World-writable permissions allow other processes on shared runners to replace the helm binary or inject files between download and execution.
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
- Add "type": "module" to package.json for ESM support
- Replace ncc with esbuild for bundling (with createRequire banner for CJS compat)
- Replace jest/ts-jest with vitest for testing
- Upgrade @actions/core to ^3.0.0, @actions/exec to ^3.0.0, @actions/io to ^3.0.2, @actions/tool-cache to 4.0.0 (ESM-only versions)
- Update tsconfig.json to use NodeNext module resolution
- Convert all tests to use vi.mock() factory pattern for ESM-only module compatibility
- Update action.yml runtime from node20 to node24
- Bump version from 4.3.1 to 5.0.0 (major version bump for breaking node runtime change)
* Action update:
- Bump all dependencies
- Rewrite `getLatestHelmVersion()` function without graphql
* Bump stableHelmVersion
* Update readme and action.yaml
* Revert and rewrite with @octokit/action
* Add latest to integration test
* Bump action's versions
* Set github.token as default input
* Replace deprecated jest methods
* Add prettier to dev dependencies, fix prettier issues
* Added version validation check
* Added check for latest
* Changed Helm 3.5.0 test to also test lack of v in version
* Pushing integration tests
* Removed push integration test
* Added more context to integration test
* Addressing comment
* Adding graphql to find out latest helm version of specified type
* Updating package-loc.json
* Updating js file
* Fixing PR comments
* Adding feature flag as environment variable
* Changing feature flag name
* Updating package-loc.json