fix: replace azure-devops-node-api with direct REST calls

[joshjohanning]

Summary

Removes the azure-devops-node-api dependency and replaces all SDK usage with direct fetch calls to the Azure DevOps REST API.

Problem

The azure-devops-node-api SDK and its typed-rest-client dependency use the deprecated url.parse() API, causing DEP0169 warnings on Node 22+ (microsoft/azure-devops-node-api#664). Even the latest versions of both packages have not fixed this, and the upstream issue is still in triage.

Solution

Rather than monkey-patching process.emitWarning to suppress the warning, this PR removes the root cause by replacing the SDK with direct REST API calls using Node's built-in fetch. The action already used fetch + Basic auth for the data provider query, so this makes the codebase consistent.

Changes

• src/link-work-item.js: Replace SDK calls with azureDevOpsRequest() helper using fetch
• src/main.js: Same migration (legacy file, kept consistent)
• __tests__/link-work-item.test.js: Replace SDK mocks with fetch mocks, add content-type assertion for PATCH
• package.json: Remove azure-devops-node-api dependency, bump to 4.1.4

Benefits

• ✅ Fixes DEP0169 warning at its root
• ✅ 70% bundle size reduction (4,254kB → 1,264kB)
• ✅ Removes heavy transitive dependency tree (typed-rest-client, tunnel, etc.)
• ✅ Zero behavior change — same API surface and error handling

Closes #191

[Copilot]

Pull request overview

This PR removes the azure-devops-node-api SDK dependency and migrates the Azure DevOps integration to direct REST API calls via Node’s built-in fetch, addressing the DEP0169 warnings on Node 22+ and reducing bundle size.

Changes:

• Replaced Azure DevOps SDK usage with a small fetch-based REST helper in the work-item linking logic.
• Updated Jest tests to mock fetch instead of the SDK and added an assertion for JSON Patch content type.
• Removed azure-devops-node-api from dependencies and bumped the package version to 4.1.4 (with lockfile + coverage badge updates).

Show a summary per file

File	Description
src/link-work-item.js	Migrates work item linking/lookup to fetch via a new REST helper.
src/main.js	Applies the same REST-based approach for consistency with the legacy module.
tests/link-work-item.test.js	Reworks mocks to use fetch and validates PATCH content type.
package.json	Removes azure-devops-node-api dependency and bumps version to 4.1.4.
package-lock.json	Updates lockfile to reflect dependency removal and version bump.
badges/coverage.svg	Updates the generated coverage badge.

Copilot's findings

Comments suppressed due to low confidence (2)

src/link-work-item.js:145

• If the PATCH request to link the PR fails for reasons other than "already exists", the error is rethrown and then handled by the outer catch which calls core.setFailed('Failed to retrieve internalRepoId!'). At that point internalRepoId has already been retrieved successfully, so this failure message is misleading. Consider handling PATCH failures separately (e.g., setFailed with a "Failed to link PR to work item" message, or throw a new error that preserves context) so users get an accurate error.

        await azureDevOpsRequest(
          `https://dev.azure.com/${devOpsOrg}/_apis/wit/workitems/${workItemId}?$expand=relations&api-version=7.1`,
          azToken,
          {
            method: 'PATCH',
            headers: { 'Content-Type': 'application/json-patch+json' },
            body: JSON.stringify(patchDoc)
          }
        );
        core.info('... success!');
      } catch (exception) {
        const errorMessage = exception.toString();
        if (-1 !== errorMessage.indexOf('already exists')) {
          core.info('... (already exists) ...');
        } else {
          throw exception;
        }
      }

src/main.js:145

• If the PATCH request to link the PR fails for reasons other than "already exists", the error is rethrown and then handled by the outer catch which calls core.setFailed('Failed to retrieve internalRepoId!'). Since internalRepoId was already resolved, this message is misleading. Consider handling PATCH failures separately (or rethrowing a contextualized error) so the reported failure matches the real cause.

        await azureDevOpsRequest(
          `https://dev.azure.com/${devOpsOrg}/_apis/wit/workitems/${workItemId}?$expand=relations&api-version=7.1`,
          azToken,
          {
            method: 'PATCH',
            headers: { 'Content-Type': 'application/json-patch+json' },
            body: JSON.stringify(patchDoc)
          }
        );
        core.info('... success!');
      } catch (exception) {
        const errorMessage = exception.toString();
        if (-1 !== errorMessage.indexOf('already exists')) {
          core.info('... (already exists) ...');
        } else {
          throw exception;
        }
      }

• Files reviewed: 4/6 changed files
• Comments generated: 2

[github-actions]

📦 Draft Release Created

A draft release v4.1.5 has been created for this PR.

🔗 View Draft Release

Next Steps

• Review the release notes
• Publish the release to make it permanent

This is an automated reminder from the publish-github-action workflow.