From 1ac5925a7d8ffd73d0e1879aaa93b021b3908f53 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 30 Jan 2025 01:59:23 +0000
Subject: [PATCH 1/3] Bump semver from 7.6.3 to 7.7.0

Bumps [semver](https://github.com/npm/node-semver) from 7.6.3 to 7.7.0.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.6.3...v7.7.0)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 9 +++++----
 package.json      | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 58b1a5c..e0184db 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
         "@actions/core": "^1.11.1",
         "@actions/http-client": "^2.2.3",
         "@actions/tool-cache": "^2.0.2",
-        "semver": "^7.6.3"
+        "semver": "^7.7.0"
       },
       "devDependencies": {
         "@actions/io": "^1.1.3",
@@ -5392,9 +5392,10 @@
       "license": "MIT"
     },
     "node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "version": "7.7.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.0.tgz",
+      "integrity": "sha512-DrfFnPzblFmNrIZzg5RzHegbiRWg7KMR7btwi2yjHwx06zsUbO5g613sVwEV7FTwmzJu+Io0lJe2GJ3LxqpvBQ==",
+      "license": "ISC",
       "bin": {
         "semver": "bin/semver.js"
       },
diff --git a/package.json b/package.json
index 1157931..d63b3d9 100644
--- a/package.json
+++ b/package.json
@@ -18,7 +18,7 @@
     "@actions/core": "^1.11.1",
     "@actions/http-client": "^2.2.3",
     "@actions/tool-cache": "^2.0.2",
-    "semver": "^7.6.3"
+    "semver": "^7.7.0"
   },
   "devDependencies": {
     "@actions/io": "^1.1.3",

From 3ea589ea52bdf5efedda0578d967a87c528ec0c0 Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Thu, 30 Jan 2025 00:27:53 -0800
Subject: [PATCH 2/3] Repackage action following `semver` bump

GitHub downloads each action run in a workflow during runtime and executes it as a complete package of code before you
can use workflow commands like run to interact with the runner machine. This means that we must provide all JavaScript
package dependencies as part of the distributed action in order for it to be usable in workflows.

A naive approach to doing this is checking in the `node_modules` folder. However, this approach results in a huge amount
of frequently changing external content being included in the repository, much of which is not even part of the executed
program.

A far better approach is to use the excellent ncc tool to compile the program, including all the relevant code from the
dependencies, into a single file.

We use a "continuous packaging" approach, where the packaged action code that is generated via ncc is always kept in
sync with the development source code and dependencies. This allows a beta version of the action to be easily used in
workflows by beta testers or those who need changes not in the release simply by using the name of the branch as the
action ref (e.g., `uses: arduino/arduino-lint-action@main` will cause the version of the action from the tip of the
`main` branch to be used by the workflow run).

The update of the package dependency results in a change to the packaged code, so the packaging is here updated
accordingly.
---
 dist/index.js | 42 +++++++++++++++++++++++++-----------------
 1 file changed, 25 insertions(+), 17 deletions(-)

diff --git a/dist/index.js b/dist/index.js
index a9b4304..27ed930 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -8226,7 +8226,7 @@ class SemVer {
 
     if (version instanceof SemVer) {
       if (version.loose === !!options.loose &&
-          version.includePrerelease === !!options.includePrerelease) {
+        version.includePrerelease === !!options.includePrerelease) {
         return version
       } else {
         version = version.version
@@ -8392,6 +8392,19 @@ class SemVer {
   // preminor will bump the version up to the next minor release, and immediately
   // down to pre-release. premajor and prepatch work the same way.
   inc (release, identifier, identifierBase) {
+    if (release.startsWith('pre')) {
+      if (!identifier && identifierBase === false) {
+        throw new Error('invalid increment argument: identifier is empty')
+      }
+      // Avoid an invalid semver results
+      if (identifier) {
+        const match = `-${identifier}`.match(this.options.loose ? re[t.PRERELEASELOOSE] : re[t.PRERELEASE])
+        if (!match || match[1] !== identifier) {
+          throw new Error(`invalid identifier: ${identifier}`)
+        }
+      }
+    }
+
     switch (release) {
       case 'premajor':
         this.prerelease.length = 0
@@ -8422,6 +8435,12 @@ class SemVer {
         }
         this.inc('pre', identifier, identifierBase)
         break
+      case 'release':
+        if (this.prerelease.length === 0) {
+          throw new Error(`version ${this.raw} is not a prerelease`)
+        }
+        this.prerelease.length = 0
+        break
 
       case 'major':
         // If this is a pre-major version, bump up to the same major version.
@@ -8465,10 +8484,6 @@ class SemVer {
       case 'pre': {
         const base = Number(identifierBase) ? 1 : 0
 
-        if (!identifier && identifierBase === false) {
-          throw new Error('invalid increment argument: identifier is empty')
-        }
-
         if (this.prerelease.length === 0) {
           this.prerelease = [base]
         } else {
@@ -8727,20 +8742,13 @@ const diff = (version1, version2) => {
       return 'major'
     }
 
-    // Otherwise it can be determined by checking the high version
-
-    if (highVersion.patch) {
-      // anything higher than a patch bump would result in the wrong version
+    // If the main part has no difference
+    if (lowVersion.compareMain(highVersion) === 0) {
+      if (lowVersion.minor && !lowVersion.patch) {
+        return 'minor'
+      }
       return 'patch'
     }
-
-    if (highVersion.minor) {
-      // anything higher than a minor bump would result in the wrong version
-      return 'minor'
-    }
-
-    // bumping major/minor/patch all have same result
-    return 'major'
   }
 
   // add the `pre` prefix if we are going to a prerelease version

From 2c8b9e0eb2b6ccfadb604126316b9f81d50482e7 Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Thu, 30 Jan 2025 00:28:37 -0800
Subject: [PATCH 3/3] Update dependency license metadata cache for `semver`
 bump

---
 .licenses/npm/{semver-7.6.3.dep.yml => semver-7.7.0.dep.yml} | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 rename .licenses/npm/{semver-7.6.3.dep.yml => semver-7.7.0.dep.yml} (97%)

diff --git a/.licenses/npm/semver-7.6.3.dep.yml b/.licenses/npm/semver-7.7.0.dep.yml
similarity index 97%
rename from .licenses/npm/semver-7.6.3.dep.yml
rename to .licenses/npm/semver-7.7.0.dep.yml
index c4ee354..af576aa 100644
--- a/.licenses/npm/semver-7.6.3.dep.yml
+++ b/.licenses/npm/semver-7.7.0.dep.yml
@@ -1,9 +1,8 @@
 ---
 name: semver
-version: 7.6.3
+version: 7.7.0
 type: npm
 summary: The semantic version parser used by npm.
-homepage: 
 license: isc
 licenses:
 - sources: LICENSE