github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-01 17:22:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3776 from github/update-v4.35.0-0078ad667

Browse Source 
Merge main into releases/v4
This commit is contained in:
Óscar San José
2026-03-27 13:11:18 +01:00
committed by GitHub
parent 3869755554 e9cf68bb33
commit b8bb9f28b8
47 changed files with 7312 additions and 5492 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/actions/release-branches/action.yml vendored
View File

@@ -22,7 +22,8 @@ runs:
MAJOR_VERSION: ${{ inputs.major_version }}
LATEST_TAG: ${{ inputs.latest_tag }}
run: |
python ${{ github.action_path }}/release-branches.py \
npm ci
npx tsx ./pr-checks/release-branches.ts \
--major-version "$MAJOR_VERSION" \
--latest-tag "$LATEST_TAG"
shell: bash

55
.github/actions/release-branches/release-branches.py vendored
View File

@@ -1,55 +0,0 @@
import argparse
import json
import os
import configparser
# Name of the remote
ORIGIN = 'origin'
script_dir = os.path.dirname(os.path.realpath(__file__))
grandparent_dir = os.path.dirname(os.path.dirname(script_dir))
config = configparser.ConfigParser()
with open(os.path.join(grandparent_dir, 'releases.ini')) as stream:
config.read_string('[default]\n' + stream.read())
OLDEST_SUPPORTED_MAJOR_VERSION = int(config['default']['OLDEST_SUPPORTED_MAJOR_VERSION'])
def main():
parser = argparse.ArgumentParser()
parser.add_argument("--major-version", required=True, type=str, help="The major version of the release")
parser.add_argument("--latest-tag", required=True, type=str, help="The most recent tag published to the repository")
args = parser.parse_args()
major_version = args.major_version
latest_tag = args.latest_tag
print("major_version: " + major_version)
print("latest_tag: " + latest_tag)
# If this is a primary release, we backport to all supported branches,
# so we check whether the major_version taken from the package.json
# is greater than or equal to the latest tag pulled from the repo.
# For example...
# 'v1' >= 'v2' is False # we're operating from an older release branch and should not backport
# 'v2' >= 'v2' is True # the normal case where we're updating the current version
# 'v3' >= 'v2' is True # in this case we are making the first release of a new major version
consider_backports = ( major_version >= latest_tag.split(".")[0] )
with open(os.environ["GITHUB_OUTPUT"], "a") as f:
f.write(f"backport_source_branch=releases/{major_version}\n")
backport_target_branches = []
if consider_backports:
for i in range(int(major_version.strip("v"))-1, 0, -1):
branch_name = f"releases/v{i}"
if i >= OLDEST_SUPPORTED_MAJOR_VERSION:
backport_target_branches.append(branch_name)
f.write("backport_target_branches="+json.dumps(backport_target_branches)+"\n")
if __name__ == "__main__":
main()

6
.github/actions/release-initialise/action.yml vendored
View File

@@ -15,6 +15,12 @@ runs:
run: echo "$GITHUB_CONTEXT"
shell: bash
- name: Set up Node
uses: actions/setup-node@v6
with:
node-version: 20
cache: 'npm'
- name: Set up Python
uses: actions/setup-python@v6
with:

1
.github/releases.ini vendored
View File

@@ -1 +0,0 @@
OLDEST_SUPPORTED_MAJOR_VERSION=3

2
.github/workflows/__rubocop-multi-language.yml generated vendored
View File

@@ -59,7 +59,7 @@ jobs:
use-all-platform-bundle: 'false'
setup-kotlin: 'true'
- name: Set up Ruby
uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
uses: ruby/setup-ruby@319994f95fa847cf3fb3cd3dbe89f6dcde9f178f # v1.295.0
with:
ruby-version: 2.6
- name: Install Code Scanning integration

64
.github/workflows/script/update-required-checks.sh vendored
View File

@@ -1,64 +0,0 @@
#!/usr/bin/env bash
# Update the required checks based on the current branch.
set -euo pipefail
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
REPO_DIR="$(dirname "$SCRIPT_DIR")"
GRANDPARENT_DIR="$(dirname "$REPO_DIR")"
source "$GRANDPARENT_DIR/releases.ini"
if ! gh auth status 2>/dev/null; then
gh auth status
echo "Failed: Not authorized. This script requires admin access to github/codeql-action through the gh CLI."
exit 1
fi
if [ "$#" -eq 1 ]; then
# If we were passed an argument, use that as the SHA
GITHUB_SHA="$1"
elif [ "$#" -gt 1 ]; then
echo "Usage: $0 [SHA]"
echo "Update the required checks based on the SHA, or main."
exit 1
elif [ -z "$GITHUB_SHA" ]; then
# If we don't have a SHA, use main
GITHUB_SHA="$(git rev-parse main)"
fi
echo "Getting checks for $GITHUB_SHA"
# Ignore any checks with "https://", CodeQL, LGTM, Update, and ESLint checks.
CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs.[] | select(.conclusion != "skipped") | .name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("ESLint") or contains("update") or contains("test-setup-python-scripts") or . == "Agent" or . == "Cleanup artifacts" or . == "Prepare" or . == "Upload results" or . == "Label PR with size" | not)] | unique | sort')"
echo "$CHECKS" | jq
# Fail if there are no checks
if [ -z "$CHECKS" ] || [ "$(echo "$CHECKS" | jq '. | length')" -eq 0 ]; then
echo "No checks found for $GITHUB_SHA"
exit 1
fi
echo "{\"contexts\": ${CHECKS}}" > checks.json
echo "Updating main"
gh api --silent -X "PATCH" "repos/github/codeql-action/branches/main/protection/required_status_checks" --input checks.json
# list all branchs on origin remote matching releases/v*
BRANCHES="$(git ls-remote --heads origin 'releases/v*' | sed 's?.*refs/heads/??' | sort -V)"
for BRANCH in $BRANCHES; do
# strip exact 'releases/v' prefix from $BRANCH using count of characters
VERSION="${BRANCH:10}"
if [ "$VERSION" -lt "$OLDEST_SUPPORTED_MAJOR_VERSION" ]; then
echo "Skipping $BRANCH"
continue
fi
echo "Updating $BRANCH"
gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
done
rm checks.json

30
.vscode/tests.code-snippets vendored Normal file
View File

@@ -0,0 +1,30 @@
{
// Place your codeql-action workspace snippets here. Each snippet is defined under a snippet name and has a scope, prefix, body and
// description. Add comma separated ids of the languages where the snippet is applicable in the scope field. If scope
// is left empty or omitted, the snippet gets applied to all languages. The prefix is what is
// used to trigger the snippet and the body will be expanded and inserted. Possible variables are:
// $1, $2 for tab stops, $0 for the final cursor position, and ${1:label}, ${2:another} for placeholders.
// Placeholders with the same ids are connected.
// Example:
// "Print to console": {
// "scope": "javascript,typescript",
// "prefix": "log",
// "body": [
// "console.log('$1');",
// "$2"
// ],
// "description": "Log output to console"
// }
"Test Macro": {
"scope": "javascript, typescript",
"prefix": "testMacro",
"body": [
"const ${1:nameMacro} = test.macro({",
" exec: async (t: ExecutionContext<unknown>) => {},",
"",
" title: (providedTitle = \"\") => `${2:common title} - \\${providedTitle}`,",
"});",
],
"description": "An Ava test macro",
},
}

5
CHANGELOG.md
View File

@@ -2,6 +2,11 @@
See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
## 4.35.0 - 27 Mar 2026
- Reduced the minimum Git version required for [improved incremental analysis](https://github.com/github/roadmap/issues/1158) from 2.38.0 to 2.11.0. [#3767](https://github.com/github/codeql-action/pull/3767)
- Update default CodeQL bundle version to [2.25.1](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1). [#3773](https://github.com/github/codeql-action/pull/3773)
## 4.34.1 - 20 Mar 2026
- Downgrade default CodeQL bundle version to [2.24.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3) due to issues with a small percentage of Actions and JavaScript analyses. [#3762](https://github.com/github/codeql-action/pull/3762)

12
CONTRIBUTING.md
View File

@@ -69,12 +69,14 @@ Once the mergeback and backport pull request have been merged, the release is co
## Keeping the PR checks up to date (admin access required)
Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred required jobs that need to pass in order for a PR to turn green. It would be too tedious to maintain that list manually. You can regenerate the set of required checks automatically by running the [update-required-checks.sh](.github/workflows/script/update-required-checks.sh) script:
Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred required jobs that need to pass in order for a PR to turn green. It would be too tedious to maintain that list manually. You can regenerate the set of required checks automatically by running the [sync-checks.ts](pr-checks/sync-checks.ts) script:
- If you run the script without an argument, it will retrieve the set of workflows that ran for the latest commit on `main`. Make sure that your local `main` branch is up to date before running the script.
- You can specify a commit SHA as argument to retrieve the set of workflows for that commit instead. You will likely want to use this if you have a PR that removes or adds PR checks.
- At a minimum, you must provide an argument for the `--token` input. For example, `--token "$(gh auth token)"` to use the same token that `gh` uses. If no token is provided or the token has insufficient permissions, the script will fail.
- By default, the script performs a dry run and outputs information about the changes it would make to the branch protection rules. To actually apply the changes, specify the `--apply` flag.
- If you run the script without any other arguments, it will retrieve the set of workflows that ran for the latest commit on `main`.
- You can specify a different git ref with the `--ref` input. You will likely want to use this if you have a PR that removes or adds PR checks. For example, `--ref "some/branch/name"` to use the HEAD of the `some/branch/name` branch.
After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v3`, and any other currently supported major versions have been updated.
After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v4`, and any other currently supported major versions have been updated.
Note that any updates to checks on `main` need to be backported to all currently supported major version branches, in order to maintain the same set of names for required checks.
@@ -122,7 +124,7 @@ To deprecate an older version of the Action:
- Implement an Actions warning for customers using the deprecated version.
1. Wait for the deprecation period to pass.
1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported.
1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [releases.ini](.github/releases.ini). Once this PR is merged, the release process will no longer backport changes to the deprecated release version.
1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [config.ts](pr-checks/config.ts). Once this PR is merged, the release process will no longer backport changes to the deprecated release version.
## Resources

27
eslint.config.mjs
View File

@@ -7,7 +7,11 @@ import noAsyncForeach from "eslint-plugin-no-async-foreach";
import jsdoc from "eslint-plugin-jsdoc";
import tseslint from "typescript-eslint";
import globals from "globals";
import path from "path";
import { fileURLToPath } from "url";
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
const githubFlatConfigs = github.getFlatConfigs();
export default [
@@ -43,7 +47,7 @@ export default [
plugins: {
"import-x": importX,
"no-async-foreach": fixupPluginRules(noAsyncForeach),
"jsdoc": jsdoc,
jsdoc: jsdoc,
},
languageOptions: {
@@ -67,7 +71,13 @@ export default [
typescript: {},
},
"import/ignore": ["sinon", "uuid", "@octokit/plugin-retry", "del", "get-folder-size"],
"import/ignore": [
"sinon",
"uuid",
"@octokit/plugin-retry",
"del",
"get-folder-size",
],
"import-x/resolver-next": [
createTypeScriptImportResolver(),
createNodeResolver({
@@ -143,7 +153,7 @@ export default [
// We don't currently require full JSDoc coverage, so this rule
// should not error on missing @param annotations.
disableMissingParamChecks: true,
}
},
],
},
},
@@ -162,9 +172,9 @@ export default [
"@typescript-eslint/no-unused-vars": [
"error",
{
"args": "all",
"argsIgnorePattern": "^_",
}
args: "all",
argsIgnorePattern: "^_",
},
],
"func-style": "off",
},
@@ -183,6 +193,11 @@ export default [
// The scripts in `pr-checks` are expected to output to the console.
"no-console": "off",
"import/no-extraneous-dependencies": [
"error",
{ packageDir: [__dirname, path.resolve(__dirname, "pr-checks")] },
],
"@typescript-eslint/no-floating-promises": [
"error",
{

2476
lib/analyze-action-post.js generated
View File

File diff suppressed because it is too large Load Diff

985
lib/analyze-action.js generated
View File

File diff suppressed because it is too large Load Diff

1394
lib/autobuild-action.js generated
View File

File diff suppressed because it is too large Load Diff

8
lib/defaults.json
View File

@@ -1,6 +1,6 @@
{
"bundleVersion": "codeql-bundle-v2.24.3",
"cliVersion": "2.24.3",
"priorBundleVersion": "codeql-bundle-v2.24.2",
"priorCliVersion": "2.24.2"
"bundleVersion": "codeql-bundle-v2.25.1",
"cliVersion": "2.25.1",
"priorBundleVersion": "codeql-bundle-v2.24.3",
"priorCliVersion": "2.24.3"
}

1378
lib/init-action-post.js generated
View File

File diff suppressed because it is too large Load Diff

609
lib/init-action.js generated
View File

File diff suppressed because it is too large Load Diff

1386
lib/resolve-environment-action.js generated
View File

File diff suppressed because it is too large Load Diff

285
lib/setup-codeql-action.js generated
View File

@@ -41057,18 +41057,18 @@ var init_dist_src2 = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js
var VERSION5;
var init_version2 = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js"() {
VERSION5 = "17.0.0";
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js
var Endpoints, endpoints_default;
var init_endpoints = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js"() {
Endpoints = {
actions: {
addCustomLabelsToSelfHostedRunnerForOrg: [
@@ -43362,7 +43362,7 @@ var init_endpoints = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js
function endpointsToMethods(octokit) {
const newMethods = {};
for (const scope of endpointMethodsMap.keys()) {
@@ -43413,7 +43413,7 @@ function decorate(octokit, scope, methodName, defaults, decorations) {
}
var endpointMethodsMap, handler;
var init_endpoints_to_methods = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js"() {
init_endpoints();
endpointMethodsMap = /* @__PURE__ */ new Map();
for (const [scope, endpoints] of Object.entries(endpoints_default)) {
@@ -43491,7 +43491,7 @@ var init_endpoints_to_methods = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js
var dist_src_exports2 = {};
__export(dist_src_exports2, {
legacyRestEndpointMethods: () => legacyRestEndpointMethods,
@@ -43511,7 +43511,7 @@ function legacyRestEndpointMethods(octokit) {
};
}
var init_dist_src3 = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js"() {
init_version2();
init_endpoints_to_methods();
restEndpointMethods.VERSION = VERSION5;
@@ -43519,7 +43519,7 @@ var init_dist_src3 = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js
// node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js
var dist_bundle_exports = {};
__export(dist_bundle_exports, {
composePaginateRest: () => composePaginateRest,
@@ -43645,7 +43645,7 @@ function paginateRest(octokit) {
}
var VERSION6, composePaginateRest, paginatingEndpoints;
var init_dist_bundle5 = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js"() {
"node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js"() {
VERSION6 = "0.0.0-development";
composePaginateRest = Object.assign(paginate, {
iterator
@@ -60732,7 +60732,7 @@ var require_fxp = __commonJS({
if (a.some((t3) => i2 === t3.toLowerCase())) throw new Error(`[SECURITY] Invalid ${e2}: "${t2}" is a reserved JavaScript keyword that could cause prototype pollution`);
}
function A(t2) {
return "boolean" == typeof t2 ? { enabled: t2, maxEntitySize: 1e4, maxExpansionDepth: 10, maxTotalExpansions: 1e3, maxExpandedLength: 1e5, maxEntityCount: 100, allowedTags: null, tagFilter: null } : "object" == typeof t2 && null !== t2 ? { enabled: false !== t2.enabled, maxEntitySize: t2.maxEntitySize ?? 1e4, maxExpansionDepth: t2.maxExpansionDepth ?? 10, maxTotalExpansions: t2.maxTotalExpansions ?? 1e3, maxExpandedLength: t2.maxExpandedLength ?? 1e5, maxEntityCount: t2.maxEntityCount ?? 100, allowedTags: t2.allowedTags ?? null, tagFilter: t2.tagFilter ?? null } : A(true);
return "boolean" == typeof t2 ? { enabled: t2, maxEntitySize: 1e4, maxExpansionDepth: 10, maxTotalExpansions: 1e3, maxExpandedLength: 1e5, maxEntityCount: 100, allowedTags: null, tagFilter: null } : "object" == typeof t2 && null !== t2 ? { enabled: false !== t2.enabled, maxEntitySize: Math.max(1, t2.maxEntitySize ?? 1e4), maxExpansionDepth: Math.max(1, t2.maxExpansionDepth ?? 10), maxTotalExpansions: Math.max(1, t2.maxTotalExpansions ?? 1e3), maxExpandedLength: Math.max(1, t2.maxExpandedLength ?? 1e5), maxEntityCount: Math.max(1, t2.maxEntityCount ?? 100), allowedTags: t2.allowedTags ?? null, tagFilter: t2.tagFilter ?? null } : A(true);
}
const C = function(t2) {
const e2 = Object.assign({}, P, t2), i2 = [{ value: e2.attributeNamePrefix, name: "attributeNamePrefix" }, { value: e2.attributesGroupName, name: "attributesGroupName" }, { value: e2.textNodeName, name: "textNodeName" }, { value: e2.cdataPropName, name: "cdataPropName" }, { value: e2.commentPropName, name: "commentPropName" }];
@@ -60773,7 +60773,7 @@ var require_fxp = __commonJS({
if (r2 && _(t2, "!ENTITY", e2)) {
let s3, r3;
if (e2 += 7, [s3, r3, e2] = this.readEntityExp(t2, e2 + 1, this.suppressValidationErr), -1 === r3.indexOf("&")) {
if (false !== this.options.enabled && this.options.maxEntityCount && n2 >= this.options.maxEntityCount) throw new Error(`Entity count (${n2 + 1}) exceeds maximum allowed (${this.options.maxEntityCount})`);
if (false !== this.options.enabled && null != this.options.maxEntityCount && n2 >= this.options.maxEntityCount) throw new Error(`Entity count (${n2 + 1}) exceeds maximum allowed (${this.options.maxEntityCount})`);
const t3 = s3.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
i2[s3] = { regx: RegExp(`&${t3};`, "g"), val: r3 }, n2++;
}
@@ -60797,82 +60797,86 @@ var require_fxp = __commonJS({
return { entities: i2, i: e2 };
}
readEntityExp(t2, e2) {
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]) && '"' !== t2[e2] && "'" !== t2[e2]; ) i2 += t2[e2], e2++;
if (D(i2), e2 = j(t2, e2), !this.suppressValidationErr) {
const i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]) && '"' !== t2[e2] && "'" !== t2[e2]; ) e2++;
let n2 = t2.substring(i2, e2);
if (D(n2), e2 = j(t2, e2), !this.suppressValidationErr) {
if ("SYSTEM" === t2.substring(e2, e2 + 6).toUpperCase()) throw new Error("External entities are not supported");
if ("%" === t2[e2]) throw new Error("Parameter entities are not supported");
}
let n2 = "";
if ([e2, n2] = this.readIdentifierVal(t2, e2, "entity"), false !== this.options.enabled && this.options.maxEntitySize && n2.length > this.options.maxEntitySize) throw new Error(`Entity "${i2}" size (${n2.length}) exceeds maximum allowed size (${this.options.maxEntitySize})`);
return [i2, n2, --e2];
let s2 = "";
if ([e2, s2] = this.readIdentifierVal(t2, e2, "entity"), false !== this.options.enabled && null != this.options.maxEntitySize && s2.length > this.options.maxEntitySize) throw new Error(`Entity "${n2}" size (${s2.length}) exceeds maximum allowed size (${this.options.maxEntitySize})`);
return [n2, s2, --e2];
}
readNotationExp(t2, e2) {
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) i2 += t2[e2], e2++;
!this.suppressValidationErr && D(i2), e2 = j(t2, e2);
const n2 = t2.substring(e2, e2 + 6).toUpperCase();
if (!this.suppressValidationErr && "SYSTEM" !== n2 && "PUBLIC" !== n2) throw new Error(`Expected SYSTEM or PUBLIC, found "${n2}"`);
e2 += n2.length, e2 = j(t2, e2);
let s2 = null, r2 = null;
if ("PUBLIC" === n2) [e2, s2] = this.readIdentifierVal(t2, e2, "publicIdentifier"), '"' !== t2[e2 = j(t2, e2)] && "'" !== t2[e2] || ([e2, r2] = this.readIdentifierVal(t2, e2, "systemIdentifier"));
else if ("SYSTEM" === n2 && ([e2, r2] = this.readIdentifierVal(t2, e2, "systemIdentifier"), !this.suppressValidationErr && !r2)) throw new Error("Missing mandatory system identifier for SYSTEM notation");
return { notationName: i2, publicIdentifier: s2, systemIdentifier: r2, index: --e2 };
const i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let n2 = t2.substring(i2, e2);
!this.suppressValidationErr && D(n2), e2 = j(t2, e2);
const s2 = t2.substring(e2, e2 + 6).toUpperCase();
if (!this.suppressValidationErr && "SYSTEM" !== s2 && "PUBLIC" !== s2) throw new Error(`Expected SYSTEM or PUBLIC, found "${s2}"`);
e2 += s2.length, e2 = j(t2, e2);
let r2 = null, o2 = null;
if ("PUBLIC" === s2) [e2, r2] = this.readIdentifierVal(t2, e2, "publicIdentifier"), '"' !== t2[e2 = j(t2, e2)] && "'" !== t2[e2] || ([e2, o2] = this.readIdentifierVal(t2, e2, "systemIdentifier"));
else if ("SYSTEM" === s2 && ([e2, o2] = this.readIdentifierVal(t2, e2, "systemIdentifier"), !this.suppressValidationErr && !o2)) throw new Error("Missing mandatory system identifier for SYSTEM notation");
return { notationName: n2, publicIdentifier: r2, systemIdentifier: o2, index: --e2 };
}
readIdentifierVal(t2, e2, i2) {
let n2 = "";
const s2 = t2[e2];
if ('"' !== s2 && "'" !== s2) throw new Error(`Expected quoted string, found "${s2}"`);
for (e2++; e2 < t2.length && t2[e2] !== s2; ) n2 += t2[e2], e2++;
if (t2[e2] !== s2) throw new Error(`Unterminated ${i2} value`);
const r2 = ++e2;
for (; e2 < t2.length && t2[e2] !== s2; ) e2++;
if (n2 = t2.substring(r2, e2), t2[e2] !== s2) throw new Error(`Unterminated ${i2} value`);
return [++e2, n2];
}
readElementExp(t2, e2) {
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) i2 += t2[e2], e2++;
if (!this.suppressValidationErr && !r(i2)) throw new Error(`Invalid element name: "${i2}"`);
let n2 = "";
const i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let n2 = t2.substring(i2, e2);
if (!this.suppressValidationErr && !r(n2)) throw new Error(`Invalid element name: "${n2}"`);
let s2 = "";
if ("E" === t2[e2 = j(t2, e2)] && _(t2, "MPTY", e2)) e2 += 4;
else if ("A" === t2[e2] && _(t2, "NY", e2)) e2 += 2;
else if ("(" === t2[e2]) {
for (e2++; e2 < t2.length && ")" !== t2[e2]; ) n2 += t2[e2], e2++;
if (")" !== t2[e2]) throw new Error("Unterminated content model");
const i3 = ++e2;
for (; e2 < t2.length && ")" !== t2[e2]; ) e2++;
if (s2 = t2.substring(i3, e2), ")" !== t2[e2]) throw new Error("Unterminated content model");
} else if (!this.suppressValidationErr) throw new Error(`Invalid Element Expression, found "${t2[e2]}"`);
return { elementName: i2, contentModel: n2.trim(), index: e2 };
return { elementName: n2, contentModel: s2.trim(), index: e2 };
}
readAttlistExp(t2, e2) {
let i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let n2 = t2.substring(i2, e2);
for (D(n2), i2 = e2 = j(t2, e2); e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let s2 = t2.substring(i2, e2);
if (!D(s2)) throw new Error(`Invalid attribute name: "${s2}"`);
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) i2 += t2[e2], e2++;
D(i2), e2 = j(t2, e2);
let n2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) n2 += t2[e2], e2++;
if (!D(n2)) throw new Error(`Invalid attribute name: "${n2}"`);
e2 = j(t2, e2);
let s2 = "";
let r2 = "";
if ("NOTATION" === t2.substring(e2, e2 + 8).toUpperCase()) {
if (s2 = "NOTATION", "(" !== t2[e2 = j(t2, e2 += 8)]) throw new Error(`Expected '(', found "${t2[e2]}"`);
if (r2 = "NOTATION", "(" !== t2[e2 = j(t2, e2 += 8)]) throw new Error(`Expected '(', found "${t2[e2]}"`);
e2++;
let i3 = [];
for (; e2 < t2.length && ")" !== t2[e2]; ) {
let n3 = "";
for (; e2 < t2.length && "|" !== t2[e2] && ")" !== t2[e2]; ) n3 += t2[e2], e2++;
if (n3 = n3.trim(), !D(n3)) throw new Error(`Invalid notation name: "${n3}"`);
i3.push(n3), "|" === t2[e2] && (e2++, e2 = j(t2, e2));
const n3 = e2;
for (; e2 < t2.length && "|" !== t2[e2] && ")" !== t2[e2]; ) e2++;
let s3 = t2.substring(n3, e2);
if (s3 = s3.trim(), !D(s3)) throw new Error(`Invalid notation name: "${s3}"`);
i3.push(s3), "|" === t2[e2] && (e2++, e2 = j(t2, e2));
}
if (")" !== t2[e2]) throw new Error("Unterminated list of notations");
e2++, s2 += " (" + i3.join("|") + ")";
e2++, r2 += " (" + i3.join("|") + ")";
} else {
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) s2 += t2[e2], e2++;
const i3 = ["CDATA", "ID", "IDREF", "IDREFS", "ENTITY", "ENTITIES", "NMTOKEN", "NMTOKENS"];
if (!this.suppressValidationErr && !i3.includes(s2.toUpperCase())) throw new Error(`Invalid attribute type: "${s2}"`);
const i3 = e2;
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
r2 += t2.substring(i3, e2);
const n3 = ["CDATA", "ID", "IDREF", "IDREFS", "ENTITY", "ENTITIES", "NMTOKEN", "NMTOKENS"];
if (!this.suppressValidationErr && !n3.includes(r2.toUpperCase())) throw new Error(`Invalid attribute type: "${r2}"`);
}
e2 = j(t2, e2);
let r2 = "";
return "#REQUIRED" === t2.substring(e2, e2 + 8).toUpperCase() ? (r2 = "#REQUIRED", e2 += 8) : "#IMPLIED" === t2.substring(e2, e2 + 7).toUpperCase() ? (r2 = "#IMPLIED", e2 += 7) : [e2, r2] = this.readIdentifierVal(t2, e2, "ATTLIST"), { elementName: i2, attributeName: n2, attributeType: s2, defaultValue: r2, index: e2 };
let o2 = "";
return "#REQUIRED" === t2.substring(e2, e2 + 8).toUpperCase() ? (o2 = "#REQUIRED", e2 += 8) : "#IMPLIED" === t2.substring(e2, e2 + 7).toUpperCase() ? (o2 = "#IMPLIED", e2 += 7) : [e2, o2] = this.readIdentifierVal(t2, e2, "ATTLIST"), { elementName: n2, attributeName: s2, attributeType: r2, defaultValue: o2, index: e2 };
}
}
const j = (t2, e2) => {
@@ -60887,9 +60891,9 @@ var require_fxp = __commonJS({
if (r(t2)) return t2;
throw new Error(`Invalid entity name ${t2}`);
}
const V = /^[-+]?0x[a-fA-F0-9]+$/, k = /^([\-\+])?(0*)([0-9]*(\.[0-9]*)?)$/, F = { hex: true, leadingZeros: true, decimalPoint: ".", eNotation: true };
const L = /^([-+])?(0*)(\d*(\.\d*)?[eE][-\+]?\d+)$/;
class M {
const V = /^[-+]?0x[a-fA-F0-9]+$/, k = /^([\-\+])?(0*)([0-9]*(\.[0-9]*)?)$/, M = { hex: true, leadingZeros: true, decimalPoint: ".", eNotation: true, infinity: "original" };
const F = /^([-+])?(0*)(\d*(\.\d*)?[eE][-\+]?\d+)$/;
class L {
constructor(t2 = {}) {
this.separator = t2.separator || ".", this.path = [], this.siblingStacks = [];
}
@@ -61096,7 +61100,7 @@ var require_fxp = __commonJS({
if ("string" == typeof i2 && t3 === i2) return true;
if (i2 instanceof RegExp && i2.test(t3)) return true;
}
} : () => false, this.entityExpansionCount = 0, this.currentExpandedLength = 0, this.matcher = new M(), this.isCurrentNodeStopNode = false, this.options.stopNodes && this.options.stopNodes.length > 0) {
} : () => false, this.entityExpansionCount = 0, this.currentExpandedLength = 0, this.matcher = new L(), this.isCurrentNodeStopNode = false, this.options.stopNodes && this.options.stopNodes.length > 0) {
this.stopNodeExpressions = [];
for (let t3 = 0; t3 < this.options.stopNodes.length; t3++) {
const e3 = this.options.stopNodes[t3];
@@ -61207,7 +61211,7 @@ var require_fxp = __commonJS({
let o2 = s3.tagName;
const a2 = s3.rawTagName;
let h2 = s3.tagExp, l2 = s3.attrExpPresent, p2 = s3.closeIndex;
if ({ tagName: o2, tagExp: h2 } = rt(this.options.transformTagName, o2, h2, this.options), this.options.strictReservedNames && (o2 === this.options.commentPropName || o2 === this.options.cdataPropName)) throw new Error(`Invalid tag name: ${o2}`);
if ({ tagName: o2, tagExp: h2 } = rt(this.options.transformTagName, o2, h2, this.options), this.options.strictReservedNames && (o2 === this.options.commentPropName || o2 === this.options.cdataPropName || o2 === this.options.textNodeName || o2 === this.options.attributesGroupName)) throw new Error(`Invalid tag name: ${o2}`);
i2 && n2 && "!xml" !== i2.tagname && (n2 = this.saveTextToParentTag(n2, i2, this.matcher, false));
const u2 = i2;
u2 && -1 !== this.options.unpairedTags.indexOf(u2.tagname) && (i2 = this.tagsNodeStack.pop(), this.matcher.pop());
@@ -61345,7 +61349,7 @@ var require_fxp = __commonJS({
if (e2 && "string" == typeof t2) {
const e3 = t2.trim();
return "true" === e3 || "false" !== e3 && (function(t3, e4 = {}) {
if (e4 = Object.assign({}, F, e4), !t3 || "string" != typeof t3) return t3;
if (e4 = Object.assign({}, M, e4), !t3 || "string" != typeof t3) return t3;
let i3 = t3.trim();
if (void 0 !== e4.skipLike && e4.skipLike.test(i3)) return t3;
if ("0" === t3) return 0;
@@ -61355,35 +61359,50 @@ var require_fxp = __commonJS({
if (window && window.parseInt) return window.parseInt(t4, 16);
throw new Error("parseInt, Number.parseInt, window.parseInt are not supported");
})(i3);
if (i3.includes("e") || i3.includes("E")) return (function(t4, e5, i4) {
if (!i4.eNotation) return t4;
const n3 = e5.match(L);
if (n3) {
let s2 = n3[1] || "";
const r2 = -1 === n3[3].indexOf("e") ? "E" : "e", o2 = n3[2], a2 = s2 ? t4[o2.length + 1] === r2 : t4[o2.length] === r2;
return o2.length > 1 && a2 ? t4 : 1 !== o2.length || !n3[3].startsWith(`.${r2}`) && n3[3][0] !== r2 ? i4.leadingZeros && !a2 ? (e5 = (n3[1] || "") + n3[3], Number(e5)) : t4 : Number(e5);
}
return t4;
})(t3, i3, e4);
{
const s2 = k.exec(i3);
if (s2) {
const r2 = s2[1] || "", o2 = s2[2];
let a2 = (n2 = s2[3]) && -1 !== n2.indexOf(".") ? ("." === (n2 = n2.replace(/0+$/, "")) ? n2 = "0" : "." === n2[0] ? n2 = "0" + n2 : "." === n2[n2.length - 1] && (n2 = n2.substring(0, n2.length - 1)), n2) : n2;
const h2 = r2 ? "." === t3[o2.length + 1] : "." === t3[o2.length];
if (!e4.leadingZeros && (o2.length > 1 || 1 === o2.length && !h2)) return t3;
{
const n3 = Number(i3), s3 = String(n3);
if (0 === n3) return n3;
if (-1 !== s3.search(/[eE]/)) return e4.eNotation ? n3 : t3;
if (-1 !== i3.indexOf(".")) return "0" === s3 || s3 === a2 || s3 === `${r2}${a2}` ? n3 : t3;
let h3 = o2 ? a2 : i3;
return o2 ? h3 === s3 || r2 + h3 === s3 ? n3 : t3 : h3 === s3 || h3 === r2 + s3 ? n3 : t3;
if (isFinite(i3)) {
if (i3.includes("e") || i3.includes("E")) return (function(t4, e5, i4) {
if (!i4.eNotation) return t4;
const n3 = e5.match(F);
if (n3) {
let s2 = n3[1] || "";
const r2 = -1 === n3[3].indexOf("e") ? "E" : "e", o2 = n3[2], a2 = s2 ? t4[o2.length + 1] === r2 : t4[o2.length] === r2;
return o2.length > 1 && a2 ? t4 : (1 !== o2.length || !n3[3].startsWith(`.${r2}`) && n3[3][0] !== r2) && o2.length > 0 ? i4.leadingZeros && !a2 ? (e5 = (n3[1] || "") + n3[3], Number(e5)) : t4 : Number(e5);
}
return t4;
})(t3, i3, e4);
{
const s2 = k.exec(i3);
if (s2) {
const r2 = s2[1] || "", o2 = s2[2];
let a2 = (n2 = s2[3]) && -1 !== n2.indexOf(".") ? ("." === (n2 = n2.replace(/0+$/, "")) ? n2 = "0" : "." === n2[0] ? n2 = "0" + n2 : "." === n2[n2.length - 1] && (n2 = n2.substring(0, n2.length - 1)), n2) : n2;
const h2 = r2 ? "." === t3[o2.length + 1] : "." === t3[o2.length];
if (!e4.leadingZeros && (o2.length > 1 || 1 === o2.length && !h2)) return t3;
{
const n3 = Number(i3), s3 = String(n3);
if (0 === n3) return n3;
if (-1 !== s3.search(/[eE]/)) return e4.eNotation ? n3 : t3;
if (-1 !== i3.indexOf(".")) return "0" === s3 || s3 === a2 || s3 === `${r2}${a2}` ? n3 : t3;
let h3 = o2 ? a2 : i3;
return o2 ? h3 === s3 || r2 + h3 === s3 ? n3 : t3 : h3 === s3 || h3 === r2 + s3 ? n3 : t3;
}
}
return t3;
}
return t3;
}
var n2;
return (function(t4, e5, i4) {
const n3 = e5 === 1 / 0;
switch (i4.infinity.toLowerCase()) {
case "null":
return null;
case "infinity":
return e5;
case "string":
return n3 ? "Infinity" : "-Infinity";
default:
return t4;
}
})(t3, Number(i3), e4);
})(t2, i2);
}
return void 0 !== t2 ? t2 : "";
@@ -61495,7 +61514,7 @@ var require_fxp = __commonJS({
const i3 = e2.stopNodes[t3];
"string" == typeof i3 ? n2.push(new G(i3)) : i3 instanceof G && n2.push(i3);
}
return mt(t2, e2, i2, new M(), n2);
return mt(t2, e2, i2, new L(), n2);
}
function mt(t2, e2, i2, n2, s2) {
let r2 = "", o2 = false;
@@ -61643,7 +61662,7 @@ var require_fxp = __commonJS({
if (this.options.preserveOrder) return gt(t2, this.options);
{
Array.isArray(t2) && this.options.arrayNodeName && this.options.arrayNodeName.length > 1 && (t2 = { [this.options.arrayNodeName]: t2 });
const e2 = new M();
const e2 = new L();
return this.j2x(t2, 0, e2).val;
}
}, Pt.prototype.j2x = function(t2, e2, i2) {
@@ -100521,8 +100540,8 @@ var require_follow_redirects = __commonJS({
}
return parsed;
}
function resolveUrl(relative2, base) {
return useNativeURL ? new URL2(relative2, base) : parseUrl2(url.resolve(base, relative2));
function resolveUrl(relative3, base) {
return useNativeURL ? new URL2(relative3, base) : parseUrl2(url.resolve(base, relative3));
}
function validateUrl(input) {
if (/^\[/.test(input.hostname) && !/^\[[:0-9a-f]+\]$/i.test(input.hostname)) {
@@ -103605,8 +103624,12 @@ function getTemporaryDirectory() {
const value = process.env["CODEQL_ACTION_TEMP"];
return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP");
}
var PR_DIFF_RANGE_JSON_FILENAME = "pr-diff-range.json";
function getDiffRangesJsonFilePath() {
return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
}
function getActionVersion() {
return "4.34.1";
return "4.35.0";
}
function getWorkflowEventName() {
return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -103961,8 +103984,8 @@ var path4 = __toESM(require("path"));
var semver4 = __toESM(require_semver2());
// src/defaults.json
var bundleVersion = "codeql-bundle-v2.24.3";
var cliVersion = "2.24.3";
var bundleVersion = "codeql-bundle-v2.25.1";
var cliVersion = "2.25.1";
// src/overlay/index.ts
var fs3 = __toESM(require("fs"));
@@ -104050,14 +104073,26 @@ var decodeGitFilePath = function(filePath) {
}
return filePath;
};
var getGitRoot = async function(sourceRoot) {
try {
const stdout = await runGitCommand(
sourceRoot,
["rev-parse", "--show-toplevel"],
`Cannot find Git repository root from the source root ${sourceRoot}.`
);
return stdout.trim();
} catch {
return void 0;
}
};
var getFileOidsUnderPath = async function(basePath) {
const stdout = await runGitCommand(
basePath,
["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"],
["ls-files", "--recurse-submodules", "--stage"],
"Cannot list Git OIDs of tracked files."
);
const fileOidMap = {};
const regex = /^([0-9a-f]{40})_(.+)$/;
const regex = /^[0-9]+ ([0-9a-f]{40}) [0-9]+\t(.+)$/;
for (const line of stdout.split("\n")) {
if (line) {
const match = line.match(regex);
@@ -104197,10 +104232,12 @@ async function readBaseDatabaseOidsFile(config, logger) {
async function writeOverlayChangesFile(config, sourceRoot, logger) {
const baseFileOids = await readBaseDatabaseOidsFile(config, logger);
const overlayFileOids = await getFileOidsUnderPath(sourceRoot);
const changedFiles = computeChangedFiles(baseFileOids, overlayFileOids);
const oidChangedFiles = computeChangedFiles(baseFileOids, overlayFileOids);
logger.info(
`Found ${changedFiles.length} changed file(s) under ${sourceRoot}.`
`Found ${oidChangedFiles.length} changed file(s) under ${sourceRoot} from OID comparison.`
);
const diffRangeFiles = await getDiffRangeFilePaths(sourceRoot, logger);
const changedFiles = [.../* @__PURE__ */ new Set([...oidChangedFiles, ...diffRangeFiles])];
const changedFilesJson = JSON.stringify({ changes: changedFiles });
const overlayChangesFile = path3.join(
getTemporaryDirectory(),
@@ -104226,6 +104263,52 @@ function computeChangedFiles(baseFileOids, overlayFileOids) {
}
return changes;
}
async function getDiffRangeFilePaths(sourceRoot, logger) {
const jsonFilePath = getDiffRangesJsonFilePath();
if (!fs3.existsSync(jsonFilePath)) {
logger.debug(
`No diff ranges JSON file found at ${jsonFilePath}; skipping.`
);
return [];
}
let contents;
try {
contents = await fs3.promises.readFile(jsonFilePath, "utf8");
} catch (e) {
logger.warning(
`Failed to read diff ranges JSON file at ${jsonFilePath}: ${e}`
);
return [];
}
let diffRanges;
try {
diffRanges = JSON.parse(contents);
} catch (e) {
logger.warning(
`Failed to parse diff ranges JSON file at ${jsonFilePath}: ${e}`
);
return [];
}
logger.debug(
`Read ${diffRanges.length} diff range(s) from ${jsonFilePath} for overlay changes.`
);
const repoRoot = await getGitRoot(sourceRoot);
if (repoRoot === void 0) {
if (getOptionalInput("source-root")) {
throw new Error(
"Cannot determine git root to convert diff range paths relative to source-root. Failing to avoid omitting files from the analysis."
);
}
logger.warning(
"Cannot determine git root; returning diff range paths as-is."
);
return [...new Set(diffRanges.map((r) => r.path))];
}
const relativePaths = diffRanges.map(
(r) => path3.relative(sourceRoot, path3.join(repoRoot, r.path)).replaceAll(path3.sep, "/")
).filter((rel) => !rel.startsWith(".."));
return [...new Set(relativePaths)];
}
// src/tools-features.ts
var semver3 = __toESM(require_semver2());

205
lib/start-proxy-action-post.js generated
View File

@@ -41057,18 +41057,18 @@ var init_dist_src2 = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js
var VERSION5;
var init_version2 = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js"() {
VERSION5 = "17.0.0";
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js
var Endpoints, endpoints_default;
var init_endpoints = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js"() {
Endpoints = {
actions: {
addCustomLabelsToSelfHostedRunnerForOrg: [
@@ -43362,7 +43362,7 @@ var init_endpoints = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js
function endpointsToMethods(octokit) {
const newMethods = {};
for (const scope of endpointMethodsMap.keys()) {
@@ -43413,7 +43413,7 @@ function decorate(octokit, scope, methodName, defaults, decorations) {
}
var endpointMethodsMap, handler;
var init_endpoints_to_methods = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js"() {
init_endpoints();
endpointMethodsMap = /* @__PURE__ */ new Map();
for (const [scope, endpoints] of Object.entries(endpoints_default)) {
@@ -43491,7 +43491,7 @@ var init_endpoints_to_methods = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js
var dist_src_exports2 = {};
__export(dist_src_exports2, {
legacyRestEndpointMethods: () => legacyRestEndpointMethods,
@@ -43511,7 +43511,7 @@ function legacyRestEndpointMethods(octokit) {
};
}
var init_dist_src3 = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js"() {
init_version2();
init_endpoints_to_methods();
restEndpointMethods.VERSION = VERSION5;
@@ -43519,7 +43519,7 @@ var init_dist_src3 = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js
// node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js
var dist_bundle_exports = {};
__export(dist_bundle_exports, {
composePaginateRest: () => composePaginateRest,
@@ -43645,7 +43645,7 @@ function paginateRest(octokit) {
}
var VERSION6, composePaginateRest, paginatingEndpoints;
var init_dist_bundle5 = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js"() {
"node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js"() {
VERSION6 = "0.0.0-development";
composePaginateRest = Object.assign(paginate, {
iterator
@@ -62029,7 +62029,7 @@ var require_fxp = __commonJS({
if (a.some((t3) => i2 === t3.toLowerCase())) throw new Error(`[SECURITY] Invalid ${e2}: "${t2}" is a reserved JavaScript keyword that could cause prototype pollution`);
}
function A(t2) {
return "boolean" == typeof t2 ? { enabled: t2, maxEntitySize: 1e4, maxExpansionDepth: 10, maxTotalExpansions: 1e3, maxExpandedLength: 1e5, maxEntityCount: 100, allowedTags: null, tagFilter: null } : "object" == typeof t2 && null !== t2 ? { enabled: false !== t2.enabled, maxEntitySize: t2.maxEntitySize ?? 1e4, maxExpansionDepth: t2.maxExpansionDepth ?? 10, maxTotalExpansions: t2.maxTotalExpansions ?? 1e3, maxExpandedLength: t2.maxExpandedLength ?? 1e5, maxEntityCount: t2.maxEntityCount ?? 100, allowedTags: t2.allowedTags ?? null, tagFilter: t2.tagFilter ?? null } : A(true);
return "boolean" == typeof t2 ? { enabled: t2, maxEntitySize: 1e4, maxExpansionDepth: 10, maxTotalExpansions: 1e3, maxExpandedLength: 1e5, maxEntityCount: 100, allowedTags: null, tagFilter: null } : "object" == typeof t2 && null !== t2 ? { enabled: false !== t2.enabled, maxEntitySize: Math.max(1, t2.maxEntitySize ?? 1e4), maxExpansionDepth: Math.max(1, t2.maxExpansionDepth ?? 10), maxTotalExpansions: Math.max(1, t2.maxTotalExpansions ?? 1e3), maxExpandedLength: Math.max(1, t2.maxExpandedLength ?? 1e5), maxEntityCount: Math.max(1, t2.maxEntityCount ?? 100), allowedTags: t2.allowedTags ?? null, tagFilter: t2.tagFilter ?? null } : A(true);
}
const C = function(t2) {
const e2 = Object.assign({}, P, t2), i2 = [{ value: e2.attributeNamePrefix, name: "attributeNamePrefix" }, { value: e2.attributesGroupName, name: "attributesGroupName" }, { value: e2.textNodeName, name: "textNodeName" }, { value: e2.cdataPropName, name: "cdataPropName" }, { value: e2.commentPropName, name: "commentPropName" }];
@@ -62070,7 +62070,7 @@ var require_fxp = __commonJS({
if (r2 && _2(t2, "!ENTITY", e2)) {
let s3, r3;
if (e2 += 7, [s3, r3, e2] = this.readEntityExp(t2, e2 + 1, this.suppressValidationErr), -1 === r3.indexOf("&")) {
if (false !== this.options.enabled && this.options.maxEntityCount && n2 >= this.options.maxEntityCount) throw new Error(`Entity count (${n2 + 1}) exceeds maximum allowed (${this.options.maxEntityCount})`);
if (false !== this.options.enabled && null != this.options.maxEntityCount && n2 >= this.options.maxEntityCount) throw new Error(`Entity count (${n2 + 1}) exceeds maximum allowed (${this.options.maxEntityCount})`);
const t3 = s3.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
i2[s3] = { regx: RegExp(`&${t3};`, "g"), val: r3 }, n2++;
}
@@ -62094,82 +62094,86 @@ var require_fxp = __commonJS({
return { entities: i2, i: e2 };
}
readEntityExp(t2, e2) {
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]) && '"' !== t2[e2] && "'" !== t2[e2]; ) i2 += t2[e2], e2++;
if (D(i2), e2 = j(t2, e2), !this.suppressValidationErr) {
const i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]) && '"' !== t2[e2] && "'" !== t2[e2]; ) e2++;
let n2 = t2.substring(i2, e2);
if (D(n2), e2 = j(t2, e2), !this.suppressValidationErr) {
if ("SYSTEM" === t2.substring(e2, e2 + 6).toUpperCase()) throw new Error("External entities are not supported");
if ("%" === t2[e2]) throw new Error("Parameter entities are not supported");
}
let n2 = "";
if ([e2, n2] = this.readIdentifierVal(t2, e2, "entity"), false !== this.options.enabled && this.options.maxEntitySize && n2.length > this.options.maxEntitySize) throw new Error(`Entity "${i2}" size (${n2.length}) exceeds maximum allowed size (${this.options.maxEntitySize})`);
return [i2, n2, --e2];
let s2 = "";
if ([e2, s2] = this.readIdentifierVal(t2, e2, "entity"), false !== this.options.enabled && null != this.options.maxEntitySize && s2.length > this.options.maxEntitySize) throw new Error(`Entity "${n2}" size (${s2.length}) exceeds maximum allowed size (${this.options.maxEntitySize})`);
return [n2, s2, --e2];
}
readNotationExp(t2, e2) {
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) i2 += t2[e2], e2++;
!this.suppressValidationErr && D(i2), e2 = j(t2, e2);
const n2 = t2.substring(e2, e2 + 6).toUpperCase();
if (!this.suppressValidationErr && "SYSTEM" !== n2 && "PUBLIC" !== n2) throw new Error(`Expected SYSTEM or PUBLIC, found "${n2}"`);
e2 += n2.length, e2 = j(t2, e2);
let s2 = null, r2 = null;
if ("PUBLIC" === n2) [e2, s2] = this.readIdentifierVal(t2, e2, "publicIdentifier"), '"' !== t2[e2 = j(t2, e2)] && "'" !== t2[e2] || ([e2, r2] = this.readIdentifierVal(t2, e2, "systemIdentifier"));
else if ("SYSTEM" === n2 && ([e2, r2] = this.readIdentifierVal(t2, e2, "systemIdentifier"), !this.suppressValidationErr && !r2)) throw new Error("Missing mandatory system identifier for SYSTEM notation");
return { notationName: i2, publicIdentifier: s2, systemIdentifier: r2, index: --e2 };
const i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let n2 = t2.substring(i2, e2);
!this.suppressValidationErr && D(n2), e2 = j(t2, e2);
const s2 = t2.substring(e2, e2 + 6).toUpperCase();
if (!this.suppressValidationErr && "SYSTEM" !== s2 && "PUBLIC" !== s2) throw new Error(`Expected SYSTEM or PUBLIC, found "${s2}"`);
e2 += s2.length, e2 = j(t2, e2);
let r2 = null, o2 = null;
if ("PUBLIC" === s2) [e2, r2] = this.readIdentifierVal(t2, e2, "publicIdentifier"), '"' !== t2[e2 = j(t2, e2)] && "'" !== t2[e2] || ([e2, o2] = this.readIdentifierVal(t2, e2, "systemIdentifier"));
else if ("SYSTEM" === s2 && ([e2, o2] = this.readIdentifierVal(t2, e2, "systemIdentifier"), !this.suppressValidationErr && !o2)) throw new Error("Missing mandatory system identifier for SYSTEM notation");
return { notationName: n2, publicIdentifier: r2, systemIdentifier: o2, index: --e2 };
}
readIdentifierVal(t2, e2, i2) {
let n2 = "";
const s2 = t2[e2];
if ('"' !== s2 && "'" !== s2) throw new Error(`Expected quoted string, found "${s2}"`);
for (e2++; e2 < t2.length && t2[e2] !== s2; ) n2 += t2[e2], e2++;
if (t2[e2] !== s2) throw new Error(`Unterminated ${i2} value`);
const r2 = ++e2;
for (; e2 < t2.length && t2[e2] !== s2; ) e2++;
if (n2 = t2.substring(r2, e2), t2[e2] !== s2) throw new Error(`Unterminated ${i2} value`);
return [++e2, n2];
}
readElementExp(t2, e2) {
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) i2 += t2[e2], e2++;
if (!this.suppressValidationErr && !r(i2)) throw new Error(`Invalid element name: "${i2}"`);
let n2 = "";
const i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let n2 = t2.substring(i2, e2);
if (!this.suppressValidationErr && !r(n2)) throw new Error(`Invalid element name: "${n2}"`);
let s2 = "";
if ("E" === t2[e2 = j(t2, e2)] && _2(t2, "MPTY", e2)) e2 += 4;
else if ("A" === t2[e2] && _2(t2, "NY", e2)) e2 += 2;
else if ("(" === t2[e2]) {
for (e2++; e2 < t2.length && ")" !== t2[e2]; ) n2 += t2[e2], e2++;
if (")" !== t2[e2]) throw new Error("Unterminated content model");
const i3 = ++e2;
for (; e2 < t2.length && ")" !== t2[e2]; ) e2++;
if (s2 = t2.substring(i3, e2), ")" !== t2[e2]) throw new Error("Unterminated content model");
} else if (!this.suppressValidationErr) throw new Error(`Invalid Element Expression, found "${t2[e2]}"`);
return { elementName: i2, contentModel: n2.trim(), index: e2 };
return { elementName: n2, contentModel: s2.trim(), index: e2 };
}
readAttlistExp(t2, e2) {
let i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let n2 = t2.substring(i2, e2);
for (D(n2), i2 = e2 = j(t2, e2); e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let s2 = t2.substring(i2, e2);
if (!D(s2)) throw new Error(`Invalid attribute name: "${s2}"`);
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) i2 += t2[e2], e2++;
D(i2), e2 = j(t2, e2);
let n2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) n2 += t2[e2], e2++;
if (!D(n2)) throw new Error(`Invalid attribute name: "${n2}"`);
e2 = j(t2, e2);
let s2 = "";
let r2 = "";
if ("NOTATION" === t2.substring(e2, e2 + 8).toUpperCase()) {
if (s2 = "NOTATION", "(" !== t2[e2 = j(t2, e2 += 8)]) throw new Error(`Expected '(', found "${t2[e2]}"`);
if (r2 = "NOTATION", "(" !== t2[e2 = j(t2, e2 += 8)]) throw new Error(`Expected '(', found "${t2[e2]}"`);
e2++;
let i3 = [];
for (; e2 < t2.length && ")" !== t2[e2]; ) {
let n3 = "";
for (; e2 < t2.length && "|" !== t2[e2] && ")" !== t2[e2]; ) n3 += t2[e2], e2++;
if (n3 = n3.trim(), !D(n3)) throw new Error(`Invalid notation name: "${n3}"`);
i3.push(n3), "|" === t2[e2] && (e2++, e2 = j(t2, e2));
const n3 = e2;
for (; e2 < t2.length && "|" !== t2[e2] && ")" !== t2[e2]; ) e2++;
let s3 = t2.substring(n3, e2);
if (s3 = s3.trim(), !D(s3)) throw new Error(`Invalid notation name: "${s3}"`);
i3.push(s3), "|" === t2[e2] && (e2++, e2 = j(t2, e2));
}
if (")" !== t2[e2]) throw new Error("Unterminated list of notations");
e2++, s2 += " (" + i3.join("|") + ")";
e2++, r2 += " (" + i3.join("|") + ")";
} else {
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) s2 += t2[e2], e2++;
const i3 = ["CDATA", "ID", "IDREF", "IDREFS", "ENTITY", "ENTITIES", "NMTOKEN", "NMTOKENS"];
if (!this.suppressValidationErr && !i3.includes(s2.toUpperCase())) throw new Error(`Invalid attribute type: "${s2}"`);
const i3 = e2;
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
r2 += t2.substring(i3, e2);
const n3 = ["CDATA", "ID", "IDREF", "IDREFS", "ENTITY", "ENTITIES", "NMTOKEN", "NMTOKENS"];
if (!this.suppressValidationErr && !n3.includes(r2.toUpperCase())) throw new Error(`Invalid attribute type: "${r2}"`);
}
e2 = j(t2, e2);
let r2 = "";
return "#REQUIRED" === t2.substring(e2, e2 + 8).toUpperCase() ? (r2 = "#REQUIRED", e2 += 8) : "#IMPLIED" === t2.substring(e2, e2 + 7).toUpperCase() ? (r2 = "#IMPLIED", e2 += 7) : [e2, r2] = this.readIdentifierVal(t2, e2, "ATTLIST"), { elementName: i2, attributeName: n2, attributeType: s2, defaultValue: r2, index: e2 };
let o2 = "";
return "#REQUIRED" === t2.substring(e2, e2 + 8).toUpperCase() ? (o2 = "#REQUIRED", e2 += 8) : "#IMPLIED" === t2.substring(e2, e2 + 7).toUpperCase() ? (o2 = "#IMPLIED", e2 += 7) : [e2, o2] = this.readIdentifierVal(t2, e2, "ATTLIST"), { elementName: n2, attributeName: s2, attributeType: r2, defaultValue: o2, index: e2 };
}
}
const j = (t2, e2) => {
@@ -62184,9 +62188,9 @@ var require_fxp = __commonJS({
if (r(t2)) return t2;
throw new Error(`Invalid entity name ${t2}`);
}
const V = /^[-+]?0x[a-fA-F0-9]+$/, k = /^([\-\+])?(0*)([0-9]*(\.[0-9]*)?)$/, F = { hex: true, leadingZeros: true, decimalPoint: ".", eNotation: true };
const L = /^([-+])?(0*)(\d*(\.\d*)?[eE][-\+]?\d+)$/;
class M {
const V = /^[-+]?0x[a-fA-F0-9]+$/, k = /^([\-\+])?(0*)([0-9]*(\.[0-9]*)?)$/, M = { hex: true, leadingZeros: true, decimalPoint: ".", eNotation: true, infinity: "original" };
const F = /^([-+])?(0*)(\d*(\.\d*)?[eE][-\+]?\d+)$/;
class L {
constructor(t2 = {}) {
this.separator = t2.separator || ".", this.path = [], this.siblingStacks = [];
}
@@ -62393,7 +62397,7 @@ var require_fxp = __commonJS({
if ("string" == typeof i2 && t3 === i2) return true;
if (i2 instanceof RegExp && i2.test(t3)) return true;
}
} : () => false, this.entityExpansionCount = 0, this.currentExpandedLength = 0, this.matcher = new M(), this.isCurrentNodeStopNode = false, this.options.stopNodes && this.options.stopNodes.length > 0) {
} : () => false, this.entityExpansionCount = 0, this.currentExpandedLength = 0, this.matcher = new L(), this.isCurrentNodeStopNode = false, this.options.stopNodes && this.options.stopNodes.length > 0) {
this.stopNodeExpressions = [];
for (let t3 = 0; t3 < this.options.stopNodes.length; t3++) {
const e3 = this.options.stopNodes[t3];
@@ -62504,7 +62508,7 @@ var require_fxp = __commonJS({
let o2 = s3.tagName;
const a2 = s3.rawTagName;
let h2 = s3.tagExp, l2 = s3.attrExpPresent, p2 = s3.closeIndex;
if ({ tagName: o2, tagExp: h2 } = rt(this.options.transformTagName, o2, h2, this.options), this.options.strictReservedNames && (o2 === this.options.commentPropName || o2 === this.options.cdataPropName)) throw new Error(`Invalid tag name: ${o2}`);
if ({ tagName: o2, tagExp: h2 } = rt(this.options.transformTagName, o2, h2, this.options), this.options.strictReservedNames && (o2 === this.options.commentPropName || o2 === this.options.cdataPropName || o2 === this.options.textNodeName || o2 === this.options.attributesGroupName)) throw new Error(`Invalid tag name: ${o2}`);
i2 && n2 && "!xml" !== i2.tagname && (n2 = this.saveTextToParentTag(n2, i2, this.matcher, false));
const u2 = i2;
u2 && -1 !== this.options.unpairedTags.indexOf(u2.tagname) && (i2 = this.tagsNodeStack.pop(), this.matcher.pop());
@@ -62642,7 +62646,7 @@ var require_fxp = __commonJS({
if (e2 && "string" == typeof t2) {
const e3 = t2.trim();
return "true" === e3 || "false" !== e3 && (function(t3, e4 = {}) {
if (e4 = Object.assign({}, F, e4), !t3 || "string" != typeof t3) return t3;
if (e4 = Object.assign({}, M, e4), !t3 || "string" != typeof t3) return t3;
let i3 = t3.trim();
if (void 0 !== e4.skipLike && e4.skipLike.test(i3)) return t3;
if ("0" === t3) return 0;
@@ -62652,35 +62656,50 @@ var require_fxp = __commonJS({
if (window && window.parseInt) return window.parseInt(t4, 16);
throw new Error("parseInt, Number.parseInt, window.parseInt are not supported");
})(i3);
if (i3.includes("e") || i3.includes("E")) return (function(t4, e5, i4) {
if (!i4.eNotation) return t4;
const n3 = e5.match(L);
if (n3) {
let s2 = n3[1] || "";
const r2 = -1 === n3[3].indexOf("e") ? "E" : "e", o2 = n3[2], a2 = s2 ? t4[o2.length + 1] === r2 : t4[o2.length] === r2;
return o2.length > 1 && a2 ? t4 : 1 !== o2.length || !n3[3].startsWith(`.${r2}`) && n3[3][0] !== r2 ? i4.leadingZeros && !a2 ? (e5 = (n3[1] || "") + n3[3], Number(e5)) : t4 : Number(e5);
}
return t4;
})(t3, i3, e4);
{
const s2 = k.exec(i3);
if (s2) {
const r2 = s2[1] || "", o2 = s2[2];
let a2 = (n2 = s2[3]) && -1 !== n2.indexOf(".") ? ("." === (n2 = n2.replace(/0+$/, "")) ? n2 = "0" : "." === n2[0] ? n2 = "0" + n2 : "." === n2[n2.length - 1] && (n2 = n2.substring(0, n2.length - 1)), n2) : n2;
const h2 = r2 ? "." === t3[o2.length + 1] : "." === t3[o2.length];
if (!e4.leadingZeros && (o2.length > 1 || 1 === o2.length && !h2)) return t3;
{
const n3 = Number(i3), s3 = String(n3);
if (0 === n3) return n3;
if (-1 !== s3.search(/[eE]/)) return e4.eNotation ? n3 : t3;
if (-1 !== i3.indexOf(".")) return "0" === s3 || s3 === a2 || s3 === `${r2}${a2}` ? n3 : t3;
let h3 = o2 ? a2 : i3;
return o2 ? h3 === s3 || r2 + h3 === s3 ? n3 : t3 : h3 === s3 || h3 === r2 + s3 ? n3 : t3;
if (isFinite(i3)) {
if (i3.includes("e") || i3.includes("E")) return (function(t4, e5, i4) {
if (!i4.eNotation) return t4;
const n3 = e5.match(F);
if (n3) {
let s2 = n3[1] || "";
const r2 = -1 === n3[3].indexOf("e") ? "E" : "e", o2 = n3[2], a2 = s2 ? t4[o2.length + 1] === r2 : t4[o2.length] === r2;
return o2.length > 1 && a2 ? t4 : (1 !== o2.length || !n3[3].startsWith(`.${r2}`) && n3[3][0] !== r2) && o2.length > 0 ? i4.leadingZeros && !a2 ? (e5 = (n3[1] || "") + n3[3], Number(e5)) : t4 : Number(e5);
}
return t4;
})(t3, i3, e4);
{
const s2 = k.exec(i3);
if (s2) {
const r2 = s2[1] || "", o2 = s2[2];
let a2 = (n2 = s2[3]) && -1 !== n2.indexOf(".") ? ("." === (n2 = n2.replace(/0+$/, "")) ? n2 = "0" : "." === n2[0] ? n2 = "0" + n2 : "." === n2[n2.length - 1] && (n2 = n2.substring(0, n2.length - 1)), n2) : n2;
const h2 = r2 ? "." === t3[o2.length + 1] : "." === t3[o2.length];
if (!e4.leadingZeros && (o2.length > 1 || 1 === o2.length && !h2)) return t3;
{
const n3 = Number(i3), s3 = String(n3);
if (0 === n3) return n3;
if (-1 !== s3.search(/[eE]/)) return e4.eNotation ? n3 : t3;
if (-1 !== i3.indexOf(".")) return "0" === s3 || s3 === a2 || s3 === `${r2}${a2}` ? n3 : t3;
let h3 = o2 ? a2 : i3;
return o2 ? h3 === s3 || r2 + h3 === s3 ? n3 : t3 : h3 === s3 || h3 === r2 + s3 ? n3 : t3;
}
}
return t3;
}
return t3;
}
var n2;
return (function(t4, e5, i4) {
const n3 = e5 === 1 / 0;
switch (i4.infinity.toLowerCase()) {
case "null":
return null;
case "infinity":
return e5;
case "string":
return n3 ? "Infinity" : "-Infinity";
default:
return t4;
}
})(t3, Number(i3), e4);
})(t2, i2);
}
return void 0 !== t2 ? t2 : "";
@@ -62792,7 +62811,7 @@ var require_fxp = __commonJS({
const i3 = e2.stopNodes[t3];
"string" == typeof i3 ? n2.push(new G(i3)) : i3 instanceof G && n2.push(i3);
}
return mt(t2, e2, i2, new M(), n2);
return mt(t2, e2, i2, new L(), n2);
}
function mt(t2, e2, i2, n2, s2) {
let r2 = "", o2 = false;
@@ -62940,7 +62959,7 @@ var require_fxp = __commonJS({
if (this.options.preserveOrder) return gt(t2, this.options);
{
Array.isArray(t2) && this.options.arrayNodeName && this.options.arrayNodeName.length > 1 && (t2 = { [this.options.arrayNodeName]: t2 });
const e2 = new M();
const e2 = new L();
return this.j2x(t2, 0, e2).val;
}
}, Pt.prototype.j2x = function(t2, e2, i2) {
@@ -161479,7 +161498,7 @@ function getTemporaryDirectory() {
return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP");
}
function getActionVersion() {
return "4.34.1";
return "4.35.0";
}
var persistedInputsKey = "persisted_inputs";
var restoreInputs = function() {

214
lib/start-proxy-action.js generated
View File

@@ -41057,18 +41057,18 @@ var init_dist_src2 = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js
var VERSION5;
var init_version2 = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js"() {
VERSION5 = "17.0.0";
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js
var Endpoints, endpoints_default;
var init_endpoints = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js"() {
Endpoints = {
actions: {
addCustomLabelsToSelfHostedRunnerForOrg: [
@@ -43362,7 +43362,7 @@ var init_endpoints = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js
function endpointsToMethods(octokit) {
const newMethods = {};
for (const scope of endpointMethodsMap.keys()) {
@@ -43413,7 +43413,7 @@ function decorate(octokit, scope, methodName, defaults, decorations) {
}
var endpointMethodsMap, handler;
var init_endpoints_to_methods = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js"() {
init_endpoints();
endpointMethodsMap = /* @__PURE__ */ new Map();
for (const [scope, endpoints] of Object.entries(endpoints_default)) {
@@ -43491,7 +43491,7 @@ var init_endpoints_to_methods = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js
var dist_src_exports2 = {};
__export(dist_src_exports2, {
legacyRestEndpointMethods: () => legacyRestEndpointMethods,
@@ -43511,7 +43511,7 @@ function legacyRestEndpointMethods(octokit) {
};
}
var init_dist_src3 = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js"() {
init_version2();
init_endpoints_to_methods();
restEndpointMethods.VERSION = VERSION5;
@@ -43519,7 +43519,7 @@ var init_dist_src3 = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js
// node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js
var dist_bundle_exports = {};
__export(dist_bundle_exports, {
composePaginateRest: () => composePaginateRest,
@@ -43645,7 +43645,7 @@ function paginateRest(octokit) {
}
var VERSION6, composePaginateRest, paginatingEndpoints;
var init_dist_bundle5 = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js"() {
"node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js"() {
VERSION6 = "0.0.0-development";
composePaginateRest = Object.assign(paginate, {
iterator
@@ -60732,7 +60732,7 @@ var require_fxp = __commonJS({
if (a.some((t3) => i2 === t3.toLowerCase())) throw new Error(`[SECURITY] Invalid ${e2}: "${t2}" is a reserved JavaScript keyword that could cause prototype pollution`);
}
function A(t2) {
return "boolean" == typeof t2 ? { enabled: t2, maxEntitySize: 1e4, maxExpansionDepth: 10, maxTotalExpansions: 1e3, maxExpandedLength: 1e5, maxEntityCount: 100, allowedTags: null, tagFilter: null } : "object" == typeof t2 && null !== t2 ? { enabled: false !== t2.enabled, maxEntitySize: t2.maxEntitySize ?? 1e4, maxExpansionDepth: t2.maxExpansionDepth ?? 10, maxTotalExpansions: t2.maxTotalExpansions ?? 1e3, maxExpandedLength: t2.maxExpandedLength ?? 1e5, maxEntityCount: t2.maxEntityCount ?? 100, allowedTags: t2.allowedTags ?? null, tagFilter: t2.tagFilter ?? null } : A(true);
return "boolean" == typeof t2 ? { enabled: t2, maxEntitySize: 1e4, maxExpansionDepth: 10, maxTotalExpansions: 1e3, maxExpandedLength: 1e5, maxEntityCount: 100, allowedTags: null, tagFilter: null } : "object" == typeof t2 && null !== t2 ? { enabled: false !== t2.enabled, maxEntitySize: Math.max(1, t2.maxEntitySize ?? 1e4), maxExpansionDepth: Math.max(1, t2.maxExpansionDepth ?? 10), maxTotalExpansions: Math.max(1, t2.maxTotalExpansions ?? 1e3), maxExpandedLength: Math.max(1, t2.maxExpandedLength ?? 1e5), maxEntityCount: Math.max(1, t2.maxEntityCount ?? 100), allowedTags: t2.allowedTags ?? null, tagFilter: t2.tagFilter ?? null } : A(true);
}
const C = function(t2) {
const e2 = Object.assign({}, P, t2), i2 = [{ value: e2.attributeNamePrefix, name: "attributeNamePrefix" }, { value: e2.attributesGroupName, name: "attributesGroupName" }, { value: e2.textNodeName, name: "textNodeName" }, { value: e2.cdataPropName, name: "cdataPropName" }, { value: e2.commentPropName, name: "commentPropName" }];
@@ -60773,7 +60773,7 @@ var require_fxp = __commonJS({
if (r2 && _(t2, "!ENTITY", e2)) {
let s3, r3;
if (e2 += 7, [s3, r3, e2] = this.readEntityExp(t2, e2 + 1, this.suppressValidationErr), -1 === r3.indexOf("&")) {
if (false !== this.options.enabled && this.options.maxEntityCount && n2 >= this.options.maxEntityCount) throw new Error(`Entity count (${n2 + 1}) exceeds maximum allowed (${this.options.maxEntityCount})`);
if (false !== this.options.enabled && null != this.options.maxEntityCount && n2 >= this.options.maxEntityCount) throw new Error(`Entity count (${n2 + 1}) exceeds maximum allowed (${this.options.maxEntityCount})`);
const t3 = s3.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
i2[s3] = { regx: RegExp(`&${t3};`, "g"), val: r3 }, n2++;
}
@@ -60797,82 +60797,86 @@ var require_fxp = __commonJS({
return { entities: i2, i: e2 };
}
readEntityExp(t2, e2) {
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]) && '"' !== t2[e2] && "'" !== t2[e2]; ) i2 += t2[e2], e2++;
if (D(i2), e2 = j(t2, e2), !this.suppressValidationErr) {
const i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]) && '"' !== t2[e2] && "'" !== t2[e2]; ) e2++;
let n2 = t2.substring(i2, e2);
if (D(n2), e2 = j(t2, e2), !this.suppressValidationErr) {
if ("SYSTEM" === t2.substring(e2, e2 + 6).toUpperCase()) throw new Error("External entities are not supported");
if ("%" === t2[e2]) throw new Error("Parameter entities are not supported");
}
let n2 = "";
if ([e2, n2] = this.readIdentifierVal(t2, e2, "entity"), false !== this.options.enabled && this.options.maxEntitySize && n2.length > this.options.maxEntitySize) throw new Error(`Entity "${i2}" size (${n2.length}) exceeds maximum allowed size (${this.options.maxEntitySize})`);
return [i2, n2, --e2];
let s2 = "";
if ([e2, s2] = this.readIdentifierVal(t2, e2, "entity"), false !== this.options.enabled && null != this.options.maxEntitySize && s2.length > this.options.maxEntitySize) throw new Error(`Entity "${n2}" size (${s2.length}) exceeds maximum allowed size (${this.options.maxEntitySize})`);
return [n2, s2, --e2];
}
readNotationExp(t2, e2) {
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) i2 += t2[e2], e2++;
!this.suppressValidationErr && D(i2), e2 = j(t2, e2);
const n2 = t2.substring(e2, e2 + 6).toUpperCase();
if (!this.suppressValidationErr && "SYSTEM" !== n2 && "PUBLIC" !== n2) throw new Error(`Expected SYSTEM or PUBLIC, found "${n2}"`);
e2 += n2.length, e2 = j(t2, e2);
let s2 = null, r2 = null;
if ("PUBLIC" === n2) [e2, s2] = this.readIdentifierVal(t2, e2, "publicIdentifier"), '"' !== t2[e2 = j(t2, e2)] && "'" !== t2[e2] || ([e2, r2] = this.readIdentifierVal(t2, e2, "systemIdentifier"));
else if ("SYSTEM" === n2 && ([e2, r2] = this.readIdentifierVal(t2, e2, "systemIdentifier"), !this.suppressValidationErr && !r2)) throw new Error("Missing mandatory system identifier for SYSTEM notation");
return { notationName: i2, publicIdentifier: s2, systemIdentifier: r2, index: --e2 };
const i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let n2 = t2.substring(i2, e2);
!this.suppressValidationErr && D(n2), e2 = j(t2, e2);
const s2 = t2.substring(e2, e2 + 6).toUpperCase();
if (!this.suppressValidationErr && "SYSTEM" !== s2 && "PUBLIC" !== s2) throw new Error(`Expected SYSTEM or PUBLIC, found "${s2}"`);
e2 += s2.length, e2 = j(t2, e2);
let r2 = null, o2 = null;
if ("PUBLIC" === s2) [e2, r2] = this.readIdentifierVal(t2, e2, "publicIdentifier"), '"' !== t2[e2 = j(t2, e2)] && "'" !== t2[e2] || ([e2, o2] = this.readIdentifierVal(t2, e2, "systemIdentifier"));
else if ("SYSTEM" === s2 && ([e2, o2] = this.readIdentifierVal(t2, e2, "systemIdentifier"), !this.suppressValidationErr && !o2)) throw new Error("Missing mandatory system identifier for SYSTEM notation");
return { notationName: n2, publicIdentifier: r2, systemIdentifier: o2, index: --e2 };
}
readIdentifierVal(t2, e2, i2) {
let n2 = "";
const s2 = t2[e2];
if ('"' !== s2 && "'" !== s2) throw new Error(`Expected quoted string, found "${s2}"`);
for (e2++; e2 < t2.length && t2[e2] !== s2; ) n2 += t2[e2], e2++;
if (t2[e2] !== s2) throw new Error(`Unterminated ${i2} value`);
const r2 = ++e2;
for (; e2 < t2.length && t2[e2] !== s2; ) e2++;
if (n2 = t2.substring(r2, e2), t2[e2] !== s2) throw new Error(`Unterminated ${i2} value`);
return [++e2, n2];
}
readElementExp(t2, e2) {
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) i2 += t2[e2], e2++;
if (!this.suppressValidationErr && !r(i2)) throw new Error(`Invalid element name: "${i2}"`);
let n2 = "";
const i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let n2 = t2.substring(i2, e2);
if (!this.suppressValidationErr && !r(n2)) throw new Error(`Invalid element name: "${n2}"`);
let s2 = "";
if ("E" === t2[e2 = j(t2, e2)] && _(t2, "MPTY", e2)) e2 += 4;
else if ("A" === t2[e2] && _(t2, "NY", e2)) e2 += 2;
else if ("(" === t2[e2]) {
for (e2++; e2 < t2.length && ")" !== t2[e2]; ) n2 += t2[e2], e2++;
if (")" !== t2[e2]) throw new Error("Unterminated content model");
const i3 = ++e2;
for (; e2 < t2.length && ")" !== t2[e2]; ) e2++;
if (s2 = t2.substring(i3, e2), ")" !== t2[e2]) throw new Error("Unterminated content model");
} else if (!this.suppressValidationErr) throw new Error(`Invalid Element Expression, found "${t2[e2]}"`);
return { elementName: i2, contentModel: n2.trim(), index: e2 };
return { elementName: n2, contentModel: s2.trim(), index: e2 };
}
readAttlistExp(t2, e2) {
let i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let n2 = t2.substring(i2, e2);
for (D(n2), i2 = e2 = j(t2, e2); e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let s2 = t2.substring(i2, e2);
if (!D(s2)) throw new Error(`Invalid attribute name: "${s2}"`);
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) i2 += t2[e2], e2++;
D(i2), e2 = j(t2, e2);
let n2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) n2 += t2[e2], e2++;
if (!D(n2)) throw new Error(`Invalid attribute name: "${n2}"`);
e2 = j(t2, e2);
let s2 = "";
let r2 = "";
if ("NOTATION" === t2.substring(e2, e2 + 8).toUpperCase()) {
if (s2 = "NOTATION", "(" !== t2[e2 = j(t2, e2 += 8)]) throw new Error(`Expected '(', found "${t2[e2]}"`);
if (r2 = "NOTATION", "(" !== t2[e2 = j(t2, e2 += 8)]) throw new Error(`Expected '(', found "${t2[e2]}"`);
e2++;
let i3 = [];
for (; e2 < t2.length && ")" !== t2[e2]; ) {
let n3 = "";
for (; e2 < t2.length && "|" !== t2[e2] && ")" !== t2[e2]; ) n3 += t2[e2], e2++;
if (n3 = n3.trim(), !D(n3)) throw new Error(`Invalid notation name: "${n3}"`);
i3.push(n3), "|" === t2[e2] && (e2++, e2 = j(t2, e2));
const n3 = e2;
for (; e2 < t2.length && "|" !== t2[e2] && ")" !== t2[e2]; ) e2++;
let s3 = t2.substring(n3, e2);
if (s3 = s3.trim(), !D(s3)) throw new Error(`Invalid notation name: "${s3}"`);
i3.push(s3), "|" === t2[e2] && (e2++, e2 = j(t2, e2));
}
if (")" !== t2[e2]) throw new Error("Unterminated list of notations");
e2++, s2 += " (" + i3.join("|") + ")";
e2++, r2 += " (" + i3.join("|") + ")";
} else {
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) s2 += t2[e2], e2++;
const i3 = ["CDATA", "ID", "IDREF", "IDREFS", "ENTITY", "ENTITIES", "NMTOKEN", "NMTOKENS"];
if (!this.suppressValidationErr && !i3.includes(s2.toUpperCase())) throw new Error(`Invalid attribute type: "${s2}"`);
const i3 = e2;
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
r2 += t2.substring(i3, e2);
const n3 = ["CDATA", "ID", "IDREF", "IDREFS", "ENTITY", "ENTITIES", "NMTOKEN", "NMTOKENS"];
if (!this.suppressValidationErr && !n3.includes(r2.toUpperCase())) throw new Error(`Invalid attribute type: "${r2}"`);
}
e2 = j(t2, e2);
let r2 = "";
return "#REQUIRED" === t2.substring(e2, e2 + 8).toUpperCase() ? (r2 = "#REQUIRED", e2 += 8) : "#IMPLIED" === t2.substring(e2, e2 + 7).toUpperCase() ? (r2 = "#IMPLIED", e2 += 7) : [e2, r2] = this.readIdentifierVal(t2, e2, "ATTLIST"), { elementName: i2, attributeName: n2, attributeType: s2, defaultValue: r2, index: e2 };
let o2 = "";
return "#REQUIRED" === t2.substring(e2, e2 + 8).toUpperCase() ? (o2 = "#REQUIRED", e2 += 8) : "#IMPLIED" === t2.substring(e2, e2 + 7).toUpperCase() ? (o2 = "#IMPLIED", e2 += 7) : [e2, o2] = this.readIdentifierVal(t2, e2, "ATTLIST"), { elementName: n2, attributeName: s2, attributeType: r2, defaultValue: o2, index: e2 };
}
}
const j = (t2, e2) => {
@@ -60887,9 +60891,9 @@ var require_fxp = __commonJS({
if (r(t2)) return t2;
throw new Error(`Invalid entity name ${t2}`);
}
const V = /^[-+]?0x[a-fA-F0-9]+$/, k = /^([\-\+])?(0*)([0-9]*(\.[0-9]*)?)$/, F = { hex: true, leadingZeros: true, decimalPoint: ".", eNotation: true };
const L = /^([-+])?(0*)(\d*(\.\d*)?[eE][-\+]?\d+)$/;
class M {
const V = /^[-+]?0x[a-fA-F0-9]+$/, k = /^([\-\+])?(0*)([0-9]*(\.[0-9]*)?)$/, M = { hex: true, leadingZeros: true, decimalPoint: ".", eNotation: true, infinity: "original" };
const F = /^([-+])?(0*)(\d*(\.\d*)?[eE][-\+]?\d+)$/;
class L {
constructor(t2 = {}) {
this.separator = t2.separator || ".", this.path = [], this.siblingStacks = [];
}
@@ -61096,7 +61100,7 @@ var require_fxp = __commonJS({
if ("string" == typeof i2 && t3 === i2) return true;
if (i2 instanceof RegExp && i2.test(t3)) return true;
}
} : () => false, this.entityExpansionCount = 0, this.currentExpandedLength = 0, this.matcher = new M(), this.isCurrentNodeStopNode = false, this.options.stopNodes && this.options.stopNodes.length > 0) {
} : () => false, this.entityExpansionCount = 0, this.currentExpandedLength = 0, this.matcher = new L(), this.isCurrentNodeStopNode = false, this.options.stopNodes && this.options.stopNodes.length > 0) {
this.stopNodeExpressions = [];
for (let t3 = 0; t3 < this.options.stopNodes.length; t3++) {
const e3 = this.options.stopNodes[t3];
@@ -61207,7 +61211,7 @@ var require_fxp = __commonJS({
let o2 = s3.tagName;
const a2 = s3.rawTagName;
let h2 = s3.tagExp, l2 = s3.attrExpPresent, p2 = s3.closeIndex;
if ({ tagName: o2, tagExp: h2 } = rt(this.options.transformTagName, o2, h2, this.options), this.options.strictReservedNames && (o2 === this.options.commentPropName || o2 === this.options.cdataPropName)) throw new Error(`Invalid tag name: ${o2}`);
if ({ tagName: o2, tagExp: h2 } = rt(this.options.transformTagName, o2, h2, this.options), this.options.strictReservedNames && (o2 === this.options.commentPropName || o2 === this.options.cdataPropName || o2 === this.options.textNodeName || o2 === this.options.attributesGroupName)) throw new Error(`Invalid tag name: ${o2}`);
i2 && n2 && "!xml" !== i2.tagname && (n2 = this.saveTextToParentTag(n2, i2, this.matcher, false));
const u2 = i2;
u2 && -1 !== this.options.unpairedTags.indexOf(u2.tagname) && (i2 = this.tagsNodeStack.pop(), this.matcher.pop());
@@ -61345,7 +61349,7 @@ var require_fxp = __commonJS({
if (e2 && "string" == typeof t2) {
const e3 = t2.trim();
return "true" === e3 || "false" !== e3 && (function(t3, e4 = {}) {
if (e4 = Object.assign({}, F, e4), !t3 || "string" != typeof t3) return t3;
if (e4 = Object.assign({}, M, e4), !t3 || "string" != typeof t3) return t3;
let i3 = t3.trim();
if (void 0 !== e4.skipLike && e4.skipLike.test(i3)) return t3;
if ("0" === t3) return 0;
@@ -61355,35 +61359,50 @@ var require_fxp = __commonJS({
if (window && window.parseInt) return window.parseInt(t4, 16);
throw new Error("parseInt, Number.parseInt, window.parseInt are not supported");
})(i3);
if (i3.includes("e") || i3.includes("E")) return (function(t4, e5, i4) {
if (!i4.eNotation) return t4;
const n3 = e5.match(L);
if (n3) {
let s2 = n3[1] || "";
const r2 = -1 === n3[3].indexOf("e") ? "E" : "e", o2 = n3[2], a2 = s2 ? t4[o2.length + 1] === r2 : t4[o2.length] === r2;
return o2.length > 1 && a2 ? t4 : 1 !== o2.length || !n3[3].startsWith(`.${r2}`) && n3[3][0] !== r2 ? i4.leadingZeros && !a2 ? (e5 = (n3[1] || "") + n3[3], Number(e5)) : t4 : Number(e5);
}
return t4;
})(t3, i3, e4);
{
const s2 = k.exec(i3);
if (s2) {
const r2 = s2[1] || "", o2 = s2[2];
let a2 = (n2 = s2[3]) && -1 !== n2.indexOf(".") ? ("." === (n2 = n2.replace(/0+$/, "")) ? n2 = "0" : "." === n2[0] ? n2 = "0" + n2 : "." === n2[n2.length - 1] && (n2 = n2.substring(0, n2.length - 1)), n2) : n2;
const h2 = r2 ? "." === t3[o2.length + 1] : "." === t3[o2.length];
if (!e4.leadingZeros && (o2.length > 1 || 1 === o2.length && !h2)) return t3;
{
const n3 = Number(i3), s3 = String(n3);
if (0 === n3) return n3;
if (-1 !== s3.search(/[eE]/)) return e4.eNotation ? n3 : t3;
if (-1 !== i3.indexOf(".")) return "0" === s3 || s3 === a2 || s3 === `${r2}${a2}` ? n3 : t3;
let h3 = o2 ? a2 : i3;
return o2 ? h3 === s3 || r2 + h3 === s3 ? n3 : t3 : h3 === s3 || h3 === r2 + s3 ? n3 : t3;
if (isFinite(i3)) {
if (i3.includes("e") || i3.includes("E")) return (function(t4, e5, i4) {
if (!i4.eNotation) return t4;
const n3 = e5.match(F);
if (n3) {
let s2 = n3[1] || "";
const r2 = -1 === n3[3].indexOf("e") ? "E" : "e", o2 = n3[2], a2 = s2 ? t4[o2.length + 1] === r2 : t4[o2.length] === r2;
return o2.length > 1 && a2 ? t4 : (1 !== o2.length || !n3[3].startsWith(`.${r2}`) && n3[3][0] !== r2) && o2.length > 0 ? i4.leadingZeros && !a2 ? (e5 = (n3[1] || "") + n3[3], Number(e5)) : t4 : Number(e5);
}
return t4;
})(t3, i3, e4);
{
const s2 = k.exec(i3);
if (s2) {
const r2 = s2[1] || "", o2 = s2[2];
let a2 = (n2 = s2[3]) && -1 !== n2.indexOf(".") ? ("." === (n2 = n2.replace(/0+$/, "")) ? n2 = "0" : "." === n2[0] ? n2 = "0" + n2 : "." === n2[n2.length - 1] && (n2 = n2.substring(0, n2.length - 1)), n2) : n2;
const h2 = r2 ? "." === t3[o2.length + 1] : "." === t3[o2.length];
if (!e4.leadingZeros && (o2.length > 1 || 1 === o2.length && !h2)) return t3;
{
const n3 = Number(i3), s3 = String(n3);
if (0 === n3) return n3;
if (-1 !== s3.search(/[eE]/)) return e4.eNotation ? n3 : t3;
if (-1 !== i3.indexOf(".")) return "0" === s3 || s3 === a2 || s3 === `${r2}${a2}` ? n3 : t3;
let h3 = o2 ? a2 : i3;
return o2 ? h3 === s3 || r2 + h3 === s3 ? n3 : t3 : h3 === s3 || h3 === r2 + s3 ? n3 : t3;
}
}
return t3;
}
return t3;
}
var n2;
return (function(t4, e5, i4) {
const n3 = e5 === 1 / 0;
switch (i4.infinity.toLowerCase()) {
case "null":
return null;
case "infinity":
return e5;
case "string":
return n3 ? "Infinity" : "-Infinity";
default:
return t4;
}
})(t3, Number(i3), e4);
})(t2, i2);
}
return void 0 !== t2 ? t2 : "";
@@ -61495,7 +61514,7 @@ var require_fxp = __commonJS({
const i3 = e2.stopNodes[t3];
"string" == typeof i3 ? n2.push(new G(i3)) : i3 instanceof G && n2.push(i3);
}
return mt(t2, e2, i2, new M(), n2);
return mt(t2, e2, i2, new L(), n2);
}
function mt(t2, e2, i2, n2, s2) {
let r2 = "", o2 = false;
@@ -61643,7 +61662,7 @@ var require_fxp = __commonJS({
if (this.options.preserveOrder) return gt(t2, this.options);
{
Array.isArray(t2) && this.options.arrayNodeName && this.options.arrayNodeName.length > 1 && (t2 = { [this.options.arrayNodeName]: t2 });
const e2 = new M();
const e2 = new L();
return this.j2x(t2, 0, e2).val;
}
}, Pt.prototype.j2x = function(t2, e2, i2) {
@@ -120658,7 +120677,7 @@ function getTemporaryDirectory() {
return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP");
}
function getActionVersion() {
return "4.34.1";
return "4.35.0";
}
function getWorkflowEventName() {
return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -120905,8 +120924,8 @@ var path = __toESM(require("path"));
var semver4 = __toESM(require_semver2());
// src/defaults.json
var bundleVersion = "codeql-bundle-v2.24.3";
var cliVersion = "2.24.3";
var bundleVersion = "codeql-bundle-v2.25.1";
var cliVersion = "2.25.1";
// src/overlay/index.ts
var actionsCache = __toESM(require_cache5());
@@ -122223,7 +122242,10 @@ function getCredentials(logger, registrySecrets, registriesCredentials, language
);
}
}
if ((!hasUsername(authConfig) || !isDefined2(authConfig.username)) && isUsernamePassword(authConfig) && isDefined2(authConfig.password) && isPAT(authConfig.password) || isToken(authConfig) && isDefined2(authConfig.token) && isPAT(authConfig.token)) {
const noUsername = !hasUsername(authConfig) || !isDefined2(authConfig.username);
const passwordIsPAT = isUsernamePassword(authConfig) && isDefined2(authConfig.password) && isPAT(authConfig.password);
const tokenIsPAT = isToken(authConfig) && isDefined2(authConfig.token) && isPAT(authConfig.token);
if (noUsername && (passwordIsPAT || tokenIsPAT)) {
logger.warning(
`A ${e.type} private registry is configured for ${e.host || e.url} using a GitHub Personal Access Token (PAT), but no username was provided. This may not work correctly. When configuring a private registry using a PAT, select "Username and password" and enter the username of the user who generated the PAT.`
);

794
lib/upload-lib.js generated
View File

File diff suppressed because it is too large Load Diff

205
lib/upload-sarif-action-post.js generated
View File

@@ -41057,18 +41057,18 @@ var init_dist_src2 = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js
var VERSION5;
var init_version2 = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js"() {
VERSION5 = "17.0.0";
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js
var Endpoints, endpoints_default;
var init_endpoints = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js"() {
Endpoints = {
actions: {
addCustomLabelsToSelfHostedRunnerForOrg: [
@@ -43362,7 +43362,7 @@ var init_endpoints = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js
function endpointsToMethods(octokit) {
const newMethods = {};
for (const scope of endpointMethodsMap.keys()) {
@@ -43413,7 +43413,7 @@ function decorate(octokit, scope, methodName, defaults, decorations) {
}
var endpointMethodsMap, handler;
var init_endpoints_to_methods = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js"() {
init_endpoints();
endpointMethodsMap = /* @__PURE__ */ new Map();
for (const [scope, endpoints] of Object.entries(endpoints_default)) {
@@ -43491,7 +43491,7 @@ var init_endpoints_to_methods = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js
// node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js
var dist_src_exports2 = {};
__export(dist_src_exports2, {
legacyRestEndpointMethods: () => legacyRestEndpointMethods,
@@ -43511,7 +43511,7 @@ function legacyRestEndpointMethods(octokit) {
};
}
var init_dist_src3 = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js"() {
"node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js"() {
init_version2();
init_endpoints_to_methods();
restEndpointMethods.VERSION = VERSION5;
@@ -43519,7 +43519,7 @@ var init_dist_src3 = __esm({
}
});
// node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js
// node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js
var dist_bundle_exports = {};
__export(dist_bundle_exports, {
composePaginateRest: () => composePaginateRest,
@@ -43645,7 +43645,7 @@ function paginateRest(octokit) {
}
var VERSION6, composePaginateRest, paginatingEndpoints;
var init_dist_bundle5 = __esm({
"node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js"() {
"node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js"() {
VERSION6 = "0.0.0-development";
composePaginateRest = Object.assign(paginate, {
iterator
@@ -64242,7 +64242,7 @@ var require_fxp = __commonJS({
if (a.some((t3) => i2 === t3.toLowerCase())) throw new Error(`[SECURITY] Invalid ${e2}: "${t2}" is a reserved JavaScript keyword that could cause prototype pollution`);
}
function A(t2) {
return "boolean" == typeof t2 ? { enabled: t2, maxEntitySize: 1e4, maxExpansionDepth: 10, maxTotalExpansions: 1e3, maxExpandedLength: 1e5, maxEntityCount: 100, allowedTags: null, tagFilter: null } : "object" == typeof t2 && null !== t2 ? { enabled: false !== t2.enabled, maxEntitySize: t2.maxEntitySize ?? 1e4, maxExpansionDepth: t2.maxExpansionDepth ?? 10, maxTotalExpansions: t2.maxTotalExpansions ?? 1e3, maxExpandedLength: t2.maxExpandedLength ?? 1e5, maxEntityCount: t2.maxEntityCount ?? 100, allowedTags: t2.allowedTags ?? null, tagFilter: t2.tagFilter ?? null } : A(true);
return "boolean" == typeof t2 ? { enabled: t2, maxEntitySize: 1e4, maxExpansionDepth: 10, maxTotalExpansions: 1e3, maxExpandedLength: 1e5, maxEntityCount: 100, allowedTags: null, tagFilter: null } : "object" == typeof t2 && null !== t2 ? { enabled: false !== t2.enabled, maxEntitySize: Math.max(1, t2.maxEntitySize ?? 1e4), maxExpansionDepth: Math.max(1, t2.maxExpansionDepth ?? 10), maxTotalExpansions: Math.max(1, t2.maxTotalExpansions ?? 1e3), maxExpandedLength: Math.max(1, t2.maxExpandedLength ?? 1e5), maxEntityCount: Math.max(1, t2.maxEntityCount ?? 100), allowedTags: t2.allowedTags ?? null, tagFilter: t2.tagFilter ?? null } : A(true);
}
const C = function(t2) {
const e2 = Object.assign({}, P, t2), i2 = [{ value: e2.attributeNamePrefix, name: "attributeNamePrefix" }, { value: e2.attributesGroupName, name: "attributesGroupName" }, { value: e2.textNodeName, name: "textNodeName" }, { value: e2.cdataPropName, name: "cdataPropName" }, { value: e2.commentPropName, name: "commentPropName" }];
@@ -64283,7 +64283,7 @@ var require_fxp = __commonJS({
if (r2 && _2(t2, "!ENTITY", e2)) {
let s3, r3;
if (e2 += 7, [s3, r3, e2] = this.readEntityExp(t2, e2 + 1, this.suppressValidationErr), -1 === r3.indexOf("&")) {
if (false !== this.options.enabled && this.options.maxEntityCount && n2 >= this.options.maxEntityCount) throw new Error(`Entity count (${n2 + 1}) exceeds maximum allowed (${this.options.maxEntityCount})`);
if (false !== this.options.enabled && null != this.options.maxEntityCount && n2 >= this.options.maxEntityCount) throw new Error(`Entity count (${n2 + 1}) exceeds maximum allowed (${this.options.maxEntityCount})`);
const t3 = s3.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
i2[s3] = { regx: RegExp(`&${t3};`, "g"), val: r3 }, n2++;
}
@@ -64307,82 +64307,86 @@ var require_fxp = __commonJS({
return { entities: i2, i: e2 };
}
readEntityExp(t2, e2) {
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]) && '"' !== t2[e2] && "'" !== t2[e2]; ) i2 += t2[e2], e2++;
if (D(i2), e2 = j(t2, e2), !this.suppressValidationErr) {
const i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]) && '"' !== t2[e2] && "'" !== t2[e2]; ) e2++;
let n2 = t2.substring(i2, e2);
if (D(n2), e2 = j(t2, e2), !this.suppressValidationErr) {
if ("SYSTEM" === t2.substring(e2, e2 + 6).toUpperCase()) throw new Error("External entities are not supported");
if ("%" === t2[e2]) throw new Error("Parameter entities are not supported");
}
let n2 = "";
if ([e2, n2] = this.readIdentifierVal(t2, e2, "entity"), false !== this.options.enabled && this.options.maxEntitySize && n2.length > this.options.maxEntitySize) throw new Error(`Entity "${i2}" size (${n2.length}) exceeds maximum allowed size (${this.options.maxEntitySize})`);
return [i2, n2, --e2];
let s2 = "";
if ([e2, s2] = this.readIdentifierVal(t2, e2, "entity"), false !== this.options.enabled && null != this.options.maxEntitySize && s2.length > this.options.maxEntitySize) throw new Error(`Entity "${n2}" size (${s2.length}) exceeds maximum allowed size (${this.options.maxEntitySize})`);
return [n2, s2, --e2];
}
readNotationExp(t2, e2) {
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) i2 += t2[e2], e2++;
!this.suppressValidationErr && D(i2), e2 = j(t2, e2);
const n2 = t2.substring(e2, e2 + 6).toUpperCase();
if (!this.suppressValidationErr && "SYSTEM" !== n2 && "PUBLIC" !== n2) throw new Error(`Expected SYSTEM or PUBLIC, found "${n2}"`);
e2 += n2.length, e2 = j(t2, e2);
let s2 = null, r2 = null;
if ("PUBLIC" === n2) [e2, s2] = this.readIdentifierVal(t2, e2, "publicIdentifier"), '"' !== t2[e2 = j(t2, e2)] && "'" !== t2[e2] || ([e2, r2] = this.readIdentifierVal(t2, e2, "systemIdentifier"));
else if ("SYSTEM" === n2 && ([e2, r2] = this.readIdentifierVal(t2, e2, "systemIdentifier"), !this.suppressValidationErr && !r2)) throw new Error("Missing mandatory system identifier for SYSTEM notation");
return { notationName: i2, publicIdentifier: s2, systemIdentifier: r2, index: --e2 };
const i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let n2 = t2.substring(i2, e2);
!this.suppressValidationErr && D(n2), e2 = j(t2, e2);
const s2 = t2.substring(e2, e2 + 6).toUpperCase();
if (!this.suppressValidationErr && "SYSTEM" !== s2 && "PUBLIC" !== s2) throw new Error(`Expected SYSTEM or PUBLIC, found "${s2}"`);
e2 += s2.length, e2 = j(t2, e2);
let r2 = null, o2 = null;
if ("PUBLIC" === s2) [e2, r2] = this.readIdentifierVal(t2, e2, "publicIdentifier"), '"' !== t2[e2 = j(t2, e2)] && "'" !== t2[e2] || ([e2, o2] = this.readIdentifierVal(t2, e2, "systemIdentifier"));
else if ("SYSTEM" === s2 && ([e2, o2] = this.readIdentifierVal(t2, e2, "systemIdentifier"), !this.suppressValidationErr && !o2)) throw new Error("Missing mandatory system identifier for SYSTEM notation");
return { notationName: n2, publicIdentifier: r2, systemIdentifier: o2, index: --e2 };
}
readIdentifierVal(t2, e2, i2) {
let n2 = "";
const s2 = t2[e2];
if ('"' !== s2 && "'" !== s2) throw new Error(`Expected quoted string, found "${s2}"`);
for (e2++; e2 < t2.length && t2[e2] !== s2; ) n2 += t2[e2], e2++;
if (t2[e2] !== s2) throw new Error(`Unterminated ${i2} value`);
const r2 = ++e2;
for (; e2 < t2.length && t2[e2] !== s2; ) e2++;
if (n2 = t2.substring(r2, e2), t2[e2] !== s2) throw new Error(`Unterminated ${i2} value`);
return [++e2, n2];
}
readElementExp(t2, e2) {
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) i2 += t2[e2], e2++;
if (!this.suppressValidationErr && !r(i2)) throw new Error(`Invalid element name: "${i2}"`);
let n2 = "";
const i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let n2 = t2.substring(i2, e2);
if (!this.suppressValidationErr && !r(n2)) throw new Error(`Invalid element name: "${n2}"`);
let s2 = "";
if ("E" === t2[e2 = j(t2, e2)] && _2(t2, "MPTY", e2)) e2 += 4;
else if ("A" === t2[e2] && _2(t2, "NY", e2)) e2 += 2;
else if ("(" === t2[e2]) {
for (e2++; e2 < t2.length && ")" !== t2[e2]; ) n2 += t2[e2], e2++;
if (")" !== t2[e2]) throw new Error("Unterminated content model");
const i3 = ++e2;
for (; e2 < t2.length && ")" !== t2[e2]; ) e2++;
if (s2 = t2.substring(i3, e2), ")" !== t2[e2]) throw new Error("Unterminated content model");
} else if (!this.suppressValidationErr) throw new Error(`Invalid Element Expression, found "${t2[e2]}"`);
return { elementName: i2, contentModel: n2.trim(), index: e2 };
return { elementName: n2, contentModel: s2.trim(), index: e2 };
}
readAttlistExp(t2, e2) {
let i2 = e2 = j(t2, e2);
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let n2 = t2.substring(i2, e2);
for (D(n2), i2 = e2 = j(t2, e2); e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
let s2 = t2.substring(i2, e2);
if (!D(s2)) throw new Error(`Invalid attribute name: "${s2}"`);
e2 = j(t2, e2);
let i2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) i2 += t2[e2], e2++;
D(i2), e2 = j(t2, e2);
let n2 = "";
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) n2 += t2[e2], e2++;
if (!D(n2)) throw new Error(`Invalid attribute name: "${n2}"`);
e2 = j(t2, e2);
let s2 = "";
let r2 = "";
if ("NOTATION" === t2.substring(e2, e2 + 8).toUpperCase()) {
if (s2 = "NOTATION", "(" !== t2[e2 = j(t2, e2 += 8)]) throw new Error(`Expected '(', found "${t2[e2]}"`);
if (r2 = "NOTATION", "(" !== t2[e2 = j(t2, e2 += 8)]) throw new Error(`Expected '(', found "${t2[e2]}"`);
e2++;
let i3 = [];
for (; e2 < t2.length && ")" !== t2[e2]; ) {
let n3 = "";
for (; e2 < t2.length && "|" !== t2[e2] && ")" !== t2[e2]; ) n3 += t2[e2], e2++;
if (n3 = n3.trim(), !D(n3)) throw new Error(`Invalid notation name: "${n3}"`);
i3.push(n3), "|" === t2[e2] && (e2++, e2 = j(t2, e2));
const n3 = e2;
for (; e2 < t2.length && "|" !== t2[e2] && ")" !== t2[e2]; ) e2++;
let s3 = t2.substring(n3, e2);
if (s3 = s3.trim(), !D(s3)) throw new Error(`Invalid notation name: "${s3}"`);
i3.push(s3), "|" === t2[e2] && (e2++, e2 = j(t2, e2));
}
if (")" !== t2[e2]) throw new Error("Unterminated list of notations");
e2++, s2 += " (" + i3.join("|") + ")";
e2++, r2 += " (" + i3.join("|") + ")";
} else {
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) s2 += t2[e2], e2++;
const i3 = ["CDATA", "ID", "IDREF", "IDREFS", "ENTITY", "ENTITIES", "NMTOKEN", "NMTOKENS"];
if (!this.suppressValidationErr && !i3.includes(s2.toUpperCase())) throw new Error(`Invalid attribute type: "${s2}"`);
const i3 = e2;
for (; e2 < t2.length && !/\s/.test(t2[e2]); ) e2++;
r2 += t2.substring(i3, e2);
const n3 = ["CDATA", "ID", "IDREF", "IDREFS", "ENTITY", "ENTITIES", "NMTOKEN", "NMTOKENS"];
if (!this.suppressValidationErr && !n3.includes(r2.toUpperCase())) throw new Error(`Invalid attribute type: "${r2}"`);
}
e2 = j(t2, e2);
let r2 = "";
return "#REQUIRED" === t2.substring(e2, e2 + 8).toUpperCase() ? (r2 = "#REQUIRED", e2 += 8) : "#IMPLIED" === t2.substring(e2, e2 + 7).toUpperCase() ? (r2 = "#IMPLIED", e2 += 7) : [e2, r2] = this.readIdentifierVal(t2, e2, "ATTLIST"), { elementName: i2, attributeName: n2, attributeType: s2, defaultValue: r2, index: e2 };
let o2 = "";
return "#REQUIRED" === t2.substring(e2, e2 + 8).toUpperCase() ? (o2 = "#REQUIRED", e2 += 8) : "#IMPLIED" === t2.substring(e2, e2 + 7).toUpperCase() ? (o2 = "#IMPLIED", e2 += 7) : [e2, o2] = this.readIdentifierVal(t2, e2, "ATTLIST"), { elementName: n2, attributeName: s2, attributeType: r2, defaultValue: o2, index: e2 };
}
}
const j = (t2, e2) => {
@@ -64397,9 +64401,9 @@ var require_fxp = __commonJS({
if (r(t2)) return t2;
throw new Error(`Invalid entity name ${t2}`);
}
const V = /^[-+]?0x[a-fA-F0-9]+$/, k = /^([\-\+])?(0*)([0-9]*(\.[0-9]*)?)$/, F = { hex: true, leadingZeros: true, decimalPoint: ".", eNotation: true };
const L = /^([-+])?(0*)(\d*(\.\d*)?[eE][-\+]?\d+)$/;
class M {
const V = /^[-+]?0x[a-fA-F0-9]+$/, k = /^([\-\+])?(0*)([0-9]*(\.[0-9]*)?)$/, M = { hex: true, leadingZeros: true, decimalPoint: ".", eNotation: true, infinity: "original" };
const F = /^([-+])?(0*)(\d*(\.\d*)?[eE][-\+]?\d+)$/;
class L {
constructor(t2 = {}) {
this.separator = t2.separator || ".", this.path = [], this.siblingStacks = [];
}
@@ -64606,7 +64610,7 @@ var require_fxp = __commonJS({
if ("string" == typeof i2 && t3 === i2) return true;
if (i2 instanceof RegExp && i2.test(t3)) return true;
}
} : () => false, this.entityExpansionCount = 0, this.currentExpandedLength = 0, this.matcher = new M(), this.isCurrentNodeStopNode = false, this.options.stopNodes && this.options.stopNodes.length > 0) {
} : () => false, this.entityExpansionCount = 0, this.currentExpandedLength = 0, this.matcher = new L(), this.isCurrentNodeStopNode = false, this.options.stopNodes && this.options.stopNodes.length > 0) {
this.stopNodeExpressions = [];
for (let t3 = 0; t3 < this.options.stopNodes.length; t3++) {
const e3 = this.options.stopNodes[t3];
@@ -64717,7 +64721,7 @@ var require_fxp = __commonJS({
let o2 = s3.tagName;
const a2 = s3.rawTagName;
let h2 = s3.tagExp, l2 = s3.attrExpPresent, p2 = s3.closeIndex;
if ({ tagName: o2, tagExp: h2 } = rt(this.options.transformTagName, o2, h2, this.options), this.options.strictReservedNames && (o2 === this.options.commentPropName || o2 === this.options.cdataPropName)) throw new Error(`Invalid tag name: ${o2}`);
if ({ tagName: o2, tagExp: h2 } = rt(this.options.transformTagName, o2, h2, this.options), this.options.strictReservedNames && (o2 === this.options.commentPropName || o2 === this.options.cdataPropName || o2 === this.options.textNodeName || o2 === this.options.attributesGroupName)) throw new Error(`Invalid tag name: ${o2}`);
i2 && n2 && "!xml" !== i2.tagname && (n2 = this.saveTextToParentTag(n2, i2, this.matcher, false));
const u2 = i2;
u2 && -1 !== this.options.unpairedTags.indexOf(u2.tagname) && (i2 = this.tagsNodeStack.pop(), this.matcher.pop());
@@ -64855,7 +64859,7 @@ var require_fxp = __commonJS({
if (e2 && "string" == typeof t2) {
const e3 = t2.trim();
return "true" === e3 || "false" !== e3 && (function(t3, e4 = {}) {
if (e4 = Object.assign({}, F, e4), !t3 || "string" != typeof t3) return t3;
if (e4 = Object.assign({}, M, e4), !t3 || "string" != typeof t3) return t3;
let i3 = t3.trim();
if (void 0 !== e4.skipLike && e4.skipLike.test(i3)) return t3;
if ("0" === t3) return 0;
@@ -64865,35 +64869,50 @@ var require_fxp = __commonJS({
if (window && window.parseInt) return window.parseInt(t4, 16);
throw new Error("parseInt, Number.parseInt, window.parseInt are not supported");
})(i3);
if (i3.includes("e") || i3.includes("E")) return (function(t4, e5, i4) {
if (!i4.eNotation) return t4;
const n3 = e5.match(L);
if (n3) {
let s2 = n3[1] || "";
const r2 = -1 === n3[3].indexOf("e") ? "E" : "e", o2 = n3[2], a2 = s2 ? t4[o2.length + 1] === r2 : t4[o2.length] === r2;
return o2.length > 1 && a2 ? t4 : 1 !== o2.length || !n3[3].startsWith(`.${r2}`) && n3[3][0] !== r2 ? i4.leadingZeros && !a2 ? (e5 = (n3[1] || "") + n3[3], Number(e5)) : t4 : Number(e5);
}
return t4;
})(t3, i3, e4);
{
const s2 = k.exec(i3);
if (s2) {
const r2 = s2[1] || "", o2 = s2[2];
let a2 = (n2 = s2[3]) && -1 !== n2.indexOf(".") ? ("." === (n2 = n2.replace(/0+$/, "")) ? n2 = "0" : "." === n2[0] ? n2 = "0" + n2 : "." === n2[n2.length - 1] && (n2 = n2.substring(0, n2.length - 1)), n2) : n2;
const h2 = r2 ? "." === t3[o2.length + 1] : "." === t3[o2.length];
if (!e4.leadingZeros && (o2.length > 1 || 1 === o2.length && !h2)) return t3;
{
const n3 = Number(i3), s3 = String(n3);
if (0 === n3) return n3;
if (-1 !== s3.search(/[eE]/)) return e4.eNotation ? n3 : t3;
if (-1 !== i3.indexOf(".")) return "0" === s3 || s3 === a2 || s3 === `${r2}${a2}` ? n3 : t3;
let h3 = o2 ? a2 : i3;
return o2 ? h3 === s3 || r2 + h3 === s3 ? n3 : t3 : h3 === s3 || h3 === r2 + s3 ? n3 : t3;
if (isFinite(i3)) {
if (i3.includes("e") || i3.includes("E")) return (function(t4, e5, i4) {
if (!i4.eNotation) return t4;
const n3 = e5.match(F);
if (n3) {
let s2 = n3[1] || "";
const r2 = -1 === n3[3].indexOf("e") ? "E" : "e", o2 = n3[2], a2 = s2 ? t4[o2.length + 1] === r2 : t4[o2.length] === r2;
return o2.length > 1 && a2 ? t4 : (1 !== o2.length || !n3[3].startsWith(`.${r2}`) && n3[3][0] !== r2) && o2.length > 0 ? i4.leadingZeros && !a2 ? (e5 = (n3[1] || "") + n3[3], Number(e5)) : t4 : Number(e5);
}
return t4;
})(t3, i3, e4);
{
const s2 = k.exec(i3);
if (s2) {
const r2 = s2[1] || "", o2 = s2[2];
let a2 = (n2 = s2[3]) && -1 !== n2.indexOf(".") ? ("." === (n2 = n2.replace(/0+$/, "")) ? n2 = "0" : "." === n2[0] ? n2 = "0" + n2 : "." === n2[n2.length - 1] && (n2 = n2.substring(0, n2.length - 1)), n2) : n2;
const h2 = r2 ? "." === t3[o2.length + 1] : "." === t3[o2.length];
if (!e4.leadingZeros && (o2.length > 1 || 1 === o2.length && !h2)) return t3;
{
const n3 = Number(i3), s3 = String(n3);
if (0 === n3) return n3;
if (-1 !== s3.search(/[eE]/)) return e4.eNotation ? n3 : t3;
if (-1 !== i3.indexOf(".")) return "0" === s3 || s3 === a2 || s3 === `${r2}${a2}` ? n3 : t3;
let h3 = o2 ? a2 : i3;
return o2 ? h3 === s3 || r2 + h3 === s3 ? n3 : t3 : h3 === s3 || h3 === r2 + s3 ? n3 : t3;
}
}
return t3;
}
return t3;
}
var n2;
return (function(t4, e5, i4) {
const n3 = e5 === 1 / 0;
switch (i4.infinity.toLowerCase()) {
case "null":
return null;
case "infinity":
return e5;
case "string":
return n3 ? "Infinity" : "-Infinity";
default:
return t4;
}
})(t3, Number(i3), e4);
})(t2, i2);
}
return void 0 !== t2 ? t2 : "";
@@ -65005,7 +65024,7 @@ var require_fxp = __commonJS({
const i3 = e2.stopNodes[t3];
"string" == typeof i3 ? n2.push(new G(i3)) : i3 instanceof G && n2.push(i3);
}
return mt(t2, e2, i2, new M(), n2);
return mt(t2, e2, i2, new L(), n2);
}
function mt(t2, e2, i2, n2, s2) {
let r2 = "", o2 = false;
@@ -65153,7 +65172,7 @@ var require_fxp = __commonJS({
if (this.options.preserveOrder) return gt(t2, this.options);
{
Array.isArray(t2) && this.options.arrayNodeName && this.options.arrayNodeName.length > 1 && (t2 = { [this.options.arrayNodeName]: t2 });
const e2 = new M();
const e2 = new L();
return this.j2x(t2, 0, e2).val;
}
}, Pt.prototype.j2x = function(t2, e2, i2) {
@@ -161479,7 +161498,7 @@ function getTemporaryDirectory() {
return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP");
}
function getActionVersion() {
return "4.34.1";
return "4.35.0";
}
var persistedInputsKey = "persisted_inputs";
var restoreInputs = function() {

794
lib/upload-sarif-action.js generated
View File

File diff suppressed because it is too large Load Diff

488
package-lock.json generated
View File

@@ -1,12 +1,12 @@
{
"name": "codeql",
"version": "4.34.1",
"version": "4.35.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "codeql",
"version": "4.34.1",
"version": "4.35.0",
"license": "MIT",
"workspaces": [
"pr-checks"
@@ -50,19 +50,19 @@
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"ava": "^7.0.0",
"esbuild": "^0.27.3",
"esbuild": "^0.27.4",
"eslint": "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.7.1",
"eslint-plugin-import-x": "^4.16.2",
"eslint-plugin-jsdoc": "^62.8.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
"glob": "^11.1.0",
"globals": "^17.4.0",
"nock": "^14.0.11",
"sinon": "^21.0.2",
"sinon": "^21.0.3",
"typescript": "^5.9.3",
"typescript-eslint": "^8.57.0"
"typescript-eslint": "^8.57.1"
}
},
"node_modules/@aashutoshrathi/word-wrap": {
@@ -411,36 +411,6 @@
"undici": "^6.23.0"
}
},
"node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest": {
"version": "14.0.0",
"resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-14.0.0.tgz",
"integrity": "sha512-fNVRE7ufJiAA3XUrha2omTA39M6IXIc6GIZLvlbsm8QOQCYvpq/LkMNGyFlB1d8hTDzsAXa3OKtybdMAYsV/fw==",
"license": "MIT",
"dependencies": {
"@octokit/types": "^16.0.0"
},
"engines": {
"node": ">= 20"
},
"peerDependencies": {
"@octokit/core": ">=6"
}
},
"node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods": {
"version": "17.0.0",
"resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-17.0.0.tgz",
"integrity": "sha512-B5yCyIlOJFPqUUeiD0cnBJwWJO8lkJs5d8+ze9QDP6SvfiXSz1BF+91+0MeI1d2yxgOhU/O+CvtiZ9jSkHhFAw==",
"license": "MIT",
"dependencies": {
"@octokit/types": "^16.0.0"
},
"engines": {
"node": ">= 20"
},
"peerDependencies": {
"@octokit/core": ">=6"
}
},
"node_modules/@actions/github/node_modules/undici": {
"version": "6.23.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
@@ -893,9 +863,9 @@
}
},
"node_modules/@esbuild/aix-ppc64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.3.tgz",
"integrity": "sha512-9fJMTNFTWZMh5qwrBItuziu834eOCUcEqymSH7pY+zoMVEZg3gcPuBNxH1EvfVYe9h0x/Ptw8KBzv7qxb7l8dg==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.4.tgz",
"integrity": "sha512-cQPwL2mp2nSmHHJlCyoXgHGhbEPMrEEU5xhkcy3Hs/O7nGZqEpZ2sUtLaL9MORLtDfRvVl2/3PAuEkYZH0Ty8Q==",
"cpu": [
"ppc64"
],
@@ -910,9 +880,9 @@
}
},
"node_modules/@esbuild/android-arm": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.3.tgz",
"integrity": "sha512-i5D1hPY7GIQmXlXhs2w8AWHhenb00+GxjxRncS2ZM7YNVGNfaMxgzSGuO8o8SJzRc/oZwU2bcScvVERk03QhzA==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.4.tgz",
"integrity": "sha512-X9bUgvxiC8CHAGKYufLIHGXPJWnr0OCdR0anD2e21vdvgCI8lIfqFbnoeOz7lBjdrAGUhqLZLcQo6MLhTO2DKQ==",
"cpu": [
"arm"
],
@@ -927,9 +897,9 @@
}
},
"node_modules/@esbuild/android-arm64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.3.tgz",
"integrity": "sha512-YdghPYUmj/FX2SYKJ0OZxf+iaKgMsKHVPF1MAq/P8WirnSpCStzKJFjOjzsW0QQ7oIAiccHdcqjbHmJxRb/dmg==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.4.tgz",
"integrity": "sha512-gdLscB7v75wRfu7QSm/zg6Rx29VLdy9eTr2t44sfTW7CxwAtQghZ4ZnqHk3/ogz7xao0QAgrkradbBzcqFPasw==",
"cpu": [
"arm64"
],
@@ -944,9 +914,9 @@
}
},
"node_modules/@esbuild/android-x64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.3.tgz",
"integrity": "sha512-IN/0BNTkHtk8lkOM8JWAYFg4ORxBkZQf9zXiEOfERX/CzxW3Vg1ewAhU7QSWQpVIzTW+b8Xy+lGzdYXV6UZObQ==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.4.tgz",
"integrity": "sha512-PzPFnBNVF292sfpfhiyiXCGSn9HZg5BcAz+ivBuSsl6Rk4ga1oEXAamhOXRFyMcjwr2DVtm40G65N3GLeH1Lvw==",
"cpu": [
"x64"
],
@@ -961,9 +931,9 @@
}
},
"node_modules/@esbuild/darwin-arm64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.3.tgz",
"integrity": "sha512-Re491k7ByTVRy0t3EKWajdLIr0gz2kKKfzafkth4Q8A5n1xTHrkqZgLLjFEHVD+AXdUGgQMq+Godfq45mGpCKg==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.4.tgz",
"integrity": "sha512-b7xaGIwdJlht8ZFCvMkpDN6uiSmnxxK56N2GDTMYPr2/gzvfdQN8rTfBsvVKmIVY/X7EM+/hJKEIbbHs9oA4tQ==",
"cpu": [
"arm64"
],
@@ -978,9 +948,9 @@
}
},
"node_modules/@esbuild/darwin-x64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.3.tgz",
"integrity": "sha512-vHk/hA7/1AckjGzRqi6wbo+jaShzRowYip6rt6q7VYEDX4LEy1pZfDpdxCBnGtl+A5zq8iXDcyuxwtv3hNtHFg==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.4.tgz",
"integrity": "sha512-sR+OiKLwd15nmCdqpXMnuJ9W2kpy0KigzqScqHI3Hqwr7IXxBp3Yva+yJwoqh7rE8V77tdoheRYataNKL4QrPw==",
"cpu": [
"x64"
],
@@ -995,9 +965,9 @@
}
},
"node_modules/@esbuild/freebsd-arm64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.3.tgz",
"integrity": "sha512-ipTYM2fjt3kQAYOvo6vcxJx3nBYAzPjgTCk7QEgZG8AUO3ydUhvelmhrbOheMnGOlaSFUoHXB6un+A7q4ygY9w==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.4.tgz",
"integrity": "sha512-jnfpKe+p79tCnm4GVav68A7tUFeKQwQyLgESwEAUzyxk/TJr4QdGog9sqWNcUbr/bZt/O/HXouspuQDd9JxFSw==",
"cpu": [
"arm64"
],
@@ -1012,9 +982,9 @@
}
},
"node_modules/@esbuild/freebsd-x64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.3.tgz",
"integrity": "sha512-dDk0X87T7mI6U3K9VjWtHOXqwAMJBNN2r7bejDsc+j03SEjtD9HrOl8gVFByeM0aJksoUuUVU9TBaZa2rgj0oA==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.4.tgz",
"integrity": "sha512-2kb4ceA/CpfUrIcTUl1wrP/9ad9Atrp5J94Lq69w7UwOMolPIGrfLSvAKJp0RTvkPPyn6CIWrNy13kyLikZRZQ==",
"cpu": [
"x64"
],
@@ -1029,9 +999,9 @@
}
},
"node_modules/@esbuild/linux-arm": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.3.tgz",
"integrity": "sha512-s6nPv2QkSupJwLYyfS+gwdirm0ukyTFNl3KTgZEAiJDd+iHZcbTPPcWCcRYH+WlNbwChgH2QkE9NSlNrMT8Gfw==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.4.tgz",
"integrity": "sha512-aBYgcIxX/wd5n2ys0yESGeYMGF+pv6g0DhZr3G1ZG4jMfruU9Tl1i2Z+Wnj9/KjGz1lTLCcorqE2viePZqj4Eg==",
"cpu": [
"arm"
],
@@ -1046,9 +1016,9 @@
}
},
"node_modules/@esbuild/linux-arm64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.3.tgz",
"integrity": "sha512-sZOuFz/xWnZ4KH3YfFrKCf1WyPZHakVzTiqji3WDc0BCl2kBwiJLCXpzLzUBLgmp4veFZdvN5ChW4Eq/8Fc2Fg==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.4.tgz",
"integrity": "sha512-7nQOttdzVGth1iz57kxg9uCz57dxQLHWxopL6mYuYthohPKEK0vU0C3O21CcBK6KDlkYVcnDXY099HcCDXd9dA==",
"cpu": [
"arm64"
],
@@ -1063,9 +1033,9 @@
}
},
"node_modules/@esbuild/linux-ia32": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.3.tgz",
"integrity": "sha512-yGlQYjdxtLdh0a3jHjuwOrxQjOZYD/C9PfdbgJJF3TIZWnm/tMd/RcNiLngiu4iwcBAOezdnSLAwQDPqTmtTYg==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.4.tgz",
"integrity": "sha512-oPtixtAIzgvzYcKBQM/qZ3R+9TEUd1aNJQu0HhGyqtx6oS7qTpvjheIWBbes4+qu1bNlo2V4cbkISr8q6gRBFA==",
"cpu": [
"ia32"
],
@@ -1080,9 +1050,9 @@
}
},
"node_modules/@esbuild/linux-loong64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.3.tgz",
"integrity": "sha512-WO60Sn8ly3gtzhyjATDgieJNet/KqsDlX5nRC5Y3oTFcS1l0KWba+SEa9Ja1GfDqSF1z6hif/SkpQJbL63cgOA==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.4.tgz",
"integrity": "sha512-8mL/vh8qeCoRcFH2nM8wm5uJP+ZcVYGGayMavi8GmRJjuI3g1v6Z7Ni0JJKAJW+m0EtUuARb6Lmp4hMjzCBWzA==",
"cpu": [
"loong64"
],
@@ -1097,9 +1067,9 @@
}
},
"node_modules/@esbuild/linux-mips64el": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.3.tgz",
"integrity": "sha512-APsymYA6sGcZ4pD6k+UxbDjOFSvPWyZhjaiPyl/f79xKxwTnrn5QUnXR5prvetuaSMsb4jgeHewIDCIWljrSxw==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.4.tgz",
"integrity": "sha512-1RdrWFFiiLIW7LQq9Q2NES+HiD4NyT8Itj9AUeCl0IVCA459WnPhREKgwrpaIfTOe+/2rdntisegiPWn/r/aAw==",
"cpu": [
"mips64el"
],
@@ -1114,9 +1084,9 @@
}
},
"node_modules/@esbuild/linux-ppc64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.3.tgz",
"integrity": "sha512-eizBnTeBefojtDb9nSh4vvVQ3V9Qf9Df01PfawPcRzJH4gFSgrObw+LveUyDoKU3kxi5+9RJTCWlj4FjYXVPEA==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.4.tgz",
"integrity": "sha512-tLCwNG47l3sd9lpfyx9LAGEGItCUeRCWeAx6x2Jmbav65nAwoPXfewtAdtbtit/pJFLUWOhpv0FpS6GQAmPrHA==",
"cpu": [
"ppc64"
],
@@ -1131,9 +1101,9 @@
}
},
"node_modules/@esbuild/linux-riscv64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.3.tgz",
"integrity": "sha512-3Emwh0r5wmfm3ssTWRQSyVhbOHvqegUDRd0WhmXKX2mkHJe1SFCMJhagUleMq+Uci34wLSipf8Lagt4LlpRFWQ==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.4.tgz",
"integrity": "sha512-BnASypppbUWyqjd1KIpU4AUBiIhVr6YlHx/cnPgqEkNoVOhHg+YiSVxM1RLfiy4t9cAulbRGTNCKOcqHrEQLIw==",
"cpu": [
"riscv64"
],
@@ -1148,9 +1118,9 @@
}
},
"node_modules/@esbuild/linux-s390x": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.3.tgz",
"integrity": "sha512-pBHUx9LzXWBc7MFIEEL0yD/ZVtNgLytvx60gES28GcWMqil8ElCYR4kvbV2BDqsHOvVDRrOxGySBM9Fcv744hw==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.4.tgz",
"integrity": "sha512-+eUqgb/Z7vxVLezG8bVB9SfBie89gMueS+I0xYh2tJdw3vqA/0ImZJ2ROeWwVJN59ihBeZ7Tu92dF/5dy5FttA==",
"cpu": [
"s390x"
],
@@ -1165,9 +1135,9 @@
}
},
"node_modules/@esbuild/linux-x64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.3.tgz",
"integrity": "sha512-Czi8yzXUWIQYAtL/2y6vogER8pvcsOsk5cpwL4Gk5nJqH5UZiVByIY8Eorm5R13gq+DQKYg0+JyQoytLQas4dA==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.4.tgz",
"integrity": "sha512-S5qOXrKV8BQEzJPVxAwnryi2+Iq5pB40gTEIT69BQONqR7JH1EPIcQ/Uiv9mCnn05jff9umq/5nqzxlqTOg9NA==",
"cpu": [
"x64"
],
@@ -1182,9 +1152,9 @@
}
},
"node_modules/@esbuild/netbsd-arm64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.3.tgz",
"integrity": "sha512-sDpk0RgmTCR/5HguIZa9n9u+HVKf40fbEUt+iTzSnCaGvY9kFP0YKBWZtJaraonFnqef5SlJ8/TiPAxzyS+UoA==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.4.tgz",
"integrity": "sha512-xHT8X4sb0GS8qTqiwzHqpY00C95DPAq7nAwX35Ie/s+LO9830hrMd3oX0ZMKLvy7vsonee73x0lmcdOVXFzd6Q==",
"cpu": [
"arm64"
],
@@ -1199,9 +1169,9 @@
}
},
"node_modules/@esbuild/netbsd-x64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.3.tgz",
"integrity": "sha512-P14lFKJl/DdaE00LItAukUdZO5iqNH7+PjoBm+fLQjtxfcfFE20Xf5CrLsmZdq5LFFZzb5JMZ9grUwvtVYzjiA==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.4.tgz",
"integrity": "sha512-RugOvOdXfdyi5Tyv40kgQnI0byv66BFgAqjdgtAKqHoZTbTF2QqfQrFwa7cHEORJf6X2ht+l9ABLMP0dnKYsgg==",
"cpu": [
"x64"
],
@@ -1216,9 +1186,9 @@
}
},
"node_modules/@esbuild/openbsd-arm64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.3.tgz",
"integrity": "sha512-AIcMP77AvirGbRl/UZFTq5hjXK+2wC7qFRGoHSDrZ5v5b8DK/GYpXW3CPRL53NkvDqb9D+alBiC/dV0Fb7eJcw==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.4.tgz",
"integrity": "sha512-2MyL3IAaTX+1/qP0O1SwskwcwCoOI4kV2IBX1xYnDDqthmq5ArrW94qSIKCAuRraMgPOmG0RDTA74mzYNQA9ow==",
"cpu": [
"arm64"
],
@@ -1233,9 +1203,9 @@
}
},
"node_modules/@esbuild/openbsd-x64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.3.tgz",
"integrity": "sha512-DnW2sRrBzA+YnE70LKqnM3P+z8vehfJWHXECbwBmH/CU51z6FiqTQTHFenPlHmo3a8UgpLyH3PT+87OViOh1AQ==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.4.tgz",
"integrity": "sha512-u8fg/jQ5aQDfsnIV6+KwLOf1CmJnfu1ShpwqdwC0uA7ZPwFws55Ngc12vBdeUdnuWoQYx/SOQLGDcdlfXhYmXQ==",
"cpu": [
"x64"
],
@@ -1250,9 +1220,9 @@
}
},
"node_modules/@esbuild/openharmony-arm64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.3.tgz",
"integrity": "sha512-NinAEgr/etERPTsZJ7aEZQvvg/A6IsZG/LgZy+81wON2huV7SrK3e63dU0XhyZP4RKGyTm7aOgmQk0bGp0fy2g==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.4.tgz",
"integrity": "sha512-JkTZrl6VbyO8lDQO3yv26nNr2RM2yZzNrNHEsj9bm6dOwwu9OYN28CjzZkH57bh4w0I2F7IodpQvUAEd1mbWXg==",
"cpu": [
"arm64"
],
@@ -1267,9 +1237,9 @@
}
},
"node_modules/@esbuild/sunos-x64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.3.tgz",
"integrity": "sha512-PanZ+nEz+eWoBJ8/f8HKxTTD172SKwdXebZ0ndd953gt1HRBbhMsaNqjTyYLGLPdoWHy4zLU7bDVJztF5f3BHA==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.4.tgz",
"integrity": "sha512-/gOzgaewZJfeJTlsWhvUEmUG4tWEY2Spp5M20INYRg2ZKl9QPO3QEEgPeRtLjEWSW8FilRNacPOg8R1uaYkA6g==",
"cpu": [
"x64"
],
@@ -1284,9 +1254,9 @@
}
},
"node_modules/@esbuild/win32-arm64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.3.tgz",
"integrity": "sha512-B2t59lWWYrbRDw/tjiWOuzSsFh1Y/E95ofKz7rIVYSQkUYBjfSgf6oeYPNWHToFRr2zx52JKApIcAS/D5TUBnA==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.4.tgz",
"integrity": "sha512-Z9SExBg2y32smoDQdf1HRwHRt6vAHLXcxD2uGgO/v2jK7Y718Ix4ndsbNMU/+1Qiem9OiOdaqitioZwxivhXYg==",
"cpu": [
"arm64"
],
@@ -1301,9 +1271,9 @@
}
},
"node_modules/@esbuild/win32-ia32": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.3.tgz",
"integrity": "sha512-QLKSFeXNS8+tHW7tZpMtjlNb7HKau0QDpwm49u0vUp9y1WOF+PEzkU84y9GqYaAVW8aH8f3GcBck26jh54cX4Q==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.4.tgz",
"integrity": "sha512-DAyGLS0Jz5G5iixEbMHi5KdiApqHBWMGzTtMiJ72ZOLhbu/bzxgAe8Ue8CTS3n3HbIUHQz/L51yMdGMeoxXNJw==",
"cpu": [
"ia32"
],
@@ -1318,9 +1288,9 @@
}
},
"node_modules/@esbuild/win32-x64": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.3.tgz",
"integrity": "sha512-4uJGhsxuptu3OcpVAzli+/gWusVGwZZHTlS63hh++ehExkVT8SgiEf7/uC/PclrPPkLhZqGgCTjd0VWLo6xMqA==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.4.tgz",
"integrity": "sha512-+knoa0BDoeXgkNvvV1vvbZX4+hizelrkwmGJBdT17t8FNPwG2lKemmuMZlmaNQ3ws3DKKCxpb4zRZEIp3UxFCg==",
"cpu": [
"x64"
],
@@ -2138,6 +2108,21 @@
"integrity": "sha512-whrdktVs1h6gtR+09+QsNk2+FO+49j6ga1c55YZudfEG+oKJVvJLQi3zkOm5JjiUXAagWK2tI2kTGKJ2Ys7MGA==",
"license": "MIT"
},
"node_modules/@octokit/plugin-paginate-rest": {
"version": "14.0.0",
"resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-14.0.0.tgz",
"integrity": "sha512-fNVRE7ufJiAA3XUrha2omTA39M6IXIc6GIZLvlbsm8QOQCYvpq/LkMNGyFlB1d8hTDzsAXa3OKtybdMAYsV/fw==",
"license": "MIT",
"dependencies": {
"@octokit/types": "^16.0.0"
},
"engines": {
"node": ">= 20"
},
"peerDependencies": {
"@octokit/core": ">=6"
}
},
"node_modules/@octokit/plugin-request-log": {
"version": "1.0.4",
"resolved": "https://registry.npmjs.org/@octokit/plugin-request-log/-/plugin-request-log-1.0.4.tgz",
@@ -2147,6 +2132,21 @@
"@octokit/core": ">=3"
}
},
"node_modules/@octokit/plugin-rest-endpoint-methods": {
"version": "17.0.0",
"resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-17.0.0.tgz",
"integrity": "sha512-B5yCyIlOJFPqUUeiD0cnBJwWJO8lkJs5d8+ze9QDP6SvfiXSz1BF+91+0MeI1d2yxgOhU/O+CvtiZ9jSkHhFAw==",
"license": "MIT",
"dependencies": {
"@octokit/types": "^16.0.0"
},
"engines": {
"node": ">= 20"
},
"peerDependencies": {
"@octokit/core": ">=6"
}
},
"node_modules/@octokit/plugin-retry": {
"version": "8.0.3",
"resolved": "https://registry.npmjs.org/@octokit/plugin-retry/-/plugin-retry-8.0.3.tgz",
@@ -2232,6 +2232,13 @@
"dev": true,
"license": "MIT"
},
"node_modules/@package-json/types": {
"version": "0.0.12",
"resolved": "https://registry.npmjs.org/@package-json/types/-/types-0.0.12.tgz",
"integrity": "sha512-uu43FGU34B5VM9mCNjXCwLaGHYjXdNincqKLaraaCW+7S2+SmiBg1Nv8bPnmschrIfZmfKNY9f3fC376MRrObw==",
"dev": true,
"license": "MIT"
},
"node_modules/@pkgr/core": {
"version": "0.1.1",
"resolved": "https://registry.npmjs.org/@pkgr/core/-/core-0.1.1.tgz",
@@ -2408,9 +2415,9 @@
}
},
"node_modules/@sinonjs/samsam": {
"version": "9.0.2",
"resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-9.0.2.tgz",
"integrity": "sha512-H/JSxa4GNKZuuU41E3b8Y3tbSEx8y4uq4UH1C56ONQac16HblReJomIvv3Ud7ANQHQmkeSowY49Ij972e/pGxQ==",
"version": "9.0.3",
"resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-9.0.3.tgz",
"integrity": "sha512-ZgYY7Dc2RW+OUdnZ1DEHg00lhRt+9BjymPKHog4PRFzr1U3MbK57+djmscWyKxzO1qfunHqs4N45WWyKIFKpiQ==",
"dev": true,
"license": "BSD-3-Clause",
"dependencies": {
@@ -2547,17 +2554,17 @@
"license": "MIT"
},
"node_modules/@typescript-eslint/eslint-plugin": {
"version": "8.57.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.0.tgz",
"integrity": "sha512-qeu4rTHR3/IaFORbD16gmjq9+rEs9fGKdX0kF6BKSfi+gCuG3RCKLlSBYzn/bGsY9Tj7KE/DAQStbp8AHJGHEQ==",
"version": "8.57.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.1.tgz",
"integrity": "sha512-Gn3aqnvNl4NGc6x3/Bqk1AOn0thyTU9bqDRhiRnUWezgvr2OnhYCWCgC8zXXRVqBsIL1pSDt7T9nJUe0oM0kDQ==",
"dev": true,
"license": "MIT",
"dependencies": {
"@eslint-community/regexpp": "^4.12.2",
"@typescript-eslint/scope-manager": "8.57.0",
"@typescript-eslint/type-utils": "8.57.0",
"@typescript-eslint/utils": "8.57.0",
"@typescript-eslint/visitor-keys": "8.57.0",
"@typescript-eslint/scope-manager": "8.57.1",
"@typescript-eslint/type-utils": "8.57.1",
"@typescript-eslint/utils": "8.57.1",
"@typescript-eslint/visitor-keys": "8.57.1",
"ignore": "^7.0.5",
"natural-compare": "^1.4.0",
"ts-api-utils": "^2.4.0"
@@ -2570,7 +2577,7 @@
"url": "https://opencollective.com/typescript-eslint"
},
"peerDependencies": {
"@typescript-eslint/parser": "^8.57.0",
"@typescript-eslint/parser": "^8.57.1",
"eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
"typescript": ">=4.8.4 <6.0.0"
}
@@ -2586,16 +2593,16 @@
}
},
"node_modules/@typescript-eslint/parser": {
"version": "8.57.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.0.tgz",
"integrity": "sha512-XZzOmihLIr8AD1b9hL9ccNMzEMWt/dE2u7NyTY9jJG6YNiNthaD5XtUHVF2uCXZ15ng+z2hT3MVuxnUYhq6k1g==",
"version": "8.57.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.1.tgz",
"integrity": "sha512-k4eNDan0EIMTT/dUKc/g+rsJ6wcHYhNPdY19VoX/EOtaAG8DLtKCykhrUnuHPYvinn5jhAPgD2Qw9hXBwrahsw==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/scope-manager": "8.57.0",
"@typescript-eslint/types": "8.57.0",
"@typescript-eslint/typescript-estree": "8.57.0",
"@typescript-eslint/visitor-keys": "8.57.0",
"@typescript-eslint/scope-manager": "8.57.1",
"@typescript-eslint/types": "8.57.1",
"@typescript-eslint/typescript-estree": "8.57.1",
"@typescript-eslint/visitor-keys": "8.57.1",
"debug": "^4.4.3"
},
"engines": {
@@ -2629,14 +2636,14 @@
}
},
"node_modules/@typescript-eslint/project-service": {
"version": "8.57.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.0.tgz",
"integrity": "sha512-pR+dK0BlxCLxtWfaKQWtYr7MhKmzqZxuii+ZjuFlZlIGRZm22HnXFqa2eY+90MUz8/i80YJmzFGDUsi8dMOV5w==",
"version": "8.57.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.1.tgz",
"integrity": "sha512-vx1F37BRO1OftsYlmG9xay1TqnjNVlqALymwWVuYTdo18XuKxtBpCj1QlzNIEHlvlB27osvXFWptYiEWsVdYsg==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/tsconfig-utils": "^8.57.0",
"@typescript-eslint/types": "^8.57.0",
"@typescript-eslint/tsconfig-utils": "^8.57.1",
"@typescript-eslint/types": "^8.57.1",
"debug": "^4.4.3"
},
"engines": {
@@ -2669,14 +2676,14 @@
}
},
"node_modules/@typescript-eslint/scope-manager": {
"version": "8.57.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.0.tgz",
"integrity": "sha512-nvExQqAHF01lUM66MskSaZulpPL5pgy5hI5RfrxviLgzZVffB5yYzw27uK/ft8QnKXI2X0LBrHJFr1TaZtAibw==",
"version": "8.57.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.1.tgz",
"integrity": "sha512-hs/QcpCwlwT2L5S+3fT6gp0PabyGk4Q0Rv2doJXA0435/OpnSR3VRgvrp8Xdoc3UAYSg9cyUjTeFXZEPg/3OKg==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/types": "8.57.0",
"@typescript-eslint/visitor-keys": "8.57.0"
"@typescript-eslint/types": "8.57.1",
"@typescript-eslint/visitor-keys": "8.57.1"
},
"engines": {
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2687,9 +2694,9 @@
}
},
"node_modules/@typescript-eslint/tsconfig-utils": {
"version": "8.57.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.0.tgz",
"integrity": "sha512-LtXRihc5ytjJIQEH+xqjB0+YgsV4/tW35XKX3GTZHpWtcC8SPkT/d4tqdf1cKtesryHm2bgp6l555NYcT2NLvA==",
"version": "8.57.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.1.tgz",
"integrity": "sha512-0lgOZB8cl19fHO4eI46YUx2EceQqhgkPSuCGLlGi79L2jwYY1cxeYc1Nae8Aw1xjgW3PKVDLlr3YJ6Bxx8HkWg==",
"dev": true,
"license": "MIT",
"engines": {
@@ -2704,15 +2711,15 @@
}
},
"node_modules/@typescript-eslint/type-utils": {
"version": "8.57.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.0.tgz",
"integrity": "sha512-yjgh7gmDcJ1+TcEg8x3uWQmn8ifvSupnPfjP21twPKrDP/pTHlEQgmKcitzF/rzPSmv7QjJ90vRpN4U+zoUjwQ==",
"version": "8.57.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.1.tgz",
"integrity": "sha512-+Bwwm0ScukFdyoJsh2u6pp4S9ktegF98pYUU0hkphOOqdMB+1sNQhIz8y5E9+4pOioZijrkfNO/HUJVAFFfPKA==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/types": "8.57.0",
"@typescript-eslint/typescript-estree": "8.57.0",
"@typescript-eslint/utils": "8.57.0",
"@typescript-eslint/types": "8.57.1",
"@typescript-eslint/typescript-estree": "8.57.1",
"@typescript-eslint/utils": "8.57.1",
"debug": "^4.4.3",
"ts-api-utils": "^2.4.0"
},
@@ -2747,9 +2754,9 @@
}
},
"node_modules/@typescript-eslint/types": {
"version": "8.57.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.0.tgz",
"integrity": "sha512-dTLI8PEXhjUC7B9Kre+u0XznO696BhXcTlOn0/6kf1fHaQW8+VjJAVHJ3eTI14ZapTxdkOmc80HblPQLaEeJdg==",
"version": "8.57.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.1.tgz",
"integrity": "sha512-S29BOBPJSFUiblEl6RzPPjJt6w25A6XsBqRVDt53tA/tlL8q7ceQNZHTjPeONt/3S7KRI4quk+yP9jK2WjBiPQ==",
"dev": true,
"license": "MIT",
"engines": {
@@ -2761,16 +2768,16 @@
}
},
"node_modules/@typescript-eslint/typescript-estree": {
"version": "8.57.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.0.tgz",
"integrity": "sha512-m7faHcyVg0BT3VdYTlX8GdJEM7COexXxS6KqGopxdtkQRvBanK377QDHr4W/vIPAR+ah9+B/RclSW5ldVniO1Q==",
"version": "8.57.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.1.tgz",
"integrity": "sha512-ybe2hS9G6pXpqGtPli9Gx9quNV0TWLOmh58ADlmZe9DguLq0tiAKVjirSbtM1szG6+QH6rVXyU6GTLQbWnMY+g==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/project-service": "8.57.0",
"@typescript-eslint/tsconfig-utils": "8.57.0",
"@typescript-eslint/types": "8.57.0",
"@typescript-eslint/visitor-keys": "8.57.0",
"@typescript-eslint/project-service": "8.57.1",
"@typescript-eslint/tsconfig-utils": "8.57.1",
"@typescript-eslint/types": "8.57.1",
"@typescript-eslint/visitor-keys": "8.57.1",
"debug": "^4.4.3",
"minimatch": "^10.2.2",
"semver": "^7.7.3",
@@ -2799,9 +2806,9 @@
}
},
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
"version": "5.0.4",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.4.tgz",
"integrity": "sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==",
"version": "5.0.5",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
"integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -2846,16 +2853,16 @@
}
},
"node_modules/@typescript-eslint/utils": {
"version": "8.57.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.0.tgz",
"integrity": "sha512-5iIHvpD3CZe06riAsbNxxreP+MuYgVUsV0n4bwLH//VJmgtt54sQeY2GszntJ4BjYCpMzrfVh2SBnUQTtys2lQ==",
"version": "8.57.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.1.tgz",
"integrity": "sha512-XUNSJ/lEVFttPMMoDVA2r2bwrl8/oPx8cURtczkSEswY5T3AeLmCy+EKWQNdL4u0MmAHOjcWrqJp2cdvgjn8dQ==",
"dev": true,
"license": "MIT",
"dependencies": {
"@eslint-community/eslint-utils": "^4.9.1",
"@typescript-eslint/scope-manager": "8.57.0",
"@typescript-eslint/types": "8.57.0",
"@typescript-eslint/typescript-estree": "8.57.0"
"@typescript-eslint/scope-manager": "8.57.1",
"@typescript-eslint/types": "8.57.1",
"@typescript-eslint/typescript-estree": "8.57.1"
},
"engines": {
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2870,13 +2877,13 @@
}
},
"node_modules/@typescript-eslint/visitor-keys": {
"version": "8.57.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.0.tgz",
"integrity": "sha512-zm6xx8UT/Xy2oSr2ZXD0pZo7Jx2XsCoID2IUh9YSTFRu7z+WdwYTRk6LhUftm1crwqbuoF6I8zAFeCMw0YjwDg==",
"version": "8.57.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.1.tgz",
"integrity": "sha512-YWnmJkXbofiz9KbnbbwuA2rpGkFPLbAIetcCNO6mJ8gdhdZ/v7WDXsoGFAJuM6ikUFKTlSQnjWnVO4ux+UzS6A==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/types": "8.57.0",
"@typescript-eslint/types": "8.57.1",
"eslint-visitor-keys": "^5.0.0"
},
"engines": {
@@ -4697,9 +4704,9 @@
}
},
"node_modules/esbuild": {
"version": "0.27.3",
"resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.3.tgz",
"integrity": "sha512-8VwMnyGCONIs6cWue2IdpHxHnAjzxnw2Zr7MkVxB2vjmQ2ivqGFb4LEG3SMnv0Gb2F/G/2yA8zUaiL1gywDCCg==",
"version": "0.27.4",
"resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.4.tgz",
"integrity": "sha512-Rq4vbHnYkK5fws5NF7MYTU68FPRE1ajX7heQ/8QXXWqNgqqJ/GkmmyxIzUnf2Sr/bakf8l54716CcMGHYhMrrQ==",
"dev": true,
"hasInstallScript": true,
"license": "MIT",
@@ -4710,32 +4717,32 @@
"node": ">=18"
},
"optionalDependencies": {
"@esbuild/aix-ppc64": "0.27.3",
"@esbuild/android-arm": "0.27.3",
"@esbuild/android-arm64": "0.27.3",
"@esbuild/android-x64": "0.27.3",
"@esbuild/darwin-arm64": "0.27.3",
"@esbuild/darwin-x64": "0.27.3",
"@esbuild/freebsd-arm64": "0.27.3",
"@esbuild/freebsd-x64": "0.27.3",
"@esbuild/linux-arm": "0.27.3",
"@esbuild/linux-arm64": "0.27.3",
"@esbuild/linux-ia32": "0.27.3",
"@esbuild/linux-loong64": "0.27.3",
"@esbuild/linux-mips64el": "0.27.3",
"@esbuild/linux-ppc64": "0.27.3",
"@esbuild/linux-riscv64": "0.27.3",
"@esbuild/linux-s390x": "0.27.3",
"@esbuild/linux-x64": "0.27.3",
"@esbuild/netbsd-arm64": "0.27.3",
"@esbuild/netbsd-x64": "0.27.3",
"@esbuild/openbsd-arm64": "0.27.3",
"@esbuild/openbsd-x64": "0.27.3",
"@esbuild/openharmony-arm64": "0.27.3",
"@esbuild/sunos-x64": "0.27.3",
"@esbuild/win32-arm64": "0.27.3",
"@esbuild/win32-ia32": "0.27.3",
"@esbuild/win32-x64": "0.27.3"
"@esbuild/aix-ppc64": "0.27.4",
"@esbuild/android-arm": "0.27.4",
"@esbuild/android-arm64": "0.27.4",
"@esbuild/android-x64": "0.27.4",
"@esbuild/darwin-arm64": "0.27.4",
"@esbuild/darwin-x64": "0.27.4",
"@esbuild/freebsd-arm64": "0.27.4",
"@esbuild/freebsd-x64": "0.27.4",
"@esbuild/linux-arm": "0.27.4",
"@esbuild/linux-arm64": "0.27.4",
"@esbuild/linux-ia32": "0.27.4",
"@esbuild/linux-loong64": "0.27.4",
"@esbuild/linux-mips64el": "0.27.4",
"@esbuild/linux-ppc64": "0.27.4",
"@esbuild/linux-riscv64": "0.27.4",
"@esbuild/linux-s390x": "0.27.4",
"@esbuild/linux-x64": "0.27.4",
"@esbuild/netbsd-arm64": "0.27.4",
"@esbuild/netbsd-x64": "0.27.4",
"@esbuild/openbsd-arm64": "0.27.4",
"@esbuild/openbsd-x64": "0.27.4",
"@esbuild/openharmony-arm64": "0.27.4",
"@esbuild/sunos-x64": "0.27.4",
"@esbuild/win32-arm64": "0.27.4",
"@esbuild/win32-ia32": "0.27.4",
"@esbuild/win32-x64": "0.27.4"
}
},
"node_modules/escalade": {
@@ -5105,18 +5112,19 @@
}
},
"node_modules/eslint-plugin-import-x": {
"version": "4.16.1",
"resolved": "https://registry.npmjs.org/eslint-plugin-import-x/-/eslint-plugin-import-x-4.16.1.tgz",
"integrity": "sha512-vPZZsiOKaBAIATpFE2uMI4w5IRwdv/FpQ+qZZMR4E+PeOcM4OeoEbqxRMnywdxP19TyB/3h6QBB0EWon7letSQ==",
"version": "4.16.2",
"resolved": "https://registry.npmjs.org/eslint-plugin-import-x/-/eslint-plugin-import-x-4.16.2.tgz",
"integrity": "sha512-rM9K8UBHcWKpzQzStn1YRN2T5NvdeIfSVoKu/lKF41znQXHAUcBbYXe5wd6GNjZjTrP7viQ49n1D83x/2gYgIw==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/types": "^8.35.0",
"@package-json/types": "^0.0.12",
"@typescript-eslint/types": "^8.56.0",
"comment-parser": "^1.4.1",
"debug": "^4.4.1",
"eslint-import-context": "^0.1.9",
"is-glob": "^4.0.3",
"minimatch": "^9.0.3 || ^10.0.1",
"minimatch": "^9.0.3 || ^10.1.2",
"semver": "^7.7.2",
"stable-hash-x": "^0.2.0",
"unrs-resolver": "^1.9.2"
@@ -5128,8 +5136,8 @@
"url": "https://opencollective.com/eslint-plugin-import-x"
},
"peerDependencies": {
"@typescript-eslint/utils": "^8.0.0",
"eslint": "^8.57.0 || ^9.0.0",
"@typescript-eslint/utils": "^8.56.0",
"eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
"eslint-import-resolver-node": "*"
},
"peerDependenciesMeta": {
@@ -5189,9 +5197,9 @@
}
},
"node_modules/eslint-plugin-jsdoc": {
"version": "62.7.1",
"resolved": "https://registry.npmjs.org/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-62.7.1.tgz",
"integrity": "sha512-4Zvx99Q7d1uggYBUX/AIjvoyqXhluGbbKrRmG8SQTLprPFg6fa293tVJH1o1GQwNe3lUydd8ZHzn37OaSncgSQ==",
"version": "62.8.0",
"resolved": "https://registry.npmjs.org/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-62.8.0.tgz",
"integrity": "sha512-hu3r9/6JBmPG6wTcqtYzgZAnjEG2eqRUATfkFscokESg1VDxZM21ZaMire0KjeMwfj+SXvgB4Rvh5LBuesj92w==",
"dev": true,
"license": "BSD-3-Clause",
"dependencies": {
@@ -5698,9 +5706,9 @@
}
},
"node_modules/fast-xml-parser": {
"version": "5.5.6",
"resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.5.6.tgz",
"integrity": "sha512-3+fdZyBRVg29n4rXP0joHthhcHdPUHaIC16cuyyd1iLsuaO6Vea36MPrxgAzbZna8lhvZeRL8Bc9GP56/J9xEw==",
"version": "5.5.7",
"resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.5.7.tgz",
"integrity": "sha512-LteOsISQ2GEiDHZch6L9hB0+MLoYVLToR7xotrzU0opCICBkxOPgHAy1HxAvtxfJNXDJpgAsQN30mkrfpO2Prg==",
"funding": [
{
"type": "github",
@@ -5711,7 +5719,7 @@
"dependencies": {
"fast-xml-builder": "^1.1.4",
"path-expression-matcher": "^1.1.3",
"strnum": "^2.1.2"
"strnum": "^2.2.0"
},
"bin": {
"fxparser": "src/cli/cli.js"
@@ -8513,15 +8521,15 @@
}
},
"node_modules/sinon": {
"version": "21.0.2",
"resolved": "https://registry.npmjs.org/sinon/-/sinon-21.0.2.tgz",
"integrity": "sha512-VHV4UaoxIe5jrMd89Y9duI76T5g3Lp+ET+ctLhLDaZtSznDPah1KKpRElbdBV4RwqWSw2vadFiVs9Del7MbVeQ==",
"version": "21.0.3",
"resolved": "https://registry.npmjs.org/sinon/-/sinon-21.0.3.tgz",
"integrity": "sha512-0x8TQFr8EjADhSME01u1ZK31yv2+bd6Z5NrBCHVM+n4qL1wFqbxftmeyi3bwlr49FbbzRfrqSFOpyHCOh/YmYA==",
"dev": true,
"license": "BSD-3-Clause",
"dependencies": {
"@sinonjs/commons": "^3.0.1",
"@sinonjs/fake-timers": "^15.1.1",
"@sinonjs/samsam": "^9.0.2",
"@sinonjs/samsam": "^9.0.3",
"diff": "^8.0.3",
"supports-color": "^7.2.0"
},
@@ -8844,9 +8852,9 @@
}
},
"node_modules/strnum": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/strnum/-/strnum-2.1.2.tgz",
"integrity": "sha512-l63NF9y/cLROq/yqKXSLtcMeeyOfnSQlfMSlzFt/K73oIaD8DGaQWd7Z34X9GPiKqP5rbSh84Hl4bOlLcjiSrQ==",
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/strnum/-/strnum-2.2.1.tgz",
"integrity": "sha512-BwRvNd5/QoAtyW1na1y1LsJGQNvRlkde6Q/ipqqEaivoMdV+B1OMOTVdwR+N/cwVUcIt9PYyHmV8HyexCZSupg==",
"funding": [
{
"type": "github",
@@ -9322,16 +9330,16 @@
}
},
"node_modules/typescript-eslint": {
"version": "8.57.0",
"resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.0.tgz",
"integrity": "sha512-W8GcigEMEeB07xEZol8oJ26rigm3+bfPHxHvwbYUlu1fUDsGuQ7Hiskx5xGW/xM4USc9Ephe3jtv7ZYPQntHeA==",
"version": "8.57.1",
"resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.1.tgz",
"integrity": "sha512-fLvZWf+cAGw3tqMCYzGIU6yR8K+Y9NT2z23RwOjlNFF2HwSB3KhdEFI5lSBv8tNmFkkBShSjsCjzx1vahZfISA==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/eslint-plugin": "8.57.0",
"@typescript-eslint/parser": "8.57.0",
"@typescript-eslint/typescript-estree": "8.57.0",
"@typescript-eslint/utils": "8.57.0"
"@typescript-eslint/eslint-plugin": "8.57.1",
"@typescript-eslint/parser": "8.57.1",
"@typescript-eslint/typescript-estree": "8.57.1",
"@typescript-eslint/utils": "8.57.1"
},
"engines": {
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -9780,9 +9788,9 @@
}
},
"node_modules/yaml": {
"version": "2.8.2",
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.2.tgz",
"integrity": "sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==",
"version": "2.8.3",
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
"integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"license": "ISC",
"bin": {
"yaml": "bin.mjs"
@@ -9917,12 +9925,16 @@
},
"pr-checks": {
"dependencies": {
"yaml": "^2.8.2"
"@actions/core": "^2.0.3",
"@actions/github": "^8.0.1",
"@octokit/core": "^7.0.6",
"@octokit/plugin-paginate-rest": ">=9.2.2",
"@octokit/plugin-rest-endpoint-methods": "^17.0.0",
"yaml": "^2.8.3"
},
"devDependencies": {
"@types/node": "^20.19.9",
"tsx": "^4.21.0",
"typescript": "^5.9.3"
"tsx": "^4.21.0"
}
}
}

12
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "4.34.1",
"version": "4.35.0",
"private": true,
"description": "CodeQL action",
"scripts": {
@@ -57,19 +57,19 @@
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"ava": "^7.0.0",
"esbuild": "^0.27.3",
"esbuild": "^0.27.4",
"eslint": "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.7.1",
"eslint-plugin-import-x": "^4.16.2",
"eslint-plugin-jsdoc": "^62.8.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
"glob": "^11.1.0",
"globals": "^17.4.0",
"nock": "^14.0.11",
"sinon": "^21.0.2",
"sinon": "^21.0.3",
"typescript": "^5.9.3",
"typescript-eslint": "^8.57.0"
"typescript-eslint": "^8.57.1"
},
"overrides": {
"@actions/tool-cache": {

2
pr-checks/checks/rubocop-multi-language.yml
View File

@@ -5,7 +5,7 @@ versions:
- default
steps:
- name: Set up Ruby
uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
uses: ruby/setup-ruby@319994f95fa847cf3fb3cd3dbe89f6dcde9f178f # v1.295.0
with:
ruby-version: 2.6
- name: Install Code Scanning integration

10
pr-checks/config.ts Normal file
View File

@@ -0,0 +1,10 @@
import path from "path";
/** The oldest supported major version of the CodeQL Action. */
export const OLDEST_SUPPORTED_MAJOR_VERSION = 3;
/** The `pr-checks` directory. */
export const PR_CHECKS_DIR = __dirname;
/** The path of the file configuring which checks shouldn't be required. */
export const PR_CHECK_EXCLUDED_FILE = path.join(PR_CHECKS_DIR, "excluded.yml");

16
pr-checks/excluded.yml Normal file
View File

@@ -0,0 +1,16 @@
# PR checks to exclude from required checks
contains:
- "https://"
- "Update"
- "ESLint"
- "update"
- "test-setup-python-scripts"
is:
- "CodeQL"
- "Dependabot"
- "check-expected-release-files"
- "Agent"
- "Cleanup artifacts"
- "Prepare"
- "Upload results"
- "Label PR with size"

10
pr-checks/package.json
View File

@@ -2,11 +2,15 @@
"private": true,
"description": "Dependencies for the sync.ts",
"dependencies": {
"yaml": "^2.8.2"
"@actions/core": "^2.0.3",
"@actions/github": "^8.0.1",
"@octokit/core": "^7.0.6",
"@octokit/plugin-paginate-rest": ">=9.2.2",
"@octokit/plugin-rest-endpoint-methods": "^17.0.0",
"yaml": "^2.8.3"
},
"devDependencies": {
"@types/node": "^20.19.9",
"tsx": "^4.21.0",
"typescript": "^5.9.3"
"tsx": "^4.21.0"
}
}

61
pr-checks/release-branches.test.ts Normal file
View File

@@ -0,0 +1,61 @@
#!/usr/bin/env npx tsx
/*
Tests for the release-branches.ts script
*/
import * as assert from "node:assert/strict";
import { describe, it } from "node:test";
import { computeBackportBranches } from "./release-branches";
describe("computeBackportBranches", async () => {
await it("rejects invalid major versions", () => {
// The majorVersion is expected to be in vN format.
assert.throws(() => computeBackportBranches("3", "v4.28.0", 3));
assert.throws(() => computeBackportBranches("v3.1", "v4.28.0", 3));
});
await it("rejects invalid latest tags", () => {
// The latestTag is expected to be in vN.M.P format.
assert.throws(() => computeBackportBranches("v3", "v4", 3));
assert.throws(() => computeBackportBranches("v3", "4", 3));
assert.throws(() => computeBackportBranches("v3", "v4.28", 3));
assert.throws(() => computeBackportBranches("v3", "4.28", 3));
assert.throws(() => computeBackportBranches("v3", "4.28.0", 3));
});
await it("sets backport source branch based on major version", () => {
// Test that the backport source branch is releases/v{majorVersion}
const result = computeBackportBranches("v3", "v4.28.0", 3);
assert.equal(result.backportSourceBranch, "releases/v3");
});
await it("no backport targets when major version is the oldest supported", () => {
// When majorVersion equals the major version of latestTag and we do not support older major versions,
// then there are no older supported branches to backport to.
const result = computeBackportBranches("v3", "v3.28.0", 3);
assert.deepEqual(result.backportTargetBranches, []);
});
await it("backports to older supported major versions", () => {
const result = computeBackportBranches("v4", "v4.1.0", 3);
assert.equal(result.backportSourceBranch, "releases/v4");
assert.deepEqual(result.backportTargetBranches, ["releases/v3"]);
});
await it("backports to multiple older supported branches", () => {
const result = computeBackportBranches("v5", "v5.0.0", 3);
assert.equal(result.backportSourceBranch, "releases/v5");
assert.deepEqual(result.backportTargetBranches, [
"releases/v4",
"releases/v3",
]);
});
await it("does not backport when major version is older than latest tag", () => {
const result = computeBackportBranches("v2", "v3.28.0", 2);
assert.equal(result.backportSourceBranch, "releases/v2");
assert.deepEqual(result.backportTargetBranches, []);
});
});

121
pr-checks/release-branches.ts Executable file
View File

@@ -0,0 +1,121 @@
#!/usr/bin/env npx tsx
import { parseArgs } from "node:util";
import * as core from "@actions/core";
import { OLDEST_SUPPORTED_MAJOR_VERSION } from "./config";
/** The results of checking which release branches to backport to. */
export interface BackportInfo {
/** The source release branch. */
backportSourceBranch: string;
/**
* The computed release branches we should backport to.
* Will be empty if there are no branches we need to backport to.
*/
backportTargetBranches: string[];
}
/**
* Compute the backport source and target branches for a release.
*
* @param majorVersion - The major version string (e.g. "v4").
* @param latestTag - The most recent tag published to the repository (e.g. "v4.32.6").
* @param oldestSupportedMajorVersion - The oldest supported major version number.
* @returns The names of the source branch and target branches.
*/
export function computeBackportBranches(
majorVersion: string,
latestTag: string,
oldestSupportedMajorVersion: number,
): BackportInfo {
// Perform some sanity checks on the inputs.
// For `majorVersion`, we expect exactly `vN` for some `N`.
const majorVersionMatch = majorVersion.match(/^v(\d+)$/);
if (!majorVersionMatch) {
throw new Error("--major-version value must be in `vN` format.");
}
// For latestTag, we expect something starting with `vN.M.P`
const latestTagMatch = latestTag.match(/^v(\d+)\.\d+\.\d+/);
if (!latestTagMatch) {
throw new Error(
`--latest-tag value must be in 'vN.M.P' format, but '${latestTag}' is not.`,
);
}
const majorVersionNumber = Number.parseInt(majorVersionMatch[1]);
const latestTagMajor = Number.parseInt(latestTagMatch[1]);
// If this is a primary release, we backport to all supported branches,
// so we check whether the majorVersion taken from the package.json
// is greater than or equal to the latest tag pulled from the repo.
// For example...
// 'v1' >= 'v2' is False # we're operating from an older release branch and should not backport
// 'v2' >= 'v2' is True # the normal case where we're updating the current version
// 'v3' >= 'v2' is True # in this case we are making the first release of a new major version
const considerBackports = majorVersionNumber >= latestTagMajor;
const backportSourceBranch = `releases/v${majorVersionNumber}`;
const backportTargetBranches: string[] = [];
if (considerBackports) {
for (let i = majorVersionNumber - 1; i > 0; i--) {
const branchName = `releases/v${i}`;
if (i >= oldestSupportedMajorVersion) {
backportTargetBranches.push(branchName);
}
}
}
return { backportSourceBranch, backportTargetBranches };
}
async function main() {
const { values: options } = parseArgs({
options: {
// The major version of the release in `vN` format (e.g. `v4`).
"major-version": {
type: "string",
},
// The most recent tag published to the repository (e.g. `v4.28.0`).
"latest-tag": {
type: "string",
},
},
strict: true,
});
if (options["major-version"] === undefined) {
throw Error("--major-version is required");
}
if (options["latest-tag"] === undefined) {
throw Error("--latest-tag is required");
}
const majorVersion = options["major-version"];
const latestTag = options["latest-tag"];
console.log(`Major version: ${majorVersion}`);
console.log(`Latest tag: ${latestTag}`);
const result = computeBackportBranches(
majorVersion,
latestTag,
OLDEST_SUPPORTED_MAJOR_VERSION,
);
core.setOutput("backport_source_branch", result.backportSourceBranch);
core.setOutput(
"backport_target_branches",
JSON.stringify(result.backportTargetBranches),
);
process.exit(0);
}
// Only call `main` if this script was run directly.
if (require.main === module) {
void main();
}

60
pr-checks/sync-checks.test.ts Normal file
View File

@@ -0,0 +1,60 @@
#!/usr/bin/env npx tsx
/*
Tests for the sync-checks.ts script
*/
import * as assert from "node:assert/strict";
import { describe, it } from "node:test";
import { CheckInfo, Exclusions, Options, removeExcluded } from "./sync-checks";
const defaultOptions: Options = {
apply: false,
verbose: false,
};
const toCheckInfo = (name: string) =>
({ context: name, app_id: -1 }) satisfies CheckInfo;
const expectedPartialMatches = ["PR Check - Foo", "https://example.com"].map(
toCheckInfo,
);
const expectedExactMatches = ["CodeQL", "Update"].map(toCheckInfo);
const testChecks = expectedExactMatches.concat(expectedPartialMatches);
const emptyExclusions: Exclusions = {
is: [],
contains: [],
};
describe("removeExcluded", async () => {
await it("retains all checks if no exclusions are configured", () => {
const retained = removeExcluded(
defaultOptions,
emptyExclusions,
testChecks,
);
assert.deepEqual(retained, testChecks);
});
await it("removes exact matches", () => {
const retained = removeExcluded(
defaultOptions,
{ ...emptyExclusions, is: ["CodeQL", "Update"] },
testChecks,
);
assert.deepEqual(retained, expectedPartialMatches);
});
await it("removes partial matches", () => {
const retained = removeExcluded(
defaultOptions,
{ ...emptyExclusions, contains: ["https://", "PR Check"] },
testChecks,
);
assert.deepEqual(retained, expectedExactMatches);
});
});

299
pr-checks/sync-checks.ts Executable file
View File

@@ -0,0 +1,299 @@
#!/usr/bin/env npx tsx
/** Update the required checks based on the current branch. */
import * as fs from "fs";
import { parseArgs } from "node:util";
import * as githubUtils from "@actions/github/lib/utils";
import { type Octokit } from "@octokit/core";
import { type PaginateInterface } from "@octokit/plugin-paginate-rest";
import { type Api } from "@octokit/plugin-rest-endpoint-methods";
import * as yaml from "yaml";
import {
OLDEST_SUPPORTED_MAJOR_VERSION,
PR_CHECK_EXCLUDED_FILE,
} from "./config";
/** Represents the command-line options. */
export interface Options {
/** The token to use to authenticate to the GitHub API. */
token?: string;
/** The git ref to use the checks for. */
ref?: string;
/** Whether to actually apply the changes or not. */
apply: boolean;
/** Whether to output additional information. */
verbose: boolean;
}
/** Identifies the CodeQL Action repository. */
const codeqlActionRepo = {
owner: "github",
repo: "codeql-action",
};
/** Represents a configuration of which checks should not be set up as required checks. */
export interface Exclusions {
/** A list of strings that, if contained in a check name, are excluded. */
contains: string[];
/** A list of check names that are excluded if their name is an exact match. */
is: string[];
}
/** Loads the configuration for which checks to exclude. */
function loadExclusions(): Exclusions {
return yaml.parse(
fs.readFileSync(PR_CHECK_EXCLUDED_FILE, "utf-8"),
) as Exclusions;
}
/** The type of the Octokit client. */
type ApiClient = Octokit & Api & { paginate: PaginateInterface };
/** Constructs an `ApiClient` using `token` for authentication. */
function getApiClient(token: string): ApiClient {
const opts = githubUtils.getOctokitOptions(token);
return new githubUtils.GitHub(opts);
}
/**
* Represents information about a check run. We track the `app_id` that generated the check,
* because the API will require it in addition to the name in the future.
*/
export interface CheckInfo {
/** The display name of the check. */
context: string;
/** The ID of the app that generated the check. */
app_id: number;
}
/** Removes entries from `checkInfos` based on the configuration. */
export function removeExcluded(
options: Options,
exclusions: Exclusions,
checkInfos: CheckInfo[],
): CheckInfo[] {
if (options.verbose) {
console.log(exclusions);
}
return checkInfos.filter((checkInfo) => {
if (exclusions.is.includes(checkInfo.context)) {
console.info(
`Excluding '${checkInfo.context}' because it is an exact exclusion.`,
);
return false;
}
for (const containsStr of exclusions.contains) {
if (checkInfo.context.includes(containsStr)) {
console.info(
`Excluding '${checkInfo.context}' because it contains '${containsStr}'.`,
);
return false;
}
}
// Keep.
return true;
});
}
/** Gets a list of check run names for `ref`. */
async function getChecksFor(
options: Options,
client: ApiClient,
ref: string,
): Promise<CheckInfo[]> {
console.info(`Getting checks for '${ref}'`);
const response = await client.paginate(
"GET /repos/{owner}/{repo}/commits/{ref}/check-runs",
{
...codeqlActionRepo,
ref,
},
);
if (response.length === 0) {
throw new Error(`No checks found for '${ref}'.`);
}
console.info(`Retrieved ${response.length} check runs.`);
const notSkipped = response.filter(
(checkRun) => checkRun.conclusion !== "skipped",
);
console.info(`Of those: ${notSkipped.length} were not skipped.`);
// We use the ID of the app that generated the check run when returned by the API,
// but default to -1 to tell the API that any check with the given name should be
// required.
const checkInfos = notSkipped.map((check) => ({
context: check.name,
app_id: check.app?.id || -1,
}));
// Load the configuration for which checks to exclude and apply it before
// returning the checks.
const exclusions = loadExclusions();
return removeExcluded(options, exclusions, checkInfos);
}
/** Gets the current list of release branches. */
async function getReleaseBranches(client: ApiClient): Promise<string[]> {
const refs = await client.rest.git.listMatchingRefs({
...codeqlActionRepo,
ref: "heads/releases/v",
});
return refs.data.map((ref) => ref.ref).sort();
}
/** Updates the required status checks for `branch` to `checks`. */
async function patchBranchProtectionRule(
client: ApiClient,
branch: string,
checks: Set<string>,
) {
await client.rest.repos.setStatusCheckContexts({
...codeqlActionRepo,
branch,
contexts: Array.from(checks),
});
}
/** Sets `checkNames` as required checks for `branch`. */
async function updateBranch(
options: Options,
client: ApiClient,
branch: string,
checkNames: Set<string>,
) {
console.info(`Updating '${branch}'...`);
// Query the current set of required checks for this branch.
const currentContexts = await client.rest.repos.getAllStatusCheckContexts({
...codeqlActionRepo,
branch,
});
// Identify which required checks we will remove and which ones we will add.
const currentCheckNames = new Set(currentContexts.data);
let additions = 0;
let removals = 0;
let unchanged = 0;
for (const currentCheck of currentCheckNames) {
if (!checkNames.has(currentCheck)) {
console.info(`- Removing '${currentCheck}' for branch '${branch}'`);
removals++;
} else {
unchanged++;
}
}
for (const newCheck of checkNames) {
if (!currentCheckNames.has(newCheck)) {
console.info(`+ Adding '${newCheck}' for branch '${branch}'`);
additions++;
}
}
console.info(
`For '${branch}': ${removals} removals; ${additions} additions; ${unchanged} unchanged`,
);
// Perform the update if there are changes and `--apply` was specified.
if (unchanged === checkNames.size && removals === 0 && additions === 0) {
console.info("Not applying changes because there is nothing to do.");
} else if (options.apply) {
await patchBranchProtectionRule(client, branch, checkNames);
} else {
console.info("Not applying changes because `--apply` was not specified.");
}
}
async function main(): Promise<void> {
const { values: options } = parseArgs({
options: {
// The token to use to authenticate to the API.
token: {
type: "string",
},
// The git ref for which to retrieve the check runs.
ref: {
type: "string",
default: "main",
},
// By default, we perform a dry-run. Setting `apply` to `true` actually applies the changes.
apply: {
type: "boolean",
default: false,
},
// Whether to output additional information.
verbose: {
type: "boolean",
default: false,
},
},
strict: true,
});
if (options.token === undefined) {
throw new Error("Missing --token");
}
console.info(
`Oldest supported major version is: ${OLDEST_SUPPORTED_MAJOR_VERSION}`,
);
// Initialise the API client.
const client = getApiClient(options.token);
// Find the check runs for the specified `ref` that we will later set as the required checks
// for the main and release branches.
const checkInfos = await getChecksFor(options, client, options.ref);
const checkNames = new Set(checkInfos.map((info) => info.context));
// Update the main branch.
await updateBranch(options, client, "main", checkNames);
// Retrieve the refs of the release branches.
const releaseBranches = await getReleaseBranches(client);
console.info(
`Found ${releaseBranches.length} release branches: ${releaseBranches.join(", ")}`,
);
for (const releaseBranchRef of releaseBranches) {
// Sanity check that the ref name is in the expected format and extract the major version.
const releaseBranchMatch = releaseBranchRef.match(
/^refs\/heads\/(releases\/v(\d+))/,
);
if (!releaseBranchMatch) {
console.warn(
`Branch ref '${releaseBranchRef}' not in the expected format.`,
);
continue;
}
const releaseBranch = releaseBranchMatch[1];
const releaseBranchMajor = Number.parseInt(releaseBranchMatch[2]);
// Update the required checks for this major version if it is still supported.
if (releaseBranchMajor < OLDEST_SUPPORTED_MAJOR_VERSION) {
console.info(
`Skipping '${releaseBranch}' since it is older than v${OLDEST_SUPPORTED_MAJOR_VERSION}`,
);
continue;
} else {
await updateBranch(options, client, releaseBranch, checkNames);
}
}
process.exit(0);
}
// Only call `main` if this script was run directly.
if (require.main === module) {
void main();
}

6
src/actions-util.ts
View File

@@ -53,6 +53,12 @@ export function getTemporaryDirectory(): string {
: getRequiredEnvParam("RUNNER_TEMP");
}
const PR_DIFF_RANGE_JSON_FILENAME = "pr-diff-range.json";
export function getDiffRangesJsonFilePath(): string {
return path.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
}
export function getActionVersion(): string {
return __CODEQL_ACTION_VERSION__;
}

11
src/analyze-action.ts
View File

@@ -28,7 +28,6 @@ import {
DependencyCacheUploadStatusReport,
uploadDependencyCaches,
} from "./dependency-caching";
import { getDiffInformedAnalysisBranches } from "./diff-informed-analysis-utils";
import { EnvVar } from "./environment";
import { initFeatures } from "./feature-flags";
import { KnownLanguage } from "./languages";
@@ -305,14 +304,8 @@ async function run(startedAt: Date) {
logger,
);
const branches = await getDiffInformedAnalysisBranches(
codeql,
features,
logger,
);
const diffRangePackDir = branches
? await setupDiffInformedQueryRun(branches, logger)
: undefined;
// Setup diff informed analysis if needed (based on whether init created the file)
const diffRangePackDir = await setupDiffInformedQueryRun(logger);
await warnIfGoInstalledAfterInit(config, logger);
await runAutobuildIfLegacyGoWorkflow(config, logger);

26
src/analyze.ts
View File

@@ -5,11 +5,7 @@ import { performance } from "perf_hooks";
import * as io from "@actions/io";
import * as yaml from "js-yaml";
import {
getTemporaryDirectory,
getRequiredInput,
PullRequestBranches,
} from "./actions-util";
import { getTemporaryDirectory, getRequiredInput } from "./actions-util";
import * as analyses from "./analyses";
import { setupCppAutobuild } from "./autobuild";
import { type CodeQL } from "./codeql";
@@ -21,8 +17,7 @@ import {
import { addDiagnostic, makeDiagnostic } from "./diagnostics";
import {
DiffThunkRange,
writeDiffRangesJsonFile,
getPullRequestEditedDiffRanges,
readDiffRangesJsonFile,
} from "./diff-informed-analysis-utils";
import { EnvVar } from "./environment";
import { FeatureEnablement, Feature } from "./feature-flags";
@@ -237,16 +232,19 @@ async function finalizeDatabaseCreation(
* the diff range information, or `undefined` if the feature is disabled.
*/
export async function setupDiffInformedQueryRun(
branches: PullRequestBranches,
logger: Logger,
): Promise<string | undefined> {
return await withGroupAsync(
"Generating diff range extension pack",
async () => {
logger.info(
`Calculating diff ranges for ${branches.base}...${branches.head}`,
);
const diffRanges = await getPullRequestEditedDiffRanges(branches, logger);
const diffRanges = readDiffRangesJsonFile(logger);
if (diffRanges === undefined) {
logger.info(
"No precomputed diff ranges found; skipping diff-informed analysis stage.",
);
return undefined;
}
const checkoutPath = getRequiredInput("checkout_path");
const packDir = writeDiffRangeDataExtensionPack(
logger,
@@ -368,10 +366,6 @@ dataExtensions:
`Wrote pr-diff-range extension pack to ${extensionFilePath}:\n${extensionContents}`,
);
// Write the diff ranges to a JSON file, for action-side alert filtering by the
// upload-lib module.
writeDiffRangesJsonFile(logger, ranges);
return diffRangeDir;
}

2
src/config-utils.test.ts
View File

@@ -1936,7 +1936,7 @@ test.serial(
"Fallback due to old git version",
{
overlayDatabaseEnvVar: "overlay",
gitVersion: new GitVersionInfo("2.30.0", "2.30.0"), // Version below required 2.38.0
gitVersion: new GitVersionInfo("2.10.0", "2.10.0"), // Version below required 2.11.0
},
{
disabledReason: OverlayDisabledReason.IncompatibleGit,

8
src/defaults.json
View File

@@ -1,6 +1,6 @@
{
"bundleVersion": "codeql-bundle-v2.24.3",
"cliVersion": "2.24.3",
"priorBundleVersion": "codeql-bundle-v2.24.2",
"priorCliVersion": "2.24.2"
"bundleVersion": "codeql-bundle-v2.25.1",
"cliVersion": "2.25.1",
"priorBundleVersion": "codeql-bundle-v2.24.3",
"priorCliVersion": "2.24.3"
}

18
src/diff-informed-analysis-utils.ts
View File

@@ -1,5 +1,4 @@
import * as fs from "fs";
import * as path from "path";
import * as actionsUtil from "./actions-util";
import type { PullRequestBranches } from "./actions-util";
@@ -77,16 +76,12 @@ export interface DiffThunkRange {
endLine: number;
}
function getDiffRangesJsonFilePath(): string {
return path.join(actionsUtil.getTemporaryDirectory(), "pr-diff-range.json");
}
export function writeDiffRangesJsonFile(
logger: Logger,
ranges: DiffThunkRange[],
): void {
const jsonContents = JSON.stringify(ranges, null, 2);
const jsonFilePath = getDiffRangesJsonFilePath();
const jsonFilePath = actionsUtil.getDiffRangesJsonFilePath();
fs.writeFileSync(jsonFilePath, jsonContents);
logger.debug(
`Wrote pr-diff-range JSON file to ${jsonFilePath}:\n${jsonContents}`,
@@ -96,7 +91,7 @@ export function writeDiffRangesJsonFile(
export function readDiffRangesJsonFile(
logger: Logger,
): DiffThunkRange[] | undefined {
const jsonFilePath = getDiffRangesJsonFilePath();
const jsonFilePath = actionsUtil.getDiffRangesJsonFilePath();
if (!fs.existsSync(jsonFilePath)) {
logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`);
return undefined;
@@ -105,7 +100,14 @@ export function readDiffRangesJsonFile(
logger.debug(
`Read pr-diff-range JSON file from ${jsonFilePath}:\n${jsonContents}`,
);
return JSON.parse(jsonContents) as DiffThunkRange[];
try {
return JSON.parse(jsonContents) as DiffThunkRange[];
} catch (e) {
logger.warning(
`Failed to parse diff ranges JSON file at ${jsonFilePath}: ${e}`,
);
return undefined;
}
}
/**

18
src/git-utils.test.ts
View File

@@ -347,9 +347,9 @@ test.serial("getFileOidsUnderPath returns correct file mapping", async (t) => {
const runGitCommandStub = sinon
.stub(gitUtils as any, "runGitCommand")
.resolves(
"30d998ded095371488be3a729eb61d86ed721a18_lib/git-utils.js\n" +
"d89514599a9a99f22b4085766d40af7b99974827_lib/git-utils.js.map\n" +
"a47c11f5bfdca7661942d2c8f1b7209fb0dfdf96_src/git-utils.ts",
"100644 30d998ded095371488be3a729eb61d86ed721a18 0\tlib/git-utils.js\n" +
"100644 d89514599a9a99f22b4085766d40af7b99974827 0\tlib/git-utils.js.map\n" +
"100644 a47c11f5bfdca7661942d2c8f1b7209fb0dfdf96 0\tsrc/git-utils.ts",
);
const result = await gitUtils.getFileOidsUnderPath("/fake/path");
@@ -362,7 +362,7 @@ test.serial("getFileOidsUnderPath returns correct file mapping", async (t) => {
t.deepEqual(runGitCommandStub.firstCall.args, [
"/fake/path",
["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"],
["ls-files", "--recurse-submodules", "--stage"],
"Cannot list Git OIDs of tracked files.",
]);
});
@@ -371,9 +371,9 @@ test.serial("getFileOidsUnderPath handles quoted paths", async (t) => {
sinon
.stub(gitUtils as any, "runGitCommand")
.resolves(
"30d998ded095371488be3a729eb61d86ed721a18_lib/normal-file.js\n" +
'd89514599a9a99f22b4085766d40af7b99974827_"lib/file with spaces.js"\n' +
'a47c11f5bfdca7661942d2c8f1b7209fb0dfdf96_"lib/file\\twith\\ttabs.js"',
"100644 30d998ded095371488be3a729eb61d86ed721a18 0\tlib/normal-file.js\n" +
'100644 d89514599a9a99f22b4085766d40af7b99974827 0\t"lib/file with spaces.js"\n' +
'100644 a47c11f5bfdca7661942d2c8f1b7209fb0dfdf96 0\t"lib/file\\twith\\ttabs.js"',
);
const result = await gitUtils.getFileOidsUnderPath("/fake/path");
@@ -398,9 +398,9 @@ test.serial(
sinon
.stub(gitUtils as any, "runGitCommand")
.resolves(
"30d998ded095371488be3a729eb61d86ed721a18_lib/git-utils.js\n" +
"100644 30d998ded095371488be3a729eb61d86ed721a18 0\tlib/git-utils.js\n" +
"invalid-line-format\n" +
"a47c11f5bfdca7661942d2c8f1b7209fb0dfdf96_src/git-utils.ts",
"100644 a47c11f5bfdca7661942d2c8f1b7209fb0dfdf96 0\tsrc/git-utils.ts",
);
await t.throwsAsync(

23
src/git-utils.ts
View File

@@ -14,10 +14,11 @@ import {
import { ConfigurationError, getRequiredEnvParam } from "./util";
/**
* Minimum Git version required for overlay analysis. The `git ls-files --format`
* option, which is used by `getFileOidsUnderPath`, was introduced in Git 2.38.0.
* Minimum Git version required for overlay analysis. The
* `git ls-files --recurse-submodules` option, which is used by
* `getFileOidsUnderPath`, was introduced in Git 2.11.0.
*/
export const GIT_MINIMUM_VERSION_FOR_OVERLAY = "2.38.0";
export const GIT_MINIMUM_VERSION_FOR_OVERLAY = "2.11.0";
/**
* Git version information
@@ -252,24 +253,28 @@ export const getGitRoot = async function (
*
* @param basePath A path into the Git repository.
* @returns a map from file paths (relative to `basePath`) to Git OIDs.
* @throws {Error} if "git ls-tree" produces unexpected output.
* @throws {Error} if "git ls-files" produces unexpected output.
*/
export const getFileOidsUnderPath = async function (
basePath: string,
): Promise<{ [key: string]: string }> {
// Without the --full-name flag, the path is relative to the current working
// directory of the git command, which is basePath.
//
// We use --stage rather than --format here because --stage has been available since Git 2.11.0,
// while --format was only introduced in Git 2.38.0, which would limit overlay rollout.
const stdout = await runGitCommand(
basePath,
["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"],
["ls-files", "--recurse-submodules", "--stage"],
"Cannot list Git OIDs of tracked files.",
);
const fileOidMap: { [key: string]: string } = {};
// With --format=%(objectname)_%(path), the output is a list of lines like:
// 30d998ded095371488be3a729eb61d86ed721a18_lib/git-utils.js
// d89514599a9a99f22b4085766d40af7b99974827_lib/git-utils.js.map
const regex = /^([0-9a-f]{40})_(.+)$/;
// With --stage, the output is a list of lines like:
// 100644 4c51bc1d9e86cd86e01b0f340cb8ce095c33b283 0\tsrc/git-utils.test.ts
// 100644 6b792ea543ce75d7a8a03df591e3c85311ecb64f 0\tsrc/git-utils.ts
// The fields are: <mode> <oid> <stage>\t<path>
const regex = /^[0-9]+ ([0-9a-f]{40}) [0-9]+\t(.+)$/;
for (const line of stdout.split("\n")) {
if (line) {
const match = line.match(regex);

44
src/init-action.ts
View File

@@ -37,6 +37,11 @@ import {
makeDiagnostic,
makeTelemetryDiagnostic,
} from "./diagnostics";
import {
getDiffInformedAnalysisBranches,
getPullRequestEditedDiffRanges,
writeDiffRangesJsonFile,
} from "./diff-informed-analysis-utils";
import { EnvVar } from "./environment";
import { Feature, FeatureEnablement, initFeatures } from "./feature-flags";
import {
@@ -54,7 +59,7 @@ import {
runDatabaseInitCluster,
} from "./init";
import { JavaEnvVars, KnownLanguage } from "./languages";
import { getActionsLogger, Logger } from "./logging";
import { getActionsLogger, Logger, withGroupAsync } from "./logging";
import {
downloadOverlayBaseDatabaseFromCache,
OverlayBaseDatabaseDownloadStats,
@@ -413,6 +418,7 @@ async function run(startedAt: Date) {
}
await checkInstallPython311(config.languages, codeql);
await computeAndPersistDiffRanges(codeql, features, logger);
} catch (unwrappedError) {
const error = wrapError(unwrappedError);
core.setFailed(error.message);
@@ -833,6 +839,42 @@ async function loadRepositoryProperties(
}
}
/**
* Compute and persist diff ranges when diff-informed analysis is enabled
* (feature flag + PR context). This writes the standard pr-diff-range.json
* file for later reuse in the analyze step. Failures are logged but non-fatal.
*/
async function computeAndPersistDiffRanges(
codeql: CodeQL,
features: FeatureEnablement,
logger: Logger,
): Promise<void> {
await withGroupAsync("Computing PR diff ranges", async () => {
try {
const branches = await getDiffInformedAnalysisBranches(
codeql,
features,
logger,
);
if (!branches) {
return;
}
const ranges = await getPullRequestEditedDiffRanges(branches, logger);
if (ranges === undefined) {
return;
}
writeDiffRangesJsonFile(logger, ranges);
const distinctFiles = new Set(ranges.map((r) => r.path)).size;
logger.info(
`Persisted ${ranges.length} diff range(s) across ${distinctFiles} file(s).`,
);
} catch (e) {
logger.warning(
`Failed to compute and persist PR diff ranges: ${getErrorMessage(e)}`,
);
}
});
}
async function recordZstdAvailability(
config: configUtils.Config,
zstdAvailability: ZstdAvailability,

264
src/overlay/index.test.ts
View File

@@ -34,12 +34,14 @@ test.serial(
"writeOverlayChangesFile generates correct changes file",
async (t) => {
await withTmpDir(async (tmpDir) => {
const dbLocation = path.join(tmpDir, "db");
await fs.promises.mkdir(dbLocation, { recursive: true });
const sourceRoot = path.join(tmpDir, "src");
await fs.promises.mkdir(sourceRoot, { recursive: true });
const tempDir = path.join(tmpDir, "temp");
await fs.promises.mkdir(tempDir, { recursive: true });
const [dbLocation, sourceRoot, tempDir] = ["db", "src", "temp"].map((d) =>
path.join(tmpDir, d),
);
await Promise.all(
[dbLocation, sourceRoot, tempDir].map((d) =>
fs.promises.mkdir(d, { recursive: true }),
),
);
const logger = getRunnerLogger(true);
const config = createTestConfig({ dbLocation });
@@ -70,9 +72,16 @@ test.serial(
// Write the overlay changes file, which uses the mocked overlay OIDs
// and the base database OIDs file
const diffRangeFilePath = path.join(tempDir, "pr-diff-range.json");
const getTempDirStub = sinon
.stub(actionsUtil, "getTemporaryDirectory")
.returns(tempDir);
const getDiffRangesStub = sinon
.stub(actionsUtil, "getDiffRangesJsonFilePath")
.returns(diffRangeFilePath);
const getGitRootStub = sinon
.stub(gitUtils, "getGitRoot")
.resolves(sourceRoot);
const changesFilePath = await writeOverlayChangesFile(
config,
sourceRoot,
@@ -80,6 +89,8 @@ test.serial(
);
getFileOidsStubForOverlay.restore();
getTempDirStub.restore();
getDiffRangesStub.restore();
getGitRootStub.restore();
const fileContent = await fs.promises.readFile(changesFilePath, "utf-8");
const parsedContent = JSON.parse(fileContent) as { changes: string[] };
@@ -93,6 +104,247 @@ test.serial(
},
);
test.serial(
"writeOverlayChangesFile merges additional diff files into overlay changes",
async (t) => {
await withTmpDir(async (tmpDir) => {
const [dbLocation, sourceRoot, tempDir] = ["db", "src", "temp"].map((d) =>
path.join(tmpDir, d),
);
await Promise.all(
[dbLocation, sourceRoot, tempDir].map((d) =>
fs.promises.mkdir(d, { recursive: true }),
),
);
const logger = getRunnerLogger(true);
const config = createTestConfig({ dbLocation });
// Mock the getFileOidsUnderPath function to return base OIDs
// "reverted.js" has the same OID in both base and current, simulating
// a revert PR where the file content matches the overlay-base
const baseOids = {
"unchanged.js": "aaa111",
"modified.js": "bbb222",
"reverted.js": "eee555",
};
const getFileOidsStubForBase = sinon
.stub(gitUtils, "getFileOidsUnderPath")
.resolves(baseOids);
// Write the base database OIDs file
await writeBaseDatabaseOidsFile(config, sourceRoot);
getFileOidsStubForBase.restore();
// Mock the getFileOidsUnderPath function to return overlay OIDs
// "reverted.js" has the same OID as the base -- OID comparison alone
// would NOT include it, only additionalChangedFiles causes it to appear
const currentOids = {
"unchanged.js": "aaa111",
"modified.js": "ddd444", // Changed OID
"reverted.js": "eee555", // Same OID as base -- not detected by OID comparison
};
const getFileOidsStubForOverlay = sinon
.stub(gitUtils, "getFileOidsUnderPath")
.resolves(currentOids);
const diffRangeFilePath = path.join(tempDir, "pr-diff-range.json");
const getTempDirStub = sinon
.stub(actionsUtil, "getTemporaryDirectory")
.returns(tempDir);
const getDiffRangesStub = sinon
.stub(actionsUtil, "getDiffRangesJsonFilePath")
.returns(diffRangeFilePath);
const getGitRootStub = sinon
.stub(gitUtils, "getGitRoot")
.resolves(sourceRoot);
// Write a pr-diff-range.json file with diff ranges including
// "reverted.js" (unchanged OIDs) and "modified.js" (already in OID changes)
await fs.promises.writeFile(
diffRangeFilePath,
JSON.stringify([
{ path: "reverted.js", startLine: 1, endLine: 10 },
{ path: "modified.js", startLine: 1, endLine: 5 },
{ path: "diff-only.js", startLine: 1, endLine: 3 },
]),
);
const changesFilePath = await writeOverlayChangesFile(
config,
sourceRoot,
logger,
);
getFileOidsStubForOverlay.restore();
getTempDirStub.restore();
getDiffRangesStub.restore();
getGitRootStub.restore();
const fileContent = await fs.promises.readFile(changesFilePath, "utf-8");
const parsedContent = JSON.parse(fileContent) as { changes: string[] };
t.deepEqual(
parsedContent.changes.sort(),
["diff-only.js", "modified.js", "reverted.js"],
"Should include OID-changed files, diff-only files, and deduplicate overlapping files",
);
});
},
);
test.serial(
"writeOverlayChangesFile works without additional diff files",
async (t) => {
await withTmpDir(async (tmpDir) => {
const [dbLocation, sourceRoot, tempDir] = ["db", "src", "temp"].map((d) =>
path.join(tmpDir, d),
);
await Promise.all(
[dbLocation, sourceRoot, tempDir].map((d) =>
fs.promises.mkdir(d, { recursive: true }),
),
);
const logger = getRunnerLogger(true);
const config = createTestConfig({ dbLocation });
// Mock the getFileOidsUnderPath function to return base OIDs
const baseOids = {
"unchanged.js": "aaa111",
"modified.js": "bbb222",
};
const getFileOidsStubForBase = sinon
.stub(gitUtils, "getFileOidsUnderPath")
.resolves(baseOids);
await writeBaseDatabaseOidsFile(config, sourceRoot);
getFileOidsStubForBase.restore();
const currentOids = {
"unchanged.js": "aaa111",
"modified.js": "ddd444",
};
const getFileOidsStubForOverlay = sinon
.stub(gitUtils, "getFileOidsUnderPath")
.resolves(currentOids);
const diffRangeFilePath = path.join(tempDir, "pr-diff-range.json");
const getTempDirStub = sinon
.stub(actionsUtil, "getTemporaryDirectory")
.returns(tempDir);
const getDiffRangesStub = sinon
.stub(actionsUtil, "getDiffRangesJsonFilePath")
.returns(diffRangeFilePath);
const getGitRootStub = sinon
.stub(gitUtils, "getGitRoot")
.resolves(sourceRoot);
// No pr-diff-range.json file exists - should work the same as before
const changesFilePath = await writeOverlayChangesFile(
config,
sourceRoot,
logger,
);
getFileOidsStubForOverlay.restore();
getTempDirStub.restore();
getDiffRangesStub.restore();
getGitRootStub.restore();
const fileContent = await fs.promises.readFile(changesFilePath, "utf-8");
const parsedContent = JSON.parse(fileContent) as { changes: string[] };
t.deepEqual(
parsedContent.changes.sort(),
["modified.js"],
"Should only include OID-changed files when no additional files provided",
);
});
},
);
test.serial(
"writeOverlayChangesFile converts diff range paths to sourceRoot-relative when sourceRoot is a subdirectory",
async (t) => {
await withTmpDir(async (tmpDir) => {
// Simulate: repo root = tmpDir, sourceRoot = tmpDir/src
const repoRoot = tmpDir;
const sourceRoot = path.join(tmpDir, "src");
const [dbLocation, tempDir] = ["db", "temp"].map((d) =>
path.join(tmpDir, d),
);
await Promise.all(
[dbLocation, sourceRoot, tempDir].map((d) =>
fs.promises.mkdir(d, { recursive: true }),
),
);
const logger = getRunnerLogger(true);
const config = createTestConfig({ dbLocation });
// Base OIDs (sourceRoot-relative paths)
const baseOids = {
"app.js": "aaa111",
"lib/util.js": "bbb222",
};
const getFileOidsStubForBase = sinon
.stub(gitUtils, "getFileOidsUnderPath")
.resolves(baseOids);
await writeBaseDatabaseOidsFile(config, sourceRoot);
getFileOidsStubForBase.restore();
// Current OIDs — same as base (no OID changes)
const currentOids = {
"app.js": "aaa111",
"lib/util.js": "bbb222",
};
const getFileOidsStubForOverlay = sinon
.stub(gitUtils, "getFileOidsUnderPath")
.resolves(currentOids);
const diffRangeFilePath = path.join(tempDir, "pr-diff-range.json");
const getTempDirStub = sinon
.stub(actionsUtil, "getTemporaryDirectory")
.returns(tempDir);
const getDiffRangesStub = sinon
.stub(actionsUtil, "getDiffRangesJsonFilePath")
.returns(diffRangeFilePath);
// getGitRoot returns the repo root (parent of sourceRoot)
const getGitRootStub = sinon
.stub(gitUtils, "getGitRoot")
.resolves(repoRoot);
// Diff ranges use repo-root-relative paths (as returned by the GitHub compare API)
await fs.promises.writeFile(
diffRangeFilePath,
JSON.stringify([
{ path: "src/app.js", startLine: 1, endLine: 10 },
{ path: "src/lib/util.js", startLine: 5, endLine: 8 },
{ path: "other/outside.js", startLine: 1, endLine: 3 }, // not under sourceRoot
]),
);
const changesFilePath = await writeOverlayChangesFile(
config,
sourceRoot,
logger,
);
getFileOidsStubForOverlay.restore();
getTempDirStub.restore();
getDiffRangesStub.restore();
getGitRootStub.restore();
const fileContent = await fs.promises.readFile(changesFilePath, "utf-8");
const parsedContent = JSON.parse(fileContent) as { changes: string[] };
t.deepEqual(
parsedContent.changes.sort(),
["app.js", "lib/util.js"],
"Should convert repo-root-relative paths to sourceRoot-relative and filter out files outside sourceRoot",
);
});
},
);
interface DownloadOverlayBaseDatabaseTestCase {
overlayDatabaseMode: OverlayDatabaseMode;
useOverlayDatabaseCaching: boolean;

77
src/overlay/index.ts
View File

@@ -3,7 +3,9 @@ import * as path from "path";
import * as actionsCache from "@actions/cache";
import * as actionsUtil from "../actions-util";
import {
getOptionalInput,
getRequiredInput,
getTemporaryDirectory,
getWorkflowRunAttempt,
@@ -13,7 +15,7 @@ import { getAutomationID } from "../api-client";
import { createCacheKeyHash } from "../caching-utils";
import { type CodeQL } from "../codeql";
import { type Config } from "../config-utils";
import { getCommitOid, getFileOidsUnderPath } from "../git-utils";
import { getCommitOid, getFileOidsUnderPath, getGitRoot } from "../git-utils";
import { Logger, withGroupAsync } from "../logging";
import {
CleanupLevel,
@@ -130,11 +132,17 @@ export async function writeOverlayChangesFile(
): Promise<string> {
const baseFileOids = await readBaseDatabaseOidsFile(config, logger);
const overlayFileOids = await getFileOidsUnderPath(sourceRoot);
const changedFiles = computeChangedFiles(baseFileOids, overlayFileOids);
const oidChangedFiles = computeChangedFiles(baseFileOids, overlayFileOids);
logger.info(
`Found ${changedFiles.length} changed file(s) under ${sourceRoot}.`,
`Found ${oidChangedFiles.length} changed file(s) under ${sourceRoot} from OID comparison.`,
);
// Merge in any file paths from precomputed PR diff ranges to ensure the
// overlay always includes all files from the PR diff, even in edge cases
// like revert PRs where OID comparison shows no change.
const diffRangeFiles = await getDiffRangeFilePaths(sourceRoot, logger);
const changedFiles = [...new Set([...oidChangedFiles, ...diffRangeFiles])];
const changedFilesJson = JSON.stringify({ changes: changedFiles });
const overlayChangesFile = path.join(
getTemporaryDirectory(),
@@ -165,6 +173,69 @@ function computeChangedFiles(
return changes;
}
async function getDiffRangeFilePaths(
sourceRoot: string,
logger: Logger,
): Promise<string[]> {
const jsonFilePath = actionsUtil.getDiffRangesJsonFilePath();
if (!fs.existsSync(jsonFilePath)) {
logger.debug(
`No diff ranges JSON file found at ${jsonFilePath}; skipping.`,
);
return [];
}
let contents: string;
try {
contents = await fs.promises.readFile(jsonFilePath, "utf8");
} catch (e) {
logger.warning(
`Failed to read diff ranges JSON file at ${jsonFilePath}: ${e}`,
);
return [];
}
let diffRanges: Array<{ path: string }>;
try {
diffRanges = JSON.parse(contents) as Array<{ path: string }>;
} catch (e) {
logger.warning(
`Failed to parse diff ranges JSON file at ${jsonFilePath}: ${e}`,
);
return [];
}
logger.debug(
`Read ${diffRanges.length} diff range(s) from ${jsonFilePath} for overlay changes.`,
);
// Diff-range paths are relative to the repo root (from the GitHub compare
// API), but overlay changed files must be relative to sourceRoot (to match
// getFileOidsUnderPath output). Convert and filter accordingly.
const repoRoot = await getGitRoot(sourceRoot);
if (repoRoot === undefined) {
if (getOptionalInput("source-root")) {
throw new Error(
"Cannot determine git root to convert diff range paths relative to source-root. " +
"Failing to avoid omitting files from the analysis.",
);
}
logger.warning(
"Cannot determine git root; returning diff range paths as-is.",
);
return [...new Set(diffRanges.map((r) => r.path))];
}
const relativePaths = diffRanges
.map((r) =>
path
.relative(sourceRoot, path.join(repoRoot, r.path))
.replaceAll(path.sep, "/"),
)
.filter((rel) => !rel.startsWith(".."));
return [...new Set(relativePaths)];
}
// Constants for database caching
const CACHE_VERSION = 1;
const CACHE_PREFIX = "codeql-overlay-base-database";

168
src/start-proxy.test.ts
View File

@@ -14,9 +14,9 @@ import * as startProxyExports from "./start-proxy";
import { parseLanguage } from "./start-proxy";
import * as statusReport from "./status-report";
import {
assertNotLogged,
checkExpectedLogMessages,
createFeatures,
getRecordingLogger,
makeTestToken,
RecordingLogger,
setupTests,
@@ -439,41 +439,155 @@ test("getCredentials accepts OIDC configurations", (t) => {
t.assert(credentials.some((c) => startProxyExports.isJFrogConfig(c)));
});
test("getCredentials logs a warning when a PAT is used without a username", async (t) => {
const loggedMessages = [];
const logger = getRecordingLogger(loggedMessages);
const likelyWrongCredentials = toEncodedJSON([
const getCredentialsMacro = test.macro({
exec: async (
t: ExecutionContext<unknown>,
credentials: startProxyExports.RawCredential[],
checkAccepted: (
t: ExecutionContext<unknown>,
logger: RecordingLogger,
results: startProxyExports.Credential[],
) => void,
) => {
const logger = new RecordingLogger();
const credentialsString = toEncodedJSON(credentials);
const results = startProxyExports.getCredentials(
logger,
undefined,
credentialsString,
undefined,
);
checkAccepted(t, logger, results);
},
title: (providedTitle = "") => `getCredentials - ${providedTitle}`,
});
test(
"warns for PAT-like password without a username",
getCredentialsMacro,
[
{
type: "git_server",
host: "https://github.com/",
password: `ghp_${makeTestToken()}`,
},
]);
],
(t, logger, results) => {
// The configurations should be accepted, despite the likely problem.
t.assert(results);
t.is(results.length, 1);
t.is(results[0].type, "git_server");
t.is(results[0].host, "https://github.com/");
const results = startProxyExports.getCredentials(
logger,
undefined,
likelyWrongCredentials,
undefined,
);
if (startProxyExports.isUsernamePassword(results[0])) {
t.assert(results[0].password?.startsWith("ghp_"));
} else {
t.fail("Expected a `UsernamePassword`-based credential.");
}
// The configuration should be accepted, despite the likely problem.
t.assert(results);
t.is(results.length, 1);
t.is(results[0].type, "git_server");
t.is(results[0].host, "https://github.com/");
// A warning should have been logged.
checkExpectedLogMessages(t, logger.messages, [
"using a GitHub Personal Access Token (PAT), but no username was provided",
]);
},
);
if (startProxyExports.isUsernamePassword(results[0])) {
t.assert(results[0].password?.startsWith("ghp_"));
} else {
t.fail("Expected a `UsernamePassword`-based credential.");
}
test(
"no warning for PAT-like password with a username",
getCredentialsMacro,
[
{
type: "git_server",
host: "https://github.com/",
username: "someone",
password: `ghp_${makeTestToken()}`,
},
],
(t, logger, results) => {
// The configurations should be accepted, despite the likely problem.
t.assert(results);
t.is(results.length, 1);
t.is(results[0].type, "git_server");
t.is(results[0].host, "https://github.com/");
// A warning should have been logged.
checkExpectedLogMessages(t, loggedMessages, [
"using a GitHub Personal Access Token (PAT), but no username was provided",
]);
});
if (startProxyExports.isUsernamePassword(results[0])) {
t.assert(results[0].password?.startsWith("ghp_"));
} else {
t.fail("Expected a `UsernamePassword`-based credential.");
}
assertNotLogged(
t,
logger,
"using a GitHub Personal Access Token (PAT), but no username was provided",
);
},
);
test(
"warns for PAT-like token without a username",
getCredentialsMacro,
[
{
type: "git_server",
host: "https://github.com/",
token: `ghp_${makeTestToken()}`,
},
],
(t, logger, results) => {
// The configurations should be accepted, despite the likely problem.
t.assert(results);
t.is(results.length, 1);
t.is(results[0].type, "git_server");
t.is(results[0].host, "https://github.com/");
if (startProxyExports.isToken(results[0])) {
t.assert(results[0].token?.startsWith("ghp_"));
} else {
t.fail("Expected a `Token`-based credential.");
}
// A warning should have been logged.
checkExpectedLogMessages(t, logger.messages, [
"using a GitHub Personal Access Token (PAT), but no username was provided",
]);
},
);
test(
"no warning for PAT-like token with a username",
getCredentialsMacro,
[
{
type: "git_server",
host: "https://github.com/",
username: "someone",
token: `ghp_${makeTestToken()}`,
},
],
(t, logger, results) => {
// The configurations should be accepted, despite the likely problem.
t.assert(results);
t.is(results.length, 1);
t.is(results[0].type, "git_server");
t.is(results[0].host, "https://github.com/");
if (startProxyExports.isToken(results[0])) {
t.assert(results[0].token?.startsWith("ghp_"));
} else {
t.fail("Expected a `Token`-based credential.");
}
assertNotLogged(
t,
logger,
"using a GitHub Personal Access Token (PAT), but no username was provided",
);
},
);
test("getCredentials returns all credentials for Actions when using LANGUAGE_TO_REGISTRY_TYPE", async (t) => {
const credentialsInput = toEncodedJSON(mixedCredentials);

21
src/start-proxy.ts
View File

@@ -447,15 +447,18 @@ export function getCredentials(
}
// If the password or token looks like a GitHub PAT, warn if no username is configured.
if (
((!hasUsername(authConfig) || !isDefined(authConfig.username)) &&
isUsernamePassword(authConfig) &&
isDefined(authConfig.password) &&
isPAT(authConfig.password)) ||
(isToken(authConfig) &&
isDefined(authConfig.token) &&
isPAT(authConfig.token))
) {
const noUsername =
!hasUsername(authConfig) || !isDefined(authConfig.username);
const passwordIsPAT =
isUsernamePassword(authConfig) &&
isDefined(authConfig.password) &&
isPAT(authConfig.password);
const tokenIsPAT =
isToken(authConfig) &&
isDefined(authConfig.token) &&
isPAT(authConfig.token);
if (noUsername && (passwordIsPAT || tokenIsPAT)) {
logger.warning(
`A ${e.type} private registry is configured for ${e.host || e.url} using a GitHub Personal Access Token (PAT), but no username was provided. ` +
`This may not work correctly. When configuring a private registry using a PAT, select "Username and password" and enter the username of the user ` +

101
src/testing-utils.ts
View File

@@ -185,8 +185,8 @@ export interface LoggedMessage {
export class RecordingLogger implements Logger {
messages: LoggedMessage[] = [];
groups: string[] = [];
unfinishedGroups: Set<string> = new Set();
readonly groups: string[] = [];
readonly unfinishedGroups: Set<string> = new Set();
private currentGroup: string | undefined = undefined;
constructor(private readonly logToConsole: boolean = true) {}
@@ -200,6 +200,19 @@ export class RecordingLogger implements Logger {
}
}
/**
* Checks whether the logged messages contain `messageOrRegExp`.
*
* If `messageOrRegExp` is a string, this function returns true as long as
* `messageOrRegExp` appears as part of one of the `messages`.
*
* If `messageOrRegExp` is a regular expression, this function returns true as long as
* one of the `messages` matches `messageOrRegExp`.
*/
hasMessage(messageOrRegExp: string | RegExp): boolean {
return hasLoggedMessage(this.messages, messageOrRegExp);
}
isDebug() {
return true;
}
@@ -238,41 +251,37 @@ export function getRecordingLogger(
messages: LoggedMessage[],
{ logToConsole }: { logToConsole?: boolean } = { logToConsole: true },
): Logger {
return {
debug: (message: string) => {
messages.push({ type: "debug", message });
if (logToConsole) {
// eslint-disable-next-line no-console
console.debug(message);
}
},
info: (message: string) => {
messages.push({ type: "info", message });
if (logToConsole) {
// eslint-disable-next-line no-console
console.info(message);
}
},
warning: (message: string | Error) => {
messages.push({ type: "warning", message });
if (logToConsole) {
// eslint-disable-next-line no-console
console.warn(message);
}
},
error: (message: string | Error) => {
messages.push({ type: "error", message });
if (logToConsole) {
// eslint-disable-next-line no-console
console.error(message);
}
},
isDebug: () => true,
startGroup: () => undefined,
endGroup: () => undefined,
};
const logger = new RecordingLogger(logToConsole);
logger.messages = messages;
return logger;
}
/**
* Checks whether `messages` contains `messageOrRegExp`.
*
* If `messageOrRegExp` is a string, this function returns true as long as
* `messageOrRegExp` appears as part of one of the `messages`.
*
* If `messageOrRegExp` is a regular expression, this function returns true as long as
* one of the `messages` matches `messageOrRegExp`.
*/
function hasLoggedMessage(
messages: LoggedMessage[],
messageOrRegExp: string | RegExp,
): boolean {
const check = (val: string) =>
typeof messageOrRegExp === "string"
? val.includes(messageOrRegExp)
: messageOrRegExp.test(val);
return messages.some(
(msg) => typeof msg.message === "string" && check(msg.message),
);
}
/**
* Checks that `messages` contains all of `expectedMessages`.
*/
export function checkExpectedLogMessages(
t: ExecutionContext<any>,
messages: LoggedMessage[],
@@ -281,13 +290,7 @@ export function checkExpectedLogMessages(
const missingMessages: string[] = [];
for (const expectedMessage of expectedMessages) {
if (
!messages.some(
(msg) =>
typeof msg.message === "string" &&
msg.message.includes(expectedMessage),
)
) {
if (!hasLoggedMessage(messages, expectedMessage)) {
missingMessages.push(expectedMessage);
}
}
@@ -304,6 +307,20 @@ export function checkExpectedLogMessages(
}
}
/**
* Asserts that `message` should not have been logged to `logger`.
*/
export function assertNotLogged(
t: ExecutionContext<any>,
logger: RecordingLogger,
message: string | RegExp,
) {
t.false(
logger.hasMessage(message),
`'${message}' should not have been logged, but was.`,
);
}
/**
* Initialises a recording logger and calls `body` with it.
*