Upgrade node to v24 and corresponding dependencies

[hatedabamboo]

Hello there!

We use this extension in our company and I decided to bring some good back by updating the code to support Node 24.

Apart from Node itself, several dependencies were updated to mitigate critical and high vulnerabilities, as well as direct changes (like jest and typescript).

I'm not javascript-savvy, so my interpretation of "this thing still works" is that the tests are passing:

> typescript-action@0.0.0 test
> jest

source: src
 PASS  src/coverage.test.ts
  tests
    ✓ parses average coverage (3 ms)
    ✓ parses average coverage (1 ms)
    ✓ parses coverage as expected when float (7 ms)
    ✓ parses coverage as expected when zero (2 ms)
    ✓ parses source (1 ms)

Test Suites: 1 passed, 1 total
Tests:       5 passed, 5 total
Snapshots:   0 total
Time:        1.808 s, estimated 3 s
Ran all test suites.

[anderssonjohan]

We also use this, so nice to see this PR with the Node20 deprecation one month away!

Here's what Claude thinks about the changes @hatedabamboo:

Should fix

• @types/node is mismatched with the runtime. package.json sets "@types/node": "^22" while the action now runs on Node 24. Bump to ^24 so the type definitions match runtime APIs.
• @vercel/ncc left at ^0.34.0 (released 2022). 0.38.x has explicit Node 22/24 support and is the most likely place a Node 24 bundling regression would surface. Worth bumping while you're already touching
  the toolchain.
• actions/checkout@v3 in .github/workflows/test.yml is itself on the deprecated Node 16 runner. Bump to @v6 (current) — on-topic for "we're modernizing the runtime".
• actions/setup-node@v4 in .github/workflows/test.yml — bump to @v6 while you're at it.
• No build-consistency check in CI. The workflow runs npm run all but doesn't fail when dist/ is out of sync with src/. Typical pattern:

  - run: npm run package
  - run: git diff --exit-code dist/
  This is the standard safety net for JS actions and exactly the kind of bug a runtime bump invites.
  

FYI (not blocking)

• Bundle size more than doubled (dist/index.js: ~634 KB / 11k lines → ~1.46 MB / 35k lines). Cause: transitive updates now bundle undici and @fastify/busboy via @actions/* (verified against dist/licenses.txt).
  Not a defect, but worth a line in the PR description so it doesn't look like an accidental commit.
• Lint toolchain now lags TypeScript. @typescript-eslint/parser@^5 and eslint-plugin-jest@^26 predate TS 5; modern parser is v7/v8, plugin is v27+. ESLint itself is ^8 (EOL Oct 2024). Pre-existing, not introduced
  here, but the natural next step if the spirit is modernization.

Nice to have (for another PR)

• A smoke test that actually loads dist/index.js under the configured runtime would back up the "this thing still works" claim more strongly than the existing string-parsing unit tests, which pass on any Node
  version.

• Pin actions by SHA. actions/checkout@v6 and actions/setup-node@v6 are moving tags. Pinning by full SHA (with the version as a comment) is the OpenSSF Scorecard / supply-chain hygiene recommendation:

  - uses: actions/checkout@<sha>  # v6.x.y
  - uses: actions/setup-node@<sha>  # v6.x.y

  Reasonable people disagree on whether this is necessary for first-party actions/*, but it's free protection and Dependabot updates the SHAs the same way it updates tags.

@orgoro Let us know if you need help testing this maintenance PR.

[orgoro]

Thank you for the contribution! 🙏 The same scope (Node 24 runtime + TypeScript / @types/node / jest stack bump) just landed in v3.3 via #349, so closing this as superseded. Really appreciate you taking the time to send this — sorry it didn't make it in.

[hatedabamboo]

Thanks for the upgrade, @orgoro!