From 6e2a9b0905d5b7802f790a49d11319d36c1e816a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Oct 2024 01:38:54 +0000
Subject: [PATCH 1/2] Bump @actions/core from 1.11.0 to 1.11.1

Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.11.0 to 1.11.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 14 +++++++-------
 package.json      |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 4ed0d56..5254dda 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,7 +8,7 @@
       "name": "arduino-lint-action",
       "license": "MIT",
       "dependencies": {
-        "@actions/core": "^1.11.0",
+        "@actions/core": "^1.11.1",
         "@actions/http-client": "^2.2.3",
         "@actions/tool-cache": "^2.0.1",
         "semver": "^7.6.3"
@@ -28,9 +28,9 @@
       }
     },
     "node_modules/@actions/core": {
-      "version": "1.11.0",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.0.tgz",
-      "integrity": "sha512-I21jQUzEjbZolw3jFZ/0iHGCb+rePCww9MaA0SbVFae4FpBTQWP1GIvr/m5Y6GVaxrDz7p3RhBtpBzwkA3rPSA==",
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
+      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
       "dependencies": {
         "@actions/exec": "^1.1.1",
         "@actions/http-client": "^2.0.1"
@@ -5828,9 +5828,9 @@
   },
   "dependencies": {
     "@actions/core": {
-      "version": "1.11.0",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.0.tgz",
-      "integrity": "sha512-I21jQUzEjbZolw3jFZ/0iHGCb+rePCww9MaA0SbVFae4FpBTQWP1GIvr/m5Y6GVaxrDz7p3RhBtpBzwkA3rPSA==",
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
+      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
       "requires": {
         "@actions/exec": "^1.1.1",
         "@actions/http-client": "^2.0.1"
diff --git a/package.json b/package.json
index 6210648..b34e29a 100644
--- a/package.json
+++ b/package.json
@@ -22,7 +22,7 @@
   "author": "Arduino",
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^1.11.0",
+    "@actions/core": "^1.11.1",
     "@actions/http-client": "^2.2.3",
     "@actions/tool-cache": "^2.0.1",
     "semver": "^7.6.3"

From 5313dbd8bb5d86d8f21d9040720320353c514b4c Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Sun, 6 Oct 2024 22:18:46 -0700
Subject: [PATCH 2/2] Repackage action following `@actions/core` bump

GitHub downloads each action run in a workflow during runtime and executes it as a complete package of code before you
can use workflow commands like run to interact with the runner machine. This means that we must provide all JavaScript
package dependencies as part of the distributed action in order for it to be usable in workflows.

A naive approach to doing this is checking in the `node_modules` folder. However, this approach results in a huge amount
of frequently changing external content being included in the repository, much of which is not even part of the executed
program.

A far better approach is to use the excellent ncc tool to compile the program, including all the relevant code from the
dependencies, into a single file.

We use a "continuous packaging" approach, where the packaged action code that is generated via ncc is always kept in
sync with the development source code and dependencies. This allows a beta version of the action to be easily used in
workflows by beta testers or those who need changes not in the release simply by using the name of the branch as the
action ref (e.g., `uses: arduino/arduino-lint-action@main` will cause the version of the action from the tip of the
`main` branch to be used by the workflow run).

The update of the package dependency results in a change to the packaged code, so the packaging is here updated
accordingly.
---
 dist/index.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dist/index.js b/dist/index.js
index eaff622..158e30f 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -817,6 +817,7 @@ Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.prepareKeyValueMessage = exports.issueFileCommand = void 0;
 // We use any as a valid input type
 /* eslint-disable @typescript-eslint/no-explicit-any */
+const crypto = __importStar(__nccwpck_require__(6982));
 const fs = __importStar(__nccwpck_require__(9896));
 const os = __importStar(__nccwpck_require__(857));
 const utils_1 = __nccwpck_require__(302);