMappingURL=constants.js.map
 ;// CONCATENATED MODULE: ./node_modules/@typespec/ts-http-runtime/dist/esm/policies/retryPolicy.js
@@ -86515,6 +86576,7 @@ const constants_DEFAULT_RETRY_POLICY_COUNT = 3;



+
 const retryPolicyLogger = createClientLogger("ts-http-runtime retryPolicy");
 /**
 * The programmatic identifier of the retryPolicy.
@@ -86545,11 +86607,11 @@ function retryPolicy_retryPolicy(strategies, options = { maxRetries: constants_D
                    // RestErrors are valid targets for the retry strategies.
                    // If none of the retry strategies can work with them, they will be thrown later in this policy.
                    // If the received error is not a RestError, it is immediately thrown.
-                    responseError = e;
-                    if (!e || responseError.name !== "RestError") {
+                    if (!restError_isRestError(e)) {
                        throw e;
                    }
-                    response = responseError.response;
+                    responseError = e;
+                    response = e.response;
                }
                if (request.abortSignal?.aborted) {
                    logger.error(`Retry ${retryCount}: Request aborted.`);
@@ -86950,16 +87012,15 @@ function setProxyAgentOnRequest(request, cachedAgents, proxyUrl) {
    if (request.tlsSettings) {
        log_logger.warning("TLS settings are not supported in combination with custom Proxy, certificates provided to the client will be ignored.");
    }
-    const headers = request.headers.toJSON();
    if (isInsecure) {
        if (!cachedAgents.httpProxyAgent) {
-            cachedAgents.httpProxyAgent = new http_proxy_agent_dist.HttpProxyAgent(proxyUrl, { headers });
+            cachedAgents.httpProxyAgent = new http_proxy_agent_dist.HttpProxyAgent(proxyUrl);
        }
        request.agent = cachedAgents.httpProxyAgent;
    }
    else {
        if (!cachedAgents.httpsProxyAgent) {
-            cachedAgents.httpsProxyAgent = new dist.HttpsProxyAgent(proxyUrl, { headers });
+            cachedAgents.httpsProxyAgent = new dist.HttpsProxyAgent(proxyUrl);
        }
        request.agent = cachedAgents.httpsProxyAgent;
    }
@@ -87011,13 +87072,13 @@ function typeGuards_isBinaryBody(body) {
        (body instanceof Uint8Array ||
            typeGuards_isReadableStream(body) ||
            typeof body === "function" ||
-            body instanceof Blob));
+            (typeof Blob !== "undefined" && body instanceof Blob)));
 }
 function typeGuards_isReadableStream(x) {
    return isNodeReadableStream(x) || isWebReadableStream(x);
 }
-function isBlob(x) {
-    return typeof x.stream === "function";
+function typeGuards_isBlob(x) {
+    return typeof Blob !== "undefined" && x instanceof Blob;
 }
 //# sourceMappingURL=typeGuards.js.map
 // EXTERNAL MODULE: external "stream"
@@ -87063,7 +87124,7 @@ function toStream(source) {
    if (source instanceof Uint8Array) {
        return external_stream_.Readable.from(Buffer.from(source));
    }
-    else if (isBlob(source)) {
+    else if (typeGuards_isBlob(source)) {
        return ensureNodeStream(source.stream());
    }
    else {
@@ -87113,7 +87174,7 @@ function getLength(source) {
    if (source instanceof Uint8Array) {
        return source.byteLength;
    }
-    else if (isBlob(source)) {
+    else if (typeGuards_isBlob(source)) {
        // if was created using createFile then -1 means we have an unknown size
        return source.size === -1 ? undefined : source.size;
    }
@@ -87642,9 +87703,14 @@ async function sendRequest_sendRequest(method, url, pipeline, options = {}, cust
 * @returns returns the content-type
 */
 function getRequestContentType(options = {}) {
-    return (options.contentType ??
-        options.headers?.["content-type"] ??
-        getContentType(options.body));
+    if (options.contentType) {
+        return options.contentType;
+    }
+    const headerContentType = options.headers?.["content-type"];
+    if (typeof headerContentType === "string") {
+        return headerContentType;
+    }
+    return getContentType(options.body);
 }
 /**
 * Function to determine the content-type of a body
@@ -87659,6 +87725,9 @@ function getContentType(body) {
    if (ArrayBuffer.isView(body)) {
        return "application/octet-stream";
    }
+    if (isBlob(body) && body.type) {
+        return body.type;
+    }
    if (typeof body === "string") {
        try {
            JSON.parse(body);
@@ -87709,9 +87778,15 @@ function getRequestBody(body, contentType = "") {
    if (typeof FormData !== "undefined" && body instanceof FormData) {
        return { body };
    }
+    if (isBlob(body)) {
+        return { body };
+    }
    if (isReadableStream(body)) {
        return { body };
    }
+    if (typeof body === "function") {
+        return { body: body };
+    }
    if (ArrayBuffer.isView(body)) {
        return { body: body instanceof Uint8Array ? body : JSON.stringify(body) };
    }
@@ -87901,8 +87976,6 @@ function statusCodeToNumber(statusCode) {



-
-
 //# sourceMappingURL=index.js.map
 ;// CONCATENATED MODULE: ./node_modules/@azure/core-rest-pipeline/dist/esm/pipeline.js
 // Copyright (c) Microsoft Corporation.
@@ -88099,59 +88172,6 @@ function throttlingRetryPolicy(options = {}) {
    };
 }
 //# sourceMappingURL=throttlingRetryPolicy.js.map
-;// CONCATENATED MODULE: ./node_modules/@typespec/ts-http-runtime/dist/esm/policies/redirectPolicy.js
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-/**
- * The programmatic identifier of the redirectPolicy.
- */
-const redirectPolicyName = "redirectPolicy";
-/**
- * Methods that are allowed to follow redirects 301 and 302
- */
-const allowedRedirect = ["GET", "HEAD"];
-/**
- * A policy to follow Location headers from the server in order
- * to support server-side redirection.
- * In the browser, this policy is not used.
- * @param options - Options to control policy behavior.
- */
-function redirectPolicy_redirectPolicy(options = {}) {
-    const { maxRetries = 20 } = options;
-    return {
-        name: redirectPolicyName,
-        async sendRequest(request, next) {
-            const response = await next(request);
-            return handleRedirect(next, response, maxRetries);
-        },
-    };
-}
-async function handleRedirect(next, response, maxRetries, currentRetries = 0) {
-    const { request, status, headers } = response;
-    const locationHeader = headers.get("location");
-    if (locationHeader &&
-        (status === 300 ||
-            (status === 301 && allowedRedirect.includes(request.method)) ||
-            (status === 302 && allowedRedirect.includes(request.method)) ||
-            (status === 303 && request.method === "POST") ||
-            status === 307) &&
-        currentRetries < maxRetries) {
-        const url = new URL(locationHeader, request.url);
-        request.url = url.toString();
-        // POST request with Status code 303 should be converted into a
-        // redirected GET request if the redirect url is present in the location header
-        if (status === 303) {
-            request.method = "GET";
-            request.headers.delete("Content-Length");
-            delete request.body;
-        }
-        request.headers.delete("Authorization");
-        const res = await next(request);
-        return handleRedirect(next, res, maxRetries, currentRetries + 1);
-    }
-    return response;
-}
-//# sourceMappingURL=redirectPolicy.js.map
 ;// CONCATENATED MODULE: ./node_modules/@typespec/ts-http-runtime/dist/esm/policies/tlsPolicy.js
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "upload-artifact",
-  "version": "7.0.0",
+  "version": "7.0.1",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "upload-artifact",
-      "version": "7.0.0",
+      "version": "7.0.1",
      "license": "MIT",
      "dependencies": {
        "@actions/artifact": "^6.2.0",
@@ -2477,9 +2477,9 @@
      }
    },
    "node_modules/@typespec/ts-http-runtime": {
-      "version": "0.3.3",
-      "resolved": "https://registry.npmjs.org/@typespec/ts-http-runtime/-/ts-http-runtime-0.3.3.tgz",
-      "integrity": "sha512-91fp6CAAJSRtH5ja95T1FHSKa8aPW9/Zw6cta81jlZTUw/+Vq8jM/AfF/14h2b71wwR84JUTW/3Y8QPhDAawFA==",
+      "version": "0.3.5",
+      "resolved": "https://registry.npmjs.org/@typespec/ts-http-runtime/-/ts-http-runtime-0.3.5.tgz",
+      "integrity": "sha512-yURCknZhvywvQItHMMmFSo+fq5arCUIyz/CVk7jD89MSai7dkaX8ufjCWp3NttLojoTVbcE72ri+be/TnEbMHw==",
      "license": "MIT",
      "dependencies": {
        "http-proxy-agent": "^7.0.0",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "upload-artifact",
-  "version": "7.0.0",
+  "version": "7.0.1",
  "description": "Upload an Actions Artifact in a workflow run",
  "type": "module",
  "main": "dist/upload/index.js",
Author	SHA1	Message	Date
Yang Cao	634250c138	Include changes in typespec/ts-http-runtime 0.3.5	2026-04-10 11:58:04 -04:00
Daniel Kennedy	e454baaac2	Readme: bump all the example versions to v7 (#796 )	2026-04-10 10:55:51 -04:00
Daniel Kennedy	74fad66b98	Update the readme with direct upload details (#795 ) * Update the readme with direct upload details * Update the TOC and remove a section * Fix some wording * Remove a tautology	2026-04-10 10:49:57 -04:00