From fa58d7144f928198704762ec365d64c026877b0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 03:38:52 +0000 Subject: [PATCH 1/2] Bump semver from 7.6.2 to 7.6.3 Bumps [semver](https://github.com/npm/node-semver) from 7.6.2 to 7.6.3. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v7.6.2...v7.6.3) --- updated-dependencies: - dependency-name: semver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 10bfdf1..0cc798c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,7 +11,7 @@ "@actions/core": "^1.10.1", "@actions/http-client": "^2.2.1", "@actions/tool-cache": "^2.0.1", - "semver": "^7.6.2" + "semver": "^7.6.3" }, "devDependencies": { "@actions/io": "^1.1.3", @@ -5291,9 +5291,9 @@ "dev": true }, "node_modules/semver": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", - "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==", "bin": { "semver": "bin/semver.js" }, @@ -9839,9 +9839,9 @@ "dev": true }, "semver": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", - "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==" + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==" }, "shebang-command": { "version": "2.0.0", diff --git a/package.json b/package.json index c4b1bf7..238aa87 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "@actions/core": "^1.10.1", "@actions/http-client": "^2.2.1", "@actions/tool-cache": "^2.0.1", - "semver": "^7.6.2" + "semver": "^7.6.3" }, "devDependencies": { "@actions/io": "^1.1.3", From d931ff0bef787f4beb4834f049c1ec42e38c94ca Mon Sep 17 00:00:00 2001 From: per1234 Date: Sun, 11 Aug 2024 20:51:17 -0700 Subject: [PATCH 2/2] Repackage action following `semver` bump GitHub downloads each action run in a workflow during runtime and executes it as a complete package of code before you can use workflow commands like run to interact with the runner machine. This means that we must provide all JavaScript package dependencies as part of the distributed action in order for it to be usable in workflows. A naive approach to doing this is checking in the `node_modules` folder. However, this approach results in a huge amount of frequently changing external content being included in the repository, much of which is not even part of the executed program. A far better approach is to use the excellent ncc tool to compile the program, including all the relevant code from the dependencies, into a single file. We use a "continuous packaging" approach, where the packaged action code that is generated via ncc is always kept in sync with the development source code and dependencies. This allows a beta version of the action to be easily used in workflows by beta testers or those who need changes not in the release simply by using the name of the branch as the action ref (e.g., `uses: arduino/arduino-lint-action@main` will cause the version of the action from the tip of the `main` branch to be used by the workflow run). The update of the package dependency results in a change to the packaged code, so the packaging is here updated accordingly. --- dist/index.js | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/dist/index.js b/dist/index.js index 84f80af..71935a2 100644 --- a/dist/index.js +++ b/dist/index.js @@ -8109,6 +8109,8 @@ const Range = __nccwpck_require__(9828) /***/ 9828: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +const SPACE_CHARACTERS = /\s+/g + // hoisted class for cyclic dependency class Range { constructor (range, options) { @@ -8129,7 +8131,7 @@ class Range { // just put it in the set and return this.raw = range.value this.set = [[range]] - this.format() + this.formatted = undefined return this } @@ -8140,10 +8142,7 @@ class Range { // First reduce all whitespace as much as possible so we do not have to rely // on potentially slow regexes like \s*. This is then stored and used for // future error messages as well. - this.raw = range - .trim() - .split(/\s+/) - .join(' ') + this.raw = range.trim().replace(SPACE_CHARACTERS, ' ') // First, split on || this.set = this.raw @@ -8177,14 +8176,29 @@ class Range { } } - this.format() + this.formatted = undefined + } + + get range () { + if (this.formatted === undefined) { + this.formatted = '' + for (let i = 0; i < this.set.length; i++) { + if (i > 0) { + this.formatted += '||' + } + const comps = this.set[i] + for (let k = 0; k < comps.length; k++) { + if (k > 0) { + this.formatted += ' ' + } + this.formatted += comps[k].toString().trim() + } + } + } + return this.formatted } format () { - this.range = this.set - .map((comps) => comps.join(' ').trim()) - .join('||') - .trim() return this.range }