Merge branch 'main' into t/h-3870-allow-adding-parameters-to-json-bas…

…ed-benchmarks

.dockerignore

@@ -105,6 +105,7 @@ blocks/**/.env
 **/dist
 **/build
 **/target
+**/pkg
 
 # vscode config
 **/.vscode/settings.json

.env

@@ -110,12 +110,19 @@ HASH_TELEMETRY_DESTINATION=REPLACE_ME.aws.com
 # Is used for differentiating different apps, can be any value
 HASH_TELEMETRY_APP_ID=hash-app
 
+###########################################
 # Disable telemetry from third-party dependencies who transmit IP addresses
-NEXT_TELEMETRY_DISABLED=1 # Vercel Next.js
-TURBO_TELEMETRY_DISABLED=1 # Vercel Turborepo
-YARN_ENABLE_TELEMETRY=0 # Yarn
-ARTILLERY_DISABLE_TELEMETRY=true # Artillery
-CHECKPOINT_DISABLE=1 # Terraform and others
+###########################################
+# Vercel Next.js
+NEXT_TELEMETRY_DISABLED=1
+# Vercel Turborepo
+TURBO_TELEMETRY_DISABLED=1
+# Yarn
+YARN_ENABLE_TELEMETRY=0
+# Artillery
+ARTILLERY_DISABLE_TELEMETRY=true
+# Terraform and others
+CHECKPOINT_DISABLE=1
 
 ###########################################
 ## Aliases for dockerized external services

.github/actions/build-docker-images/action.yml

@@ -53,7 +53,7 @@ runs:
         echo "GRAPH_PROFILE=$GRAPH_PROFILE" >> $GITHUB_ENV
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+      uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
 
     - name: Login to GitHub Container Registry
       uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0

.github/actions/docker-ecr-login/action.yml

@@ -33,4 +33,4 @@ runs:
 
     # Configure Docker with Buildx
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+      uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0

.github/actions/load-docker-images/action.yml

@@ -22,7 +22,7 @@ runs:
   using: "composite"
   steps:
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+      uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
 
     - name: Load tags
       shell: bash

.github/actions/warm-up-repo/action.yml

@@ -13,11 +13,11 @@ runs:
   steps:
     - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
       with:
-        node-version: 20 ## aligned with Node version on Vercel
+        node-version: 22 ## aligned with Node version on Vercel
         # cache: yarn ## Currently disabled because of frequent timeouts
 
     - name: Install WASM tools
-      uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8
+      uses: taiki-e/install-action@a86da1a3cb51967612c80d6dc98c5cac03a73025 # v2.47.7
       with:
         tool: wasm-pack@0.12.1
 

.github/renovate.json

@@ -24,7 +24,7 @@
   "npm": {
     "minimumReleaseAge": "3 days"
   },
-  "postUpdateOptions": ["yarnDedupeFewer"],
+  "postUpdateOptions": ["yarnDedupeHighest"],
   "rebaseWhen": "conflicted",
   "semanticCommits": "disabled",
   "schedule": ["before 4am every weekday", "every weekend"],
@@ -75,8 +75,7 @@
         "/^vite-/",
         "/vitest$/",
         "/lint-staged/",
-        "/lockfile-lint/",
-        "/markdownlint-cli/",
+        "/markdownlint-cli2/",
         "/^prettier/",
         "/prettier$/",
         "/rimraf/",

.github/workflows/bench.yml

@@ -99,7 +99,7 @@ jobs:
 
       - name: Install Rust tools
         if: steps.benches.outputs.has-rust == 'true'
-        uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8
+        uses: taiki-e/install-action@a86da1a3cb51967612c80d6dc98c5cac03a73025 # v2.47.7
         with:
           tool: just@1.34.0,critcmp@0.1.8
 
@@ -136,7 +136,7 @@ jobs:
 
       - name: Cache Rust dependencies
         if: steps.benches.outputs.has-rust == 'true'
-        uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
+        uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
         with:
           workspaces: ${{ matrix.directory }}
           save-if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
@@ -201,7 +201,7 @@ jobs:
 
       - name: Upload benchmark summary
         if: steps.benches.outputs.create-baseline == 'true'
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: ${{ env.TRIMMED_PACKAGE_NAME }}_${{ github.job }}
           path: /tmp/${{ env.TRIMMED_PACKAGE_NAME }}.md
@@ -251,7 +251,7 @@ jobs:
 
       - name: Install Rust tools
         if: steps.benches.outputs.has-rust == 'true'
-        uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8
+        uses: taiki-e/install-action@a86da1a3cb51967612c80d6dc98c5cac03a73025 # v2.47.7
         with:
           tool: just@1.34.0,critcmp@0.1.8
 
@@ -288,7 +288,7 @@ jobs:
 
       - name: Cache Rust dependencies
         if: steps.benches.outputs.has-rust == 'true'
-        uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
+        uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
         with:
           workspaces: ${{ matrix.directory }}
           save-if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
@@ -379,7 +379,7 @@ jobs:
 
       - name: Upload benchmark summary
         if: steps.benches.outputs.create-baseline == 'true'
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: ${{ env.TRIMMED_PACKAGE_NAME }}_${{ github.job }}
           path: /tmp/${{ env.TRIMMED_PACKAGE_NAME }}.md

.github/workflows/codeql-analysis.yml

@@ -36,7 +36,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -47,7 +47,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -61,4 +61,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0

.github/workflows/lint.yml

@@ -111,7 +111,7 @@ jobs:
 
       - name: Install Rust tools
         if: always() && steps.lints.outputs.has-rust == 'true'
-        uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8
+        uses: taiki-e/install-action@a86da1a3cb51967612c80d6dc98c5cac03a73025 # v2.47.7
         with:
           tool: just@1.34.0,cargo-hack@0.6.30,clippy-sarif@0.6.5,sarif-fmt@0.6.5
 
@@ -120,7 +120,7 @@ jobs:
 
       - name: Cache Rust dependencies
         if: always() && steps.lints.outputs.has-rust == 'true'
-        uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
+        uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
         with:
           workspaces: ${{ matrix.directory }}
           save-if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
@@ -177,7 +177,7 @@ jobs:
           echo '```' >> $GITHUB_STEP_SUMMARY
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         if: always() && steps.lints.outputs.has-clippy == 'true'
         with:
           sarif_file: ${{ matrix.directory }}/clippy.sarif
@@ -339,10 +339,20 @@ jobs:
       - name: Install SQLFluff
         run: pip install sqlfluff
 
-      - name: SQLFluff
-        run: sqlfluff lint --warn-unused-ignores
+      - name: Run SQL formatter and linter
+        if: ${{ success() || failure() }}
+        run: |
+          if ! sqlfluff lint --warn-unused-ignores; then
+            echo ''
+            echo ''
+            echo 'ℹ️ ℹ️ ℹ️'
+            echo 'Try running `sqlfluff fix` locally to apply autofixes.'
+            echo 'Note, that SQLFluff does not come with `yarn install` and you may need to install it yourself.'
+            echo 'ℹ️ ℹ️ ℹ️'
+            exit 1
+          fi
 
-      - name: Crate SQLFluff annotationss
+      - name: Create SQLFluff annotations
         if: failure() && github.event.pull_request.head.repo.full_name == github.repository
         run: sqlfluff lint --warn-unused-ignores --format github-annotation --write-output annotations.json --annotation-level failure --nofail
 

.github/workflows/renovate.yml

@@ -67,7 +67,7 @@ jobs:
 
       - name: Get token
         id: app-token
-        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1
         with:
           app-id: ${{ steps.secrets.outputs.GITHUB_WORKER_APP_ID }}
           private-key: ${{ steps.secrets.outputs.GITHUB_WORKER_APP_PRIVATE_KEY }}
@@ -83,7 +83,7 @@ jobs:
       - name: Install Node.js
         uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
         with:
-          node-version: 20
+          node-version: 22
 
       - name: Enable corepack
         uses: ./.github/actions/enable-corepack
@@ -124,7 +124,7 @@ jobs:
       - name: Compress renovate cache
         run: tar -czvf $cache_archive -C $cache_dir .
 
-      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
+      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4
         if: env.dry_run == 'disabled' && github.event.inputs.repoCache != 'disabled'
         with:
           name: ${{ env.cache_key }}

.github/workflows/semgrep.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
 
     container:
-      image: returntocorp/semgrep:1.100.0@sha256:7acf76eaa621465588fdfcc84f46fd7ea1e8337ebb1aa1ed6f4685f6eedaec25
+      image: returntocorp/semgrep:1.101.0@sha256:a2917a82fec40f4d165fd701abb3937677b900105f3e909861fa03844a8e00db
 
     # Skip any PR created by Dependabot to avoid permission issues:
     if: (github.actor != 'dependabot[bot]')
@@ -43,7 +43,7 @@ jobs:
           files: "semgrep.sarif"
 
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
-        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         if: steps.sarif_file_check.outputs.files_exists == 'true'
         with:
           sarif_file: semgrep.sarif

.github/workflows/test.yml

@@ -163,7 +163,7 @@ jobs:
 
       - name: Install Rust tools
         if: always() && steps.tests.outputs.has-rust == 'true'
-        uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8
+        uses: taiki-e/install-action@a86da1a3cb51967612c80d6dc98c5cac03a73025 # v2.47.7
         with:
           tool: just@1.34.0,cargo-hack@0.6.30,cargo-nextest@0.9.72,cargo-llvm-cov@0.6.11
 
@@ -172,7 +172,7 @@ jobs:
 
       - name: Cache Rust dependencies
         if: always() && steps.tests.outputs.has-rust == 'true'
-        uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
+        uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
         with:
           workspaces: ${{ matrix.directory }}
           save-if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
@@ -191,7 +191,7 @@ jobs:
       - name: Show disk usage
         run: df -h
 
-      - uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1
+      - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
         name: Upload coverage to https://app.codecov.io/gh/hashintel/hash
         with:
           flags: ${{ env.TRIMMED_PACKAGE_NAME }}
@@ -281,7 +281,7 @@ jobs:
 
       - name: Install Rust tools
         if: steps.tests.outputs.has-rust == 'true'
-        uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8
+        uses: taiki-e/install-action@a86da1a3cb51967612c80d6dc98c5cac03a73025 # v2.47.7
         with:
           tool: just@1.34.0,cargo-hack@0.6.30,cargo-nextest@0.9.72,cargo-llvm-cov@0.6.11
 
@@ -314,7 +314,7 @@ jobs:
 
       - name: Cache Rust dependencies
         if: steps.tests.outputs.has-rust == 'true'
-        uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
+        uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
         with:
           workspaces: ${{ matrix.directory }}
           save-if: ${{ !startsWith(github.ref, 'refs/heads/gh-readonly-queue') }}
@@ -367,7 +367,7 @@ jobs:
       - name: Show disk usage
         run: df -h
 
-      - uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1
+      - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
         name: Upload coverage to https://app.codecov.io/gh/hashintel/hash
         with:
           flags: ${{ env.TRIMMED_PACKAGE_NAME }}
@@ -385,16 +385,16 @@ jobs:
 
       - name: Upload artifact playwright-report
         if: matrix.package == '@tests/hash-playwright' && success() || failure()
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
-          name: ${{ env.TRIMMED_PACKAGE_NAME }}-report
+          name: ${{ env.TRIMMED_PACKAGE_NAME }}_report
           path: tests/hash-playwright/playwright-report
 
       - name: Upload logs
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         if: success() || failure()
         with:
-          name: ${{ env.TRIMMED_PACKAGE_NAME }}-logs
+          name: ${{ env.TRIMMED_PACKAGE_NAME }}_logs
           path: |
             var/api
             var/logs

.gitignore

@@ -1,7 +1,6 @@
 #########################
 ## Keep in sync with
 ##  - .prettierignore
-##  - .markdownlintignore
 ##  - .dockerignore
 #########################
 
@@ -89,6 +88,7 @@ blocks/**/.env
 **/dist
 **/build
 **/target
+**/pkg
 
 # vscode config
 **/.vscode/settings.json

.lefthook.yml

@@ -9,7 +9,7 @@ pre-commit:
     markdownlint:
       tags: frontend style
       glob: "*.md"
-      run: yarn run markdownlint --fix {staged_files} || true
+      run: yarn run markdownlint-cli2 --fix --no-globs {staged_files} || true
       stage_fixed: true
     prettier:
       tags: frontend style

.markdownlint-cli2.jsonc

@@ -0,0 +1,25 @@
+{
+  "$schema": "https://raw.githubusercontent.com/DavidAnson/markdownlint-cli2/v0.16.0/schema/markdownlint-cli2-config-schema.json",
+  "config": {
+    "default": true,
+    "first-line-heading": false,
+    "line-length": false,
+    "list-marker-space": {
+      "ol_multi": 1,
+      "ol_single": 1,
+      "ul_multi": 1,
+      "ul_single": 1,
+    },
+    "no-alt-text": false,
+    "no-bare-urls": false,
+    "no-duplicate-heading": { "siblings_only": true },
+    "no-emphasis-as-heading": false,
+    "no-inline-html": false,
+    "no-trailing-punctuation": false,
+    "ol-prefix": { "style": "one" },
+    "single-title": false,
+  },
+  "gitignore": true,
+  "globs": ["*.md", "**/*.md"],
+  "ignores": ["**/LICENSE*.md"],
+}