Security hardening, reliability improvements, and test infrastructure

[v1.1.0] – Security hardening, reliability improvements, and test infrastructure

Description
This release strengthens supply chain security, improves the reliability of network and tool installation workflows, and expands the project’s automated test infrastructure. It also includes small GitHub Action interface improvements and macOS installation enhancements.

Upgrade steps

• No special steps required
• Update your workflow to reference v1.1.0
• Use the corrected input name digest-alg

Breaking changes

• None

New features

• Enforced HTTPS for the digicert-cdn download source
• Added SHA-256 checksum verification for downloaded binaries with fail-fast behavior on mismatch
• Introduced retry with exponential backoff for transient network failures
• Added new GitHub Action output for the PKCS#11 config file path
• Expanded test infrastructure to support unit, integration, coverage, and CI runs

Bug fixes

• Fixed typo in the digest-alg input and deprecated the incorrect parameter
• Improved macOS DMG handling to ensure volumes are unmounted even when errors occur
• Improved temporary and cache directory handling for better safety and clarity

Performance improvements

• Added retry with exponential backoff to reduce failures caused by transient network issues
• Installed macOS tools in parallel to speed up setup time
• Improved DMG cleanup to prevent resource leaks

Other changes

• Added secure temporary directory helper to reduce risk from insecure temporary files (CWE-377)
• Updated and expanded dev dependencies for Jest and TypeScript testing, including jest, ts-jest, and nock
• Expanded package.json scripts to support unit, integration, coverage, and CI test workflows

Full changelog

• Merged PR:

• #24
• #26
• #27
• #28