From 56b508e80f12e5dc99f52e2f0ceab7c58153a015 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 May 2025 01:34:54 +0000 Subject: [PATCH 1/3] Bump semver from 7.7.1 to 7.7.2 Bumps [semver](https://github.com/npm/node-semver) from 7.7.1 to 7.7.2. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v7.7.1...v7.7.2) --- updated-dependencies: - dependency-name: semver dependency-version: 7.7.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 618d110..3492121 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "@actions/core": "^1.11.1", "@actions/http-client": "^2.2.3", "@actions/tool-cache": "^2.0.2", - "semver": "^7.7.1" + "semver": "^7.7.2" }, "devDependencies": { "@actions/io": "^1.1.3", @@ -5394,9 +5394,9 @@ "license": "MIT" }, "node_modules/semver": { - "version": "7.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", - "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==", + "version": "7.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", + "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==", "license": "ISC", "bin": { "semver": "bin/semver.js" diff --git a/package.json b/package.json index 415ff64..47ebec2 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "@actions/core": "^1.11.1", "@actions/http-client": "^2.2.3", "@actions/tool-cache": "^2.0.2", - "semver": "^7.7.1" + "semver": "^7.7.2" }, "devDependencies": { "@actions/io": "^1.1.3", From d85b586852608b9add52bc8d8c0ffdc104f559d8 Mon Sep 17 00:00:00 2001 From: per1234 Date: Mon, 12 May 2025 18:50:20 -0700 Subject: [PATCH 2/3] Repackage action following `semver` bump GitHub downloads each action run in a workflow during runtime and executes it as a complete package of code before you can use workflow commands like run to interact with the runner machine. This means that we must provide all JavaScript package dependencies as part of the distributed action in order for it to be usable in workflows. A naive approach to doing this is checking in the `node_modules` folder. However, this approach results in a huge amount of frequently changing external content being included in the repository, much of which is not even part of the executed program. A far better approach is to use the excellent ncc tool to compile the program, including all the relevant code from the dependencies, into a single file. We use a "continuous packaging" approach, where the packaged action code that is generated via ncc is always kept in sync with the development source code and dependencies. This allows a beta version of the action to be easily used in workflows by beta testers or those who need changes not in the release simply by using the name of the branch as the action ref (e.g., `uses: arduino/arduino-lint-action@main` will cause the version of the action from the tip of the `main` branch to be used by the workflow run). The update of the package dependency results in a change to the packaged code, so the packaging is here updated accordingly. --- dist/index.js | 150 +++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 143 insertions(+), 7 deletions(-) diff --git a/dist/index.js b/dist/index.js index eff46cd..22f8521 100644 --- a/dist/index.js +++ b/dist/index.js @@ -7505,6 +7505,9 @@ module.exports = parseParams /***/ 9379: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const ANY = Symbol('SemVer ANY') // hoisted class for cyclic dependency class Comparator { @@ -7653,6 +7656,9 @@ const Range = __nccwpck_require__(6782) /***/ 6782: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SPACE_CHARACTERS = /\s+/g // hoisted class for cyclic dependency @@ -8214,9 +8220,12 @@ const testSet = (set, version, options) => { /***/ 7163: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const debug = __nccwpck_require__(1159) const { MAX_LENGTH, MAX_SAFE_INTEGER } = __nccwpck_require__(5101) -const { safeRe: re, safeSrc: src, t } = __nccwpck_require__(5471) +const { safeRe: re, t } = __nccwpck_require__(5471) const parseOptions = __nccwpck_require__(356) const { compareIdentifiers } = __nccwpck_require__(3348) @@ -8398,8 +8407,7 @@ class SemVer { } // Avoid an invalid semver results if (identifier) { - const r = new RegExp(`^${this.options.loose ? src[t.PRERELEASELOOSE] : src[t.PRERELEASE]}$`) - const match = `-${identifier}`.match(r) + const match = `-${identifier}`.match(this.options.loose ? re[t.PRERELEASELOOSE] : re[t.PRERELEASE]) if (!match || match[1] !== identifier) { throw new Error(`invalid identifier: ${identifier}`) } @@ -8539,6 +8547,9 @@ module.exports = SemVer /***/ 1799: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const parse = __nccwpck_require__(6353) const clean = (version, options) => { const s = parse(version.trim().replace(/^[=v]+/, ''), options) @@ -8552,6 +8563,9 @@ module.exports = clean /***/ 8646: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const eq = __nccwpck_require__(5082) const neq = __nccwpck_require__(4974) const gt = __nccwpck_require__(6599) @@ -8611,6 +8625,9 @@ module.exports = cmp /***/ 5385: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const parse = __nccwpck_require__(6353) const { safeRe: re, t } = __nccwpck_require__(5471) @@ -8678,6 +8695,9 @@ module.exports = coerce /***/ 7648: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const compareBuild = (a, b, loose) => { const versionA = new SemVer(a, loose) @@ -8692,6 +8712,9 @@ module.exports = compareBuild /***/ 6874: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const compareLoose = (a, b) => compare(a, b, true) module.exports = compareLoose @@ -8702,6 +8725,9 @@ module.exports = compareLoose /***/ 8469: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const compare = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)) @@ -8714,6 +8740,9 @@ module.exports = compare /***/ 711: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const parse = __nccwpck_require__(6353) const diff = (version1, version2) => { @@ -8779,6 +8808,9 @@ module.exports = diff /***/ 5082: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const eq = (a, b, loose) => compare(a, b, loose) === 0 module.exports = eq @@ -8789,6 +8821,9 @@ module.exports = eq /***/ 6599: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const gt = (a, b, loose) => compare(a, b, loose) > 0 module.exports = gt @@ -8799,6 +8834,9 @@ module.exports = gt /***/ 1236: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const gte = (a, b, loose) => compare(a, b, loose) >= 0 module.exports = gte @@ -8809,6 +8847,9 @@ module.exports = gte /***/ 2338: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const inc = (version, release, options, identifier, identifierBase) => { @@ -8835,6 +8876,9 @@ module.exports = inc /***/ 3872: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const lt = (a, b, loose) => compare(a, b, loose) < 0 module.exports = lt @@ -8845,6 +8889,9 @@ module.exports = lt /***/ 6717: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const lte = (a, b, loose) => compare(a, b, loose) <= 0 module.exports = lte @@ -8855,6 +8902,9 @@ module.exports = lte /***/ 8511: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const major = (a, loose) => new SemVer(a, loose).major module.exports = major @@ -8865,6 +8915,9 @@ module.exports = major /***/ 2603: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const minor = (a, loose) => new SemVer(a, loose).minor module.exports = minor @@ -8875,6 +8928,9 @@ module.exports = minor /***/ 4974: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const neq = (a, b, loose) => compare(a, b, loose) !== 0 module.exports = neq @@ -8885,6 +8941,9 @@ module.exports = neq /***/ 6353: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const parse = (version, options, throwErrors = false) => { if (version instanceof SemVer) { @@ -8908,6 +8967,9 @@ module.exports = parse /***/ 8756: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const patch = (a, loose) => new SemVer(a, loose).patch module.exports = patch @@ -8918,6 +8980,9 @@ module.exports = patch /***/ 5714: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const parse = __nccwpck_require__(6353) const prerelease = (version, options) => { const parsed = parse(version, options) @@ -8931,6 +8996,9 @@ module.exports = prerelease /***/ 2173: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const rcompare = (a, b, loose) => compare(b, a, loose) module.exports = rcompare @@ -8941,6 +9009,9 @@ module.exports = rcompare /***/ 7192: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compareBuild = __nccwpck_require__(7648) const rsort = (list, loose) => list.sort((a, b) => compareBuild(b, a, loose)) module.exports = rsort @@ -8951,6 +9022,9 @@ module.exports = rsort /***/ 8011: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const Range = __nccwpck_require__(6782) const satisfies = (version, range, options) => { try { @@ -8968,6 +9042,9 @@ module.exports = satisfies /***/ 9872: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compareBuild = __nccwpck_require__(7648) const sort = (list, loose) => list.sort((a, b) => compareBuild(a, b, loose)) module.exports = sort @@ -8978,6 +9055,9 @@ module.exports = sort /***/ 8780: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const parse = __nccwpck_require__(6353) const valid = (version, options) => { const v = parse(version, options) @@ -8991,6 +9071,9 @@ module.exports = valid /***/ 2088: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + // just pre-load all the stuff that index.js lazily exports const internalRe = __nccwpck_require__(5471) const constants = __nccwpck_require__(5101) @@ -9087,6 +9170,9 @@ module.exports = { /***/ 5101: /***/ ((module) => { +"use strict"; + + // Note: this is the semver.org version of the spec that it implements // Not necessarily the package version of this code. const SEMVER_SPEC_VERSION = '2.0.0' @@ -9129,6 +9215,9 @@ module.exports = { /***/ 1159: /***/ ((module) => { +"use strict"; + + const debug = ( typeof process === 'object' && process.env && @@ -9145,6 +9234,9 @@ module.exports = debug /***/ 3348: /***/ ((module) => { +"use strict"; + + const numeric = /^[0-9]+$/ const compareIdentifiers = (a, b) => { const anum = numeric.test(a) @@ -9175,6 +9267,9 @@ module.exports = { /***/ 1383: /***/ ((module) => { +"use strict"; + + class LRUCache { constructor () { this.max = 1000 @@ -9222,6 +9317,9 @@ module.exports = LRUCache /***/ 356: /***/ ((module) => { +"use strict"; + + // parse out just the options we care about const looseOption = Object.freeze({ loose: true }) const emptyOpts = Object.freeze({ }) @@ -9244,6 +9342,9 @@ module.exports = parseOptions /***/ 5471: /***/ ((module, exports, __nccwpck_require__) => { +"use strict"; + + const { MAX_SAFE_COMPONENT_LENGTH, MAX_SAFE_BUILD_LENGTH, @@ -9322,12 +9423,14 @@ createToken('MAINVERSIONLOOSE', `(${src[t.NUMERICIDENTIFIERLOOSE]})\\.` + // ## Pre-release Version Identifier // A numeric identifier, or a non-numeric identifier. +// Non-numberic identifiers include numberic identifiers but can be longer. +// Therefore non-numberic identifiers must go first. -createToken('PRERELEASEIDENTIFIER', `(?:${src[t.NUMERICIDENTIFIER] -}|${src[t.NONNUMERICIDENTIFIER]})`) +createToken('PRERELEASEIDENTIFIER', `(?:${src[t.NONNUMERICIDENTIFIER] +}|${src[t.NUMERICIDENTIFIER]})`) -createToken('PRERELEASEIDENTIFIERLOOSE', `(?:${src[t.NUMERICIDENTIFIERLOOSE] -}|${src[t.NONNUMERICIDENTIFIER]})`) +createToken('PRERELEASEIDENTIFIERLOOSE', `(?:${src[t.NONNUMERICIDENTIFIER] +}|${src[t.NUMERICIDENTIFIERLOOSE]})`) // ## Pre-release Version // Hyphen, followed by one or more dot-separated pre-release version @@ -9470,6 +9573,9 @@ createToken('GTE0PRE', '^\\s*>=\\s*0\\.0\\.0-0\\s*$') /***/ 2276: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + // Determine if version is greater than all the versions possible in the range. const outside = __nccwpck_require__(280) const gtr = (version, range, options) => outside(version, range, '>', options) @@ -9481,6 +9587,9 @@ module.exports = gtr /***/ 3465: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const Range = __nccwpck_require__(6782) const intersects = (r1, r2, options) => { r1 = new Range(r1, options) @@ -9495,6 +9604,9 @@ module.exports = intersects /***/ 5213: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const outside = __nccwpck_require__(280) // Determine if version is less than all the versions possible in the range const ltr = (version, range, options) => outside(version, range, '<', options) @@ -9506,6 +9618,9 @@ module.exports = ltr /***/ 5574: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const Range = __nccwpck_require__(6782) @@ -9538,6 +9653,9 @@ module.exports = maxSatisfying /***/ 8595: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const Range = __nccwpck_require__(6782) const minSatisfying = (versions, range, options) => { @@ -9569,6 +9687,9 @@ module.exports = minSatisfying /***/ 1866: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const Range = __nccwpck_require__(6782) const gt = __nccwpck_require__(6599) @@ -9637,6 +9758,9 @@ module.exports = minVersion /***/ 280: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const Comparator = __nccwpck_require__(9379) const { ANY } = Comparator @@ -9724,6 +9848,9 @@ module.exports = outside /***/ 2028: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + // given a set of versions and a range, create a "simplified" range // that includes the same versions that the original range does // If the original range is shorter than the simplified one, return that. @@ -9778,6 +9905,9 @@ module.exports = (versions, range, options) => { /***/ 1489: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const Range = __nccwpck_require__(6782) const Comparator = __nccwpck_require__(9379) const { ANY } = Comparator @@ -10032,6 +10162,9 @@ module.exports = subset /***/ 4750: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const Range = __nccwpck_require__(6782) // Mostly just for testing and legacy API reasons @@ -10047,6 +10180,9 @@ module.exports = toComparators /***/ 4737: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const Range = __nccwpck_require__(6782) const validRange = (range, options) => { try { From 8e87eaa5c2e6eb09796a516b4f02c595068a3e06 Mon Sep 17 00:00:00 2001 From: per1234 Date: Mon, 12 May 2025 18:50:41 -0700 Subject: [PATCH 3/3] Update dependency license metadata cache for `semver` bump --- .licenses/npm/{semver-7.7.1.dep.yml => semver-7.7.2.dep.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .licenses/npm/{semver-7.7.1.dep.yml => semver-7.7.2.dep.yml} (98%) diff --git a/.licenses/npm/semver-7.7.1.dep.yml b/.licenses/npm/semver-7.7.2.dep.yml similarity index 98% rename from .licenses/npm/semver-7.7.1.dep.yml rename to .licenses/npm/semver-7.7.2.dep.yml index 3194cf4..4157891 100644 --- a/.licenses/npm/semver-7.7.1.dep.yml +++ b/.licenses/npm/semver-7.7.2.dep.yml @@ -1,6 +1,6 @@ --- name: semver -version: 7.7.1 +version: 7.7.2 type: npm summary: The semantic version parser used by npm. homepage: