chore(release): 2.4.11

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 12.12.36 to 12.12.37.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

.dependabot/config.yml

@@ -7,3 +7,24 @@ update_configs:
       - "dependencies"
     commit_message:
       prefix: "deps"
+    automerged_updates:
+      - match:
+          dependency_type: "development"
+          # Supported dependency types:
+          # - "development"
+          # - "production"
+          # - "all"
+          update_type: "all"
+          # Supported updates to automerge:
+          # - "security:patch"
+          #   SemVer patch update that fixes a known security vulnerability
+          # - "semver:patch"
+          #   SemVer patch update, e.g. > 1.x && 1.0.1 to 1.0.3
+          # - "semver:minor"
+          #   SemVer minor update, e.g. > 1.x && 2.1.4 to 2.3.1
+          # - "in_range"
+          #   matching the version requirement in your package manifest
+          # - "all"
+      - match:
+          dependency_type: "production"
+          update_type: "semver:patch"

.github/CODEOWNERS

@@ -1,3 +0,0 @@
-# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
-
-* @peaceiris

.github/workflows/stale.yml

@@ -1,17 +0,0 @@
-name: Stale
-
-on:
-  schedule:
-  - cron: "6 6 * * *"
-
-jobs:
-  stale:
-    runs-on: ubuntu-18.04
-    steps:
-    - uses: actions/stale@v1
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        stale-issue-message: 'This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
-        stale-pr-message: 'This pull request is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
-        days-before-stale: 21
-        days-before-close: 7

.github/workflows/test-action.yml

@@ -21,7 +21,6 @@ jobs:
           - true
           - false
     steps:
-
       - uses: actions/checkout@v2
 
       - name: Setup Hugo

.github/workflows/test.yml

@@ -17,7 +17,7 @@ jobs:
   skipci:
     runs-on: ubuntu-18.04
     steps:
-      - run: echo "[Skip CI] ${{ contains(github.event.head_commit.message, '[skip ci]') }}"
+      - run: echo "[skip ci] ${{ contains(github.event.head_commit.message, '[skip ci]') }}"
 
   test:
     runs-on: ${{ matrix.os }}
@@ -29,7 +29,6 @@ jobs:
           - 'macos-latest'
           - 'windows-latest'
     steps:
-
       - uses: actions/checkout@v2
 
       - name: Read .nvmrc
@@ -41,18 +40,7 @@ jobs:
         with:
           node-version: '${{ steps.nvm.outputs.NVMRC }}'
 
-#      - name: Get npm cache directory
-#        id: npm-cache
-#        run: |
-#          echo "::set-output name=dir::$(npm config get cache)"
-#
-#      - name: Cache npm
-#        uses: actions/cache@v1
-#        with:
-#          path: ${{ steps.npm-cache.outputs.dir }}
-#          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-#          restore-keys: |
-#            ${{ runner.os }}-node-
+      - run: npm i -g npm
 
       - run: npm ci
 
@@ -79,15 +67,3 @@ jobs:
       - uses: codecov/codecov-action@v1
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-
-      # - name: Upload test coverage to Coveralls
-      #   uses: coverallsapp/github-action@v1.0.1
-      #   with:
-      #     github-token: ${{ secrets.GITHUB_TOKEN }}
-      #     parallel: true
-
-      # - name: Coveralls Finished
-      #   uses: coverallsapp/github-action@v1.0.1
-      #   with:
-      #     github-token: ${{ secrets.GITHUB_TOKEN }}
-      #     parallel-finished: true

CHANGELOG.md

@@ -2,6 +2,110 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.4.11](https://github.com/peaceiris/actions-hugo/compare/v2.4.10...v2.4.11) (2020-04-29)
+
+
+### ci
+
+* Add npm i -g npm ([9d657ea](https://github.com/peaceiris/actions-hugo/commit/9d657ea2ca451bcaf8c3f9d07b83cabda69cc211))
+* delete Stale workflow ([260f1b8](https://github.com/peaceiris/actions-hugo/commit/260f1b862cb3e9057add124e356f8ad57a19678a))
+* remove unused steps ([85093b6](https://github.com/peaceiris/actions-hugo/commit/85093b6a03b26aa8ff08319f044ca0d9213fd86f))
+
+### deps
+
+* bump @actions/tool-cache from 1.3.3 to 1.3.4 (#280) ([7b0270b](https://github.com/peaceiris/actions-hugo/commit/7b0270bcd541e18f3f8bc7113d5a0b0fd8daa9e7)), closes [#280](https://github.com/peaceiris/actions-hugo/issues/280)
+* bump @types/node from 12.12.35 to 12.12.36 ([e860645](https://github.com/peaceiris/actions-hugo/commit/e860645a6078954ac9977a7a26ec2de1471cc214))
+* bump @types/node from 12.12.36 to 12.12.37 ([163bda6](https://github.com/peaceiris/actions-hugo/commit/163bda68c5ba75a0e100a0a73094de4682f9570f))
+* bump @types/node-fetch from 2.5.6 to 2.5.7 ([fe712b2](https://github.com/peaceiris/actions-hugo/commit/fe712b2ec6b34f70a7a515061b0e3ea0aa5af09e))
+* bump @typescript-eslint/parser from 2.28.0 to 2.30.0 ([3d3730e](https://github.com/peaceiris/actions-hugo/commit/3d3730eab2a06b569b59142cf64c6ffafb65860a))
+* bump jest from 25.3.0 to 25.5.0 ([7747eb7](https://github.com/peaceiris/actions-hugo/commit/7747eb710e4e55e2f0cb438cc77e43a43f454978))
+* bump jest-circus from 25.3.0 to 25.5.0 ([73611a6](https://github.com/peaceiris/actions-hugo/commit/73611a6693297105e7a091829327400099b77f8c))
+* bump lint-staged from 10.1.3 to 10.1.4 ([dac5ba9](https://github.com/peaceiris/actions-hugo/commit/dac5ba9b16d4e2e49568d1f0f5f78edf3ae5ead6))
+* bump lint-staged from 10.1.4 to 10.1.5 ([808c2c1](https://github.com/peaceiris/actions-hugo/commit/808c2c15d159869de692307d7675bc345bf4d5ab))
+* bump lint-staged from 10.1.5 to 10.1.6 ([5cb844d](https://github.com/peaceiris/actions-hugo/commit/5cb844d4a880257a8fae7dd06a754997cc499b7a))
+* bump prettier from 2.0.4 to 2.0.5 ([f9bbc5a](https://github.com/peaceiris/actions-hugo/commit/f9bbc5a9ad3363924f05399d86ead5457da0d10f))
+* bump ts-jest from 25.3.1 to 25.4.0 ([4d44414](https://github.com/peaceiris/actions-hugo/commit/4d4441466ca7b6b69af762b07ac8649d918c9aca))
+
+### docs
+
+* Add link for the first deployment ([08ce241](https://github.com/peaceiris/actions-hugo/commit/08ce2418260b67becef3f05f3a2e0199616c018d))
+
+
+
+## [2.4.10](https://github.com/peaceiris/actions-hugo/compare/v2.4.9...v2.4.10) (2020-04-15)
+
+
+### ci
+
+* Add automerged_updates ([4dadc2d](https://github.com/peaceiris/actions-hugo/commit/4dadc2dfbecb8c904f81871878c4dc7b9bfa8873))
+* Add dependabot for auto-merging ([abb5843](https://github.com/peaceiris/actions-hugo/commit/abb58435605439b55727e3598e6f08d053379bba))
+* add push event ([336da8a](https://github.com/peaceiris/actions-hugo/commit/336da8a2f242b90555daa9e99f8e8506db23b8b7))
+* delete CODEOWNERS ([02db58a](https://github.com/peaceiris/actions-hugo/commit/02db58a779ac5de54af22f4b3a34c8db4fc5b646))
+
+### deps
+
+* bump @types/jest from 25.1.5 to 25.2.1 (#253) ([3498de4](https://github.com/peaceiris/actions-hugo/commit/3498de4687459e7dc0d7896ba9c1c1cbdfc6a2e9)), closes [#253](https://github.com/peaceiris/actions-hugo/issues/253)
+* bump @types/node from 12.12.34 to 12.12.35 ([fe90d2f](https://github.com/peaceiris/actions-hugo/commit/fe90d2f50f871eac7412103f3d63fd729e9c97ff))
+* bump @types/node-fetch from 2.5.5 to 2.5.6 ([0815b8f](https://github.com/peaceiris/actions-hugo/commit/0815b8fb73cfc7f2db243f99638e2fe278c47d71))
+* bump @typescript-eslint/eslint-plugin from 2.26.0 to 2.27.0 ([ea8d9db](https://github.com/peaceiris/actions-hugo/commit/ea8d9dba187dda369903a3f06c3a66d0c282402d))
+* bump @typescript-eslint/eslint-plugin from 2.27.0 to 2.28.0 ([506aedd](https://github.com/peaceiris/actions-hugo/commit/506aeddc3aecc241027b6a0bc274f31549a0d38c))
+* bump @typescript-eslint/parser from 2.26.0 to 2.27.0 ([acacbff](https://github.com/peaceiris/actions-hugo/commit/acacbff003c46f1865df3bf05a6e88665f6c157a))
+* bump @typescript-eslint/parser from 2.27.0 to 2.28.0 ([009b47c](https://github.com/peaceiris/actions-hugo/commit/009b47c399ca8d8a8170d40e272f66b519895ab7))
+* bump @zeit/ncc from 0.22.0 to 0.22.1 ([c66d90a](https://github.com/peaceiris/actions-hugo/commit/c66d90a3b24b74215c0a55631acdd167572cf68a))
+* bump git from 2.26.0 to 2.26.1 (#269) ([05899bf](https://github.com/peaceiris/actions-hugo/commit/05899bf3aae5fe39b476e558d615dab85ebbdef0)), closes [#269](https://github.com/peaceiris/actions-hugo/issues/269)
+* bump husky from 4.2.3 to 4.2.4 ([3fce776](https://github.com/peaceiris/actions-hugo/commit/3fce7767508b7b22db2e8fbbe08c3bec09f8f1f9))
+* bump husky from 4.2.4 to 4.2.5 ([cb7cd1e](https://github.com/peaceiris/actions-hugo/commit/cb7cd1e26db8fdc27cfcf859b78ee4b9220df99c))
+* bump jest from 25.2.7 to 25.3.0 ([a75d5eb](https://github.com/peaceiris/actions-hugo/commit/a75d5eb670d46782f396aec949a7a37fc2c26f7f))
+* bump jest-circus from 25.2.7 to 25.3.0 ([62ebf73](https://github.com/peaceiris/actions-hugo/commit/62ebf73d5f66b7a5e158e367402d920713349931))
+* bump lint-staged from 10.1.1 to 10.1.2 ([7eea088](https://github.com/peaceiris/actions-hugo/commit/7eea08803f6a63bc1b101e690815483256fb3598))
+* bump lint-staged from 10.1.2 to 10.1.3 ([4ea3b50](https://github.com/peaceiris/actions-hugo/commit/4ea3b500e2cbc247244e1681c42719eefc0f1f7f))
+* bump prettier from 2.0.2 to 2.0.4 ([ea60fc1](https://github.com/peaceiris/actions-hugo/commit/ea60fc1ec2355decbf7b1aa5e841992163b23fa6))
+
+### docs
+
+* Add fetch-depth 0 ([c55729f](https://github.com/peaceiris/actions-hugo/commit/c55729fbd130889796da92d7859188dbbad0e32a))
+* bump hugo to 0.68.3 ([949a480](https://github.com/peaceiris/actions-hugo/commit/949a480ff9a3e04d4baaa1197e745dee7ca21a2b))
+
+
+
+## [2.4.9](https://github.com/peaceiris/actions-hugo/compare/v2.4.8...v2.4.9) (2020-04-03)
+
+
+### chore
+
+* remove extra line [skip ci] (#239) ([b5b805b](https://github.com/peaceiris/actions-hugo/commit/b5b805beb99c69f65aee66539aa24ea533c83a34)), closes [#239](https://github.com/peaceiris/actions-hugo/issues/239)
+
+### ci
+
+* comment out push event [skip ci] ([c34a46e](https://github.com/peaceiris/actions-hugo/commit/c34a46e748f8122acf9951ab042887d3eecea3fe))
+* npm audit fix ([9229d6e](https://github.com/peaceiris/actions-hugo/commit/9229d6ea61a701010ce3a89cf6ab37bc33b163de))
+
+### deps
+
+* bump @types/jest from 25.1.4 to 25.1.5 ([f5dac6e](https://github.com/peaceiris/actions-hugo/commit/f5dac6efe37fa47776500cfec0fa75b9f913cd4b))
+* bump @types/node from 12.12.31 to 12.12.32 ([050ab4f](https://github.com/peaceiris/actions-hugo/commit/050ab4fa3cac4e36e51f7b95d33e1cb19cc87921))
+* bump @types/node from 12.12.32 to 12.12.34 ([f73a43a](https://github.com/peaceiris/actions-hugo/commit/f73a43a95bc9d30eb22c2b87eea4cd76609863f0))
+* bump @typescript-eslint/eslint-plugin from 2.25.0 to 2.26.0 ([5a904d4](https://github.com/peaceiris/actions-hugo/commit/5a904d42d558d16a4ba79c0ec28da41ba8303900))
+* bump @typescript-eslint/parser from 2.25.0 to 2.26.0 ([0b1622d](https://github.com/peaceiris/actions-hugo/commit/0b1622da20405a63cd46c25ddb11cdb7a79fe6d9))
+* bump jest from 25.2.3 to 25.2.4 ([050785a](https://github.com/peaceiris/actions-hugo/commit/050785a91cf309a578671ef29ef93491d89a2414))
+* bump jest from 25.2.4 to 25.2.6 ([d242ef0](https://github.com/peaceiris/actions-hugo/commit/d242ef0982267bae74be58f9aa0da578e57e801c))
+* bump jest from 25.2.6 to 25.2.7 ([43a340f](https://github.com/peaceiris/actions-hugo/commit/43a340f6cd1dd9ae05d83be0a4ef097a6308687c))
+* bump jest-circus from 25.2.3 to 25.2.4 ([6486bc9](https://github.com/peaceiris/actions-hugo/commit/6486bc9a783f4c9394d41e848df7d3a206540b2b))
+* bump jest-circus from 25.2.4 to 25.2.6 ([86cd995](https://github.com/peaceiris/actions-hugo/commit/86cd9953223bb8bc1049645c64b22e00594e2dde))
+* bump jest-circus from 25.2.6 to 25.2.7 ([add0e7c](https://github.com/peaceiris/actions-hugo/commit/add0e7c0517a4da4b6cf9eaf2bc41225c72f6e6c))
+* bump lint-staged from 10.0.10 to 10.1.0 ([c581b13](https://github.com/peaceiris/actions-hugo/commit/c581b131a63d283423756e0e72c9f4d316b99258))
+* bump lint-staged from 10.0.9 to 10.0.10 ([e04f62b](https://github.com/peaceiris/actions-hugo/commit/e04f62b1a543ca757ca4db2ec74c52a9a500cbd2))
+* bump lint-staged from 10.1.0 to 10.1.1 ([8a97893](https://github.com/peaceiris/actions-hugo/commit/8a97893cfe21fd03db36a5e406dc16ef1b129cb5))
+* bump ts-jest from 25.2.1 to 25.3.0 ([72aae03](https://github.com/peaceiris/actions-hugo/commit/72aae0311c83d3064efa311c4ab8d3ee617c8929))
+* bump ts-jest from 25.3.0 to 25.3.1 ([a6a0f2f](https://github.com/peaceiris/actions-hugo/commit/a6a0f2f7a8d6186ba698daee4f62018cc9c7cffc))
+* npm audit fix ([c80eb16](https://github.com/peaceiris/actions-hugo/commit/c80eb16e094405a99316e90ad2cd0eedbe08f459))
+
+### docs
+
+* Add link to interview (#234) ([ce3c331](https://github.com/peaceiris/actions-hugo/commit/ce3c3313741e14aceee0972bd1747b6606d6b4a0)), closes [#234](https://github.com/peaceiris/actions-hugo/issues/234)
+
+
+
 ## [2.4.8](https://github.com/peaceiris/actions-hugo/compare/v2.4.7...v2.4.8) (2020-03-27)
 
 

Dockerfile

@@ -13,7 +13,7 @@ RUN apt-get update && \
     rm -rf /var/lib/apt/lists/*
 
 WORKDIR /git
-ENV GIT_VERSION="2.26.0"
+ENV GIT_VERSION="2.26.1"
 RUN wget -q "https://github.com/git/git/archive/v${GIT_VERSION}.tar.gz" && \
     tar -zxf "./v${GIT_VERSION}.tar.gz" && \
     rm "./v${GIT_VERSION}.tar.gz" && \

README.md

@@ -61,15 +61,13 @@ Thanks to this change, we can complete this action in less than a few seconds.
 
 ### ⭐️ Create your workflow
 
-An example workflow `.github/workflows/gh-pages.yml` with [GitHub Actions for GitHub Pages]
+An example workflow `.github/workflows/gh-pages.yml` with [GitHub Actions for GitHub Pages].
+For the first deployment, we have to do this operation: [First Deployment with `GITHUB_TOKEN` - peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages#%EF%B8%8F-first-deployment-with-github_token)
 
 [GitHub Actions for GitHub Pages]: https://github.com/peaceiris/actions-gh-pages
 
 [![peaceiris/actions-gh-pages - GitHub](https://gh-card.dev/repos/peaceiris/actions-gh-pages.svg?fullname)](https://github.com/peaceiris/actions-gh-pages)
 
-![peaceiris/actions-hugo latest version](https://img.shields.io/github/release/peaceiris/actions-hugo.svg?label=peaceiris%2Factions-hugo)
-![peaceiris/actions-gh-pages latest version](https://img.shields.io/github/release/peaceiris/actions-gh-pages.svg?label=peaceiris%2Factions-gh-pages)
-
 ```yaml
 name: github pages
 
@@ -84,12 +82,13 @@ jobs:
     steps:
       - uses: actions/checkout@v2
         with:
-          submodules: true
+          submodules: true  # Fetch Hugo themes
+          fetch-depth: 0    # Fetch all history for .GitInfo and .Lastmod
 
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@v2
         with:
-          hugo-version: '0.62.2'
+          hugo-version: '0.68.3'
           # extended: true
 
       - name: Build
@@ -118,7 +117,7 @@ Set `extended: true` to use a Hugo extended version.
 - name: Setup Hugo
   uses: peaceiris/actions-hugo@v2
   with:
-    hugo-version: '0.62.2'
+    hugo-version: '0.68.3'
     extended: true
 ```
 
@@ -150,7 +149,7 @@ How to sync a Hugo version between a Docker Compose and a GitHub Actions workflo
 Write a `HUGO_VERSION` to the `.env` file like the following and push it to a remote branch.
 
 ```sh
-HUGO_VERSION=0.62.2
+HUGO_VERSION=0.68.3
 ```
 
 Next, add a step to read a Hugo version from the `.env` file.
@@ -216,6 +215,7 @@ The alpine base Hugo Docker image is provided on the following repository.
 ## About Maintainer
 
 - [peaceiris homepage](https://peaceiris.com/)
+- [GitHub Action Hero: Shohei Ueda - The GitHub Blog](https://github.blog/2020-03-22-github-action-hero-shohei-ueda/)
 
 
 

lib/index.js

@@ -3943,6 +3943,7 @@ var HttpCodes;
     HttpCodes[HttpCodes["RequestTimeout"] = 408] = "RequestTimeout";
     HttpCodes[HttpCodes["Conflict"] = 409] = "Conflict";
     HttpCodes[HttpCodes["Gone"] = 410] = "Gone";
+    HttpCodes[HttpCodes["TooManyRequests"] = 429] = "TooManyRequests";
     HttpCodes[HttpCodes["InternalServerError"] = 500] = "InternalServerError";
     HttpCodes[HttpCodes["NotImplemented"] = 501] = "NotImplemented";
     HttpCodes[HttpCodes["BadGateway"] = 502] = "BadGateway";
@@ -3967,8 +3968,18 @@ function getProxyUrl(serverUrl) {
     return proxyUrl ? proxyUrl.href : '';
 }
 exports.getProxyUrl = getProxyUrl;
-const HttpRedirectCodes = [HttpCodes.MovedPermanently, HttpCodes.ResourceMoved, HttpCodes.SeeOther, HttpCodes.TemporaryRedirect, HttpCodes.PermanentRedirect];
-const HttpResponseRetryCodes = [HttpCodes.BadGateway, HttpCodes.ServiceUnavailable, HttpCodes.GatewayTimeout];
+const HttpRedirectCodes = [
+    HttpCodes.MovedPermanently,
+    HttpCodes.ResourceMoved,
+    HttpCodes.SeeOther,
+    HttpCodes.TemporaryRedirect,
+    HttpCodes.PermanentRedirect
+];
+const HttpResponseRetryCodes = [
+    HttpCodes.BadGateway,
+    HttpCodes.ServiceUnavailable,
+    HttpCodes.GatewayTimeout
+];
 const RetryableHttpVerbs = ['OPTIONS', 'GET', 'DELETE', 'HEAD'];
 const ExponentialBackoffCeiling = 10;
 const ExponentialBackoffTimeSlice = 5;
@@ -4093,18 +4104,22 @@ class HttpClient {
      */
     async request(verb, requestUrl, data, headers) {
         if (this._disposed) {
-            throw new Error("Client has already been disposed.");
+            throw new Error('Client has already been disposed.');
         }
         let parsedUrl = url.parse(requestUrl);
         let info = this._prepareRequest(verb, parsedUrl, headers);
         // Only perform retries on reads since writes may not be idempotent.
-        let maxTries = (this._allowRetries && RetryableHttpVerbs.indexOf(verb) != -1) ? this._maxRetries + 1 : 1;
+        let maxTries = this._allowRetries && RetryableHttpVerbs.indexOf(verb) != -1
+            ? this._maxRetries + 1
+            : 1;
         let numTries = 0;
         let response;
         while (numTries < maxTries) {
             response = await this.requestRaw(info, data);
             // Check if it's an authentication challenge
-            if (response && response.message && response.message.statusCode === HttpCodes.Unauthorized) {
+            if (response &&
+                response.message &&
+                response.message.statusCode === HttpCodes.Unauthorized) {
                 let authenticationHandler;
                 for (let i = 0; i < this.handlers.length; i++) {
                     if (this.handlers[i].canHandleAuthentication(response)) {
@@ -4122,21 +4137,32 @@ class HttpClient {
                 }
             }
             let redirectsRemaining = this._maxRedirects;
-            while (HttpRedirectCodes.indexOf(response.message.statusCode) != -1
-                && this._allowRedirects
-                && redirectsRemaining > 0) {
-                const redirectUrl = response.message.headers["location"];
+            while (HttpRedirectCodes.indexOf(response.message.statusCode) != -1 &&
+                this._allowRedirects &&
+                redirectsRemaining > 0) {
+                const redirectUrl = response.message.headers['location'];
                 if (!redirectUrl) {
                     // if there's no location to redirect to, we won't
                     break;
                 }
                 let parsedRedirectUrl = url.parse(redirectUrl);
-                if (parsedUrl.protocol == 'https:' && parsedUrl.protocol != parsedRedirectUrl.protocol && !this._allowRedirectDowngrade) {
-                    throw new Error("Redirect from HTTPS to HTTP protocol. This downgrade is not allowed for security reasons. If you want to allow this behavior, set the allowRedirectDowngrade option to true.");
+                if (parsedUrl.protocol == 'https:' &&
+                    parsedUrl.protocol != parsedRedirectUrl.protocol &&
+                    !this._allowRedirectDowngrade) {
+                    throw new Error('Redirect from HTTPS to HTTP protocol. This downgrade is not allowed for security reasons. If you want to allow this behavior, set the allowRedirectDowngrade option to true.');
                 }
                 // we need to finish reading the response before reassigning response
                 // which will leak the open socket.
                 await response.readBody();
+                // strip authorization header if redirected to a different hostname
+                if (parsedRedirectUrl.hostname !== parsedUrl.hostname) {
+                    for (let header in headers) {
+                        // header names are case insensitive
+                        if (header.toLowerCase() === 'authorization') {
+                            delete headers[header];
+                        }
+                    }
+                }
                 // let's make the request with the new redirectUrl
                 info = this._prepareRequest(verb, parsedRedirectUrl, headers);
                 response = await this.requestRaw(info, data);
@@ -4187,8 +4213,8 @@ class HttpClient {
      */
     requestRawWithCallback(info, data, onResult) {
         let socket;
-        if (typeof (data) === 'string') {
-            info.options.headers["Content-Length"] = Buffer.byteLength(data, 'utf8');
+        if (typeof data === 'string') {
+            info.options.headers['Content-Length'] = Buffer.byteLength(data, 'utf8');
         }
         let callbackCalled = false;
         let handleResult = (err, res) => {
@@ -4201,7 +4227,7 @@ class HttpClient {
             let res = new HttpClientResponse(msg);
             handleResult(null, res);
         });
-        req.on('socket', (sock) => {
+        req.on('socket', sock => {
             socket = sock;
         });
         // If we ever get disconnected, we want the socket to timeout eventually
@@ -4216,10 +4242,10 @@ class HttpClient {
             // res should have headers
             handleResult(err, null);
         });
-        if (data && typeof (data) === 'string') {
+        if (data && typeof data === 'string') {
             req.write(data, 'utf8');
         }
-        if (data && typeof (data) !== 'string') {
+        if (data && typeof data !== 'string') {
             data.on('close', function () {
                 req.end();
             });
@@ -4246,31 +4272,34 @@ class HttpClient {
         const defaultPort = usingSsl ? 443 : 80;
         info.options = {};
         info.options.host = info.parsedUrl.hostname;
-        info.options.port = info.parsedUrl.port ? parseInt(info.parsedUrl.port) : defaultPort;
-        info.options.path = (info.parsedUrl.pathname || '') + (info.parsedUrl.search || '');
+        info.options.port = info.parsedUrl.port
+            ? parseInt(info.parsedUrl.port)
+            : defaultPort;
+        info.options.path =
+            (info.parsedUrl.pathname || '') + (info.parsedUrl.search || '');
         info.options.method = method;
         info.options.headers = this._mergeHeaders(headers);
         if (this.userAgent != null) {
-            info.options.headers["user-agent"] = this.userAgent;
+            info.options.headers['user-agent'] = this.userAgent;
         }
         info.options.agent = this._getAgent(info.parsedUrl);
         // gives handlers an opportunity to participate
         if (this.handlers) {
-            this.handlers.forEach((handler) => {
+            this.handlers.forEach(handler => {
                 handler.prepareRequest(info.options);
             });
         }
         return info;
     }
     _mergeHeaders(headers) {
-        const lowercaseKeys = obj => Object.keys(obj).reduce((c, k) => (c[k.toLowerCase()] = obj[k], c), {});
+        const lowercaseKeys = obj => Object.keys(obj).reduce((c, k) => ((c[k.toLowerCase()] = obj[k]), c), {});
         if (this.requestOptions && this.requestOptions.headers) {
             return Object.assign({}, lowercaseKeys(this.requestOptions.headers), lowercaseKeys(headers));
         }
         return lowercaseKeys(headers || {});
     }
     _getExistingOrDefaultHeader(additionalHeaders, header, _default) {
-        const lowercaseKeys = obj => Object.keys(obj).reduce((c, k) => (c[k.toLowerCase()] = obj[k], c), {});
+        const lowercaseKeys = obj => Object.keys(obj).reduce((c, k) => ((c[k.toLowerCase()] = obj[k]), c), {});
         let clientHeader;
         if (this.requestOptions && this.requestOptions.headers) {
             clientHeader = lowercaseKeys(this.requestOptions.headers)[header];
@@ -4308,7 +4337,7 @@ class HttpClient {
                     proxyAuth: proxyUrl.auth,
                     host: proxyUrl.hostname,
                     port: proxyUrl.port
-                },
+                }
             };
             let tunnelAgent;
             const overHttps = proxyUrl.protocol === 'https:';
@@ -4335,7 +4364,9 @@ class HttpClient {
             // we don't want to set NODE_TLS_REJECT_UNAUTHORIZED=0 since that will affect request for entire process
             // http.RequestOptions doesn't expose a way to modify RequestOptions.agent.options
             // we have to cast it to any and change it directly
-            agent.options = Object.assign(agent.options || {}, { rejectUnauthorized: false });
+            agent.options = Object.assign(agent.options || {}, {
+                rejectUnauthorized: false
+            });
         }
         return agent;
     }
@@ -4396,7 +4427,7 @@ class HttpClient {
                     msg = contents;
                 }
                 else {
-                    msg = "Failed request: (" + statusCode + ")";
+                    msg = 'Failed request: (' + statusCode + ')';
                 }
                 let err = new Error(msg);
                 // attach statusCode and body obj (if available) to the error object
@@ -6527,12 +6558,10 @@ function getProxyUrl(reqUrl) {
     }
     let proxyVar;
     if (usingSsl) {
-        proxyVar = process.env["https_proxy"] ||
-            process.env["HTTPS_PROXY"];
+        proxyVar = process.env['https_proxy'] || process.env['HTTPS_PROXY'];
     }
     else {
-        proxyVar = process.env["http_proxy"] ||
-            process.env["HTTP_PROXY"];
+        proxyVar = process.env['http_proxy'] || process.env['HTTP_PROXY'];
     }
     if (proxyVar) {
         proxyUrl = url.parse(proxyVar);
@@ -6544,7 +6573,7 @@ function checkBypass(reqUrl) {
     if (!reqUrl.hostname) {
         return false;
     }
-    let noProxy = process.env["no_proxy"] || process.env["NO_PROXY"] || '';
+    let noProxy = process.env['no_proxy'] || process.env['NO_PROXY'] || '';
     if (!noProxy) {
         return false;
     }
@@ -6565,7 +6594,10 @@ function checkBypass(reqUrl) {
         upperReqHosts.push(`${upperReqHosts[0]}:${reqPort}`);
     }
     // Compare request host against noproxy
-    for (let upperNoProxyItem of noProxy.split(',').map(x => x.trim().toUpperCase()).filter(x => x)) {
+    for (let upperNoProxyItem of noProxy
+        .split(',')
+        .map(x => x.trim().toUpperCase())
+        .filter(x => x)) {
         if (upperReqHosts.some(x => x === upperNoProxyItem)) {
             return true;
         }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "actions-hugo",
-  "version": "2.4.8",
+  "version": "2.4.11",
   "description": "GitHub Actions for Hugo",
   "main": "lib/index.js",
   "engines": {
@@ -54,26 +54,26 @@
     "@actions/core": "^1.2.3",
     "@actions/exec": "^1.0.3",
     "@actions/io": "^1.0.2",
-    "@actions/tool-cache": "^1.3.3",
+    "@actions/tool-cache": "^1.3.4",
     "node-fetch": "^2.6.0"
   },
   "devDependencies": {
-    "@types/jest": "^25.1.4",
+    "@types/jest": "^25.2.1",
     "@types/node": "~12",
-    "@types/node-fetch": "^2.5.5",
-    "@typescript-eslint/eslint-plugin": "^2.25.0",
-    "@typescript-eslint/parser": "^2.25.0",
-    "@zeit/ncc": "^0.22.0",
+    "@types/node-fetch": "^2.5.7",
+    "@typescript-eslint/eslint-plugin": "^2.28.0",
+    "@typescript-eslint/parser": "^2.30.0",
+    "@zeit/ncc": "^0.22.1",
     "eslint": "^6.8.0",
     "eslint-plugin-jest": "^23.8.2",
-    "husky": "^4.2.3",
-    "jest": "^25.2.3",
-    "jest-circus": "^25.2.3",
-    "lint-staged": "^10.0.9",
+    "husky": "^4.2.5",
+    "jest": "^25.5.0",
+    "jest-circus": "^25.5.0",
+    "lint-staged": "^10.1.6",
     "nock": "^12.0.3",
-    "prettier": "2.0.2",
+    "prettier": "2.0.5",
     "standard-version": "^7.1.0",
-    "ts-jest": "^25.2.1",
+    "ts-jest": "^25.4.0",
     "typescript": "^3.8.3"
   }
 }