From 44e0055a21cb5bb4500025356d2a4fe8dcb65927 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 May 2025 11:42:05 +0000 Subject: [PATCH 1/3] build(deps): bump semver from 7.7.1 to 7.7.2 Bumps [semver](https://github.com/npm/node-semver) from 7.7.1 to 7.7.2. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v7.7.1...v7.7.2) --- updated-dependencies: - dependency-name: semver dependency-version: 7.7.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index b25f988f..bd0e90e5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "dependencies": { "@actions/core": "^1.11.1", "@actions/tool-cache": "^2.0.2", - "semver": "^7.7.1", + "semver": "^7.7.2", "typed-rest-client": "^2.1.0" }, "devDependencies": { @@ -9725,9 +9725,9 @@ "license": "ISC" }, "node_modules/semver": { - "version": "7.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", - "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==", + "version": "7.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", + "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==", "license": "ISC", "bin": { "semver": "bin/semver.js" @@ -17764,9 +17764,9 @@ "dev": true }, "semver": { - "version": "7.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", - "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==" + "version": "7.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", + "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==" }, "set-function-length": { "version": "1.2.2", diff --git a/package.json b/package.json index 4fe860ed..fe74ffb0 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "dependencies": { "@actions/core": "^1.11.1", "@actions/tool-cache": "^2.0.2", - "semver": "^7.7.1", + "semver": "^7.7.2", "typed-rest-client": "^2.1.0" }, "devDependencies": { From 96d1c5e0bcdfbfc123c5b27e891566a6a6031998 Mon Sep 17 00:00:00 2001 From: per1234 Date: Tue, 13 May 2025 08:11:38 -0700 Subject: [PATCH 2/3] Repackage action following `semver` bump GitHub downloads each action run in a workflow during runtime and executes it as a complete package of code before you can use workflow commands like run to interact with the runner machine. This means that we must provide all JavaScript package dependencies as part of the distributed action in order for it to be usable in workflows. A naive approach to doing this is checking in the `node_modules` folder. However, this approach results in a huge amount of frequently changing external content being included in the repository, much of which is not even part of the executed program. A far better approach is to use the excellent ncc tool to compile the program, including all the relevant code from the dependencies, into a single file. We use a "continuous packaging" approach, where the packaged action code that is generated via ncc is always kept in sync with the development source code and dependencies. This allows a beta version of the action to be easily used in workflows by beta testers or those who need changes not in the release simply by using the name of the branch as the action ref (e.g., `uses: arduino/arduino-lint-action@main` will cause the version of the action from the tip of the `main` branch to be used by the workflow run). The update of the package dependency results in a change to the packaged code, so the packaging is here updated accordingly. --- dist/index.js | 150 +++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 143 insertions(+), 7 deletions(-) diff --git a/dist/index.js b/dist/index.js index 494d3eb2..e26eef87 100644 --- a/dist/index.js +++ b/dist/index.js @@ -8259,6 +8259,9 @@ module.exports = { /***/ 9379: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const ANY = Symbol('SemVer ANY') // hoisted class for cyclic dependency class Comparator { @@ -8407,6 +8410,9 @@ const Range = __nccwpck_require__(6782) /***/ 6782: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SPACE_CHARACTERS = /\s+/g // hoisted class for cyclic dependency @@ -8968,9 +8974,12 @@ const testSet = (set, version, options) => { /***/ 7163: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const debug = __nccwpck_require__(1159) const { MAX_LENGTH, MAX_SAFE_INTEGER } = __nccwpck_require__(5101) -const { safeRe: re, safeSrc: src, t } = __nccwpck_require__(5471) +const { safeRe: re, t } = __nccwpck_require__(5471) const parseOptions = __nccwpck_require__(356) const { compareIdentifiers } = __nccwpck_require__(3348) @@ -9152,8 +9161,7 @@ class SemVer { } // Avoid an invalid semver results if (identifier) { - const r = new RegExp(`^${this.options.loose ? src[t.PRERELEASELOOSE] : src[t.PRERELEASE]}$`) - const match = `-${identifier}`.match(r) + const match = `-${identifier}`.match(this.options.loose ? re[t.PRERELEASELOOSE] : re[t.PRERELEASE]) if (!match || match[1] !== identifier) { throw new Error(`invalid identifier: ${identifier}`) } @@ -9293,6 +9301,9 @@ module.exports = SemVer /***/ 1799: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const parse = __nccwpck_require__(6353) const clean = (version, options) => { const s = parse(version.trim().replace(/^[=v]+/, ''), options) @@ -9306,6 +9317,9 @@ module.exports = clean /***/ 8646: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const eq = __nccwpck_require__(5082) const neq = __nccwpck_require__(4974) const gt = __nccwpck_require__(6599) @@ -9365,6 +9379,9 @@ module.exports = cmp /***/ 5385: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const parse = __nccwpck_require__(6353) const { safeRe: re, t } = __nccwpck_require__(5471) @@ -9432,6 +9449,9 @@ module.exports = coerce /***/ 7648: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const compareBuild = (a, b, loose) => { const versionA = new SemVer(a, loose) @@ -9446,6 +9466,9 @@ module.exports = compareBuild /***/ 6874: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const compareLoose = (a, b) => compare(a, b, true) module.exports = compareLoose @@ -9456,6 +9479,9 @@ module.exports = compareLoose /***/ 8469: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const compare = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)) @@ -9468,6 +9494,9 @@ module.exports = compare /***/ 711: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const parse = __nccwpck_require__(6353) const diff = (version1, version2) => { @@ -9533,6 +9562,9 @@ module.exports = diff /***/ 5082: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const eq = (a, b, loose) => compare(a, b, loose) === 0 module.exports = eq @@ -9543,6 +9575,9 @@ module.exports = eq /***/ 6599: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const gt = (a, b, loose) => compare(a, b, loose) > 0 module.exports = gt @@ -9553,6 +9588,9 @@ module.exports = gt /***/ 1236: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const gte = (a, b, loose) => compare(a, b, loose) >= 0 module.exports = gte @@ -9563,6 +9601,9 @@ module.exports = gte /***/ 2338: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const inc = (version, release, options, identifier, identifierBase) => { @@ -9589,6 +9630,9 @@ module.exports = inc /***/ 3872: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const lt = (a, b, loose) => compare(a, b, loose) < 0 module.exports = lt @@ -9599,6 +9643,9 @@ module.exports = lt /***/ 6717: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const lte = (a, b, loose) => compare(a, b, loose) <= 0 module.exports = lte @@ -9609,6 +9656,9 @@ module.exports = lte /***/ 8511: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const major = (a, loose) => new SemVer(a, loose).major module.exports = major @@ -9619,6 +9669,9 @@ module.exports = major /***/ 2603: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const minor = (a, loose) => new SemVer(a, loose).minor module.exports = minor @@ -9629,6 +9682,9 @@ module.exports = minor /***/ 4974: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const neq = (a, b, loose) => compare(a, b, loose) !== 0 module.exports = neq @@ -9639,6 +9695,9 @@ module.exports = neq /***/ 6353: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const parse = (version, options, throwErrors = false) => { if (version instanceof SemVer) { @@ -9662,6 +9721,9 @@ module.exports = parse /***/ 8756: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const patch = (a, loose) => new SemVer(a, loose).patch module.exports = patch @@ -9672,6 +9734,9 @@ module.exports = patch /***/ 5714: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const parse = __nccwpck_require__(6353) const prerelease = (version, options) => { const parsed = parse(version, options) @@ -9685,6 +9750,9 @@ module.exports = prerelease /***/ 2173: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compare = __nccwpck_require__(8469) const rcompare = (a, b, loose) => compare(b, a, loose) module.exports = rcompare @@ -9695,6 +9763,9 @@ module.exports = rcompare /***/ 7192: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compareBuild = __nccwpck_require__(7648) const rsort = (list, loose) => list.sort((a, b) => compareBuild(b, a, loose)) module.exports = rsort @@ -9705,6 +9776,9 @@ module.exports = rsort /***/ 8011: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const Range = __nccwpck_require__(6782) const satisfies = (version, range, options) => { try { @@ -9722,6 +9796,9 @@ module.exports = satisfies /***/ 9872: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const compareBuild = __nccwpck_require__(7648) const sort = (list, loose) => list.sort((a, b) => compareBuild(a, b, loose)) module.exports = sort @@ -9732,6 +9809,9 @@ module.exports = sort /***/ 8780: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const parse = __nccwpck_require__(6353) const valid = (version, options) => { const v = parse(version, options) @@ -9745,6 +9825,9 @@ module.exports = valid /***/ 2088: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + // just pre-load all the stuff that index.js lazily exports const internalRe = __nccwpck_require__(5471) const constants = __nccwpck_require__(5101) @@ -9841,6 +9924,9 @@ module.exports = { /***/ 5101: /***/ ((module) => { +"use strict"; + + // Note: this is the semver.org version of the spec that it implements // Not necessarily the package version of this code. const SEMVER_SPEC_VERSION = '2.0.0' @@ -9883,6 +9969,9 @@ module.exports = { /***/ 1159: /***/ ((module) => { +"use strict"; + + const debug = ( typeof process === 'object' && process.env && @@ -9899,6 +9988,9 @@ module.exports = debug /***/ 3348: /***/ ((module) => { +"use strict"; + + const numeric = /^[0-9]+$/ const compareIdentifiers = (a, b) => { const anum = numeric.test(a) @@ -9929,6 +10021,9 @@ module.exports = { /***/ 1383: /***/ ((module) => { +"use strict"; + + class LRUCache { constructor () { this.max = 1000 @@ -9976,6 +10071,9 @@ module.exports = LRUCache /***/ 356: /***/ ((module) => { +"use strict"; + + // parse out just the options we care about const looseOption = Object.freeze({ loose: true }) const emptyOpts = Object.freeze({ }) @@ -9998,6 +10096,9 @@ module.exports = parseOptions /***/ 5471: /***/ ((module, exports, __nccwpck_require__) => { +"use strict"; + + const { MAX_SAFE_COMPONENT_LENGTH, MAX_SAFE_BUILD_LENGTH, @@ -10076,12 +10177,14 @@ createToken('MAINVERSIONLOOSE', `(${src[t.NUMERICIDENTIFIERLOOSE]})\\.` + // ## Pre-release Version Identifier // A numeric identifier, or a non-numeric identifier. +// Non-numberic identifiers include numberic identifiers but can be longer. +// Therefore non-numberic identifiers must go first. -createToken('PRERELEASEIDENTIFIER', `(?:${src[t.NUMERICIDENTIFIER] -}|${src[t.NONNUMERICIDENTIFIER]})`) +createToken('PRERELEASEIDENTIFIER', `(?:${src[t.NONNUMERICIDENTIFIER] +}|${src[t.NUMERICIDENTIFIER]})`) -createToken('PRERELEASEIDENTIFIERLOOSE', `(?:${src[t.NUMERICIDENTIFIERLOOSE] -}|${src[t.NONNUMERICIDENTIFIER]})`) +createToken('PRERELEASEIDENTIFIERLOOSE', `(?:${src[t.NONNUMERICIDENTIFIER] +}|${src[t.NUMERICIDENTIFIERLOOSE]})`) // ## Pre-release Version // Hyphen, followed by one or more dot-separated pre-release version @@ -10224,6 +10327,9 @@ createToken('GTE0PRE', '^\\s*>=\\s*0\\.0\\.0-0\\s*$') /***/ 2276: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + // Determine if version is greater than all the versions possible in the range. const outside = __nccwpck_require__(280) const gtr = (version, range, options) => outside(version, range, '>', options) @@ -10235,6 +10341,9 @@ module.exports = gtr /***/ 3465: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const Range = __nccwpck_require__(6782) const intersects = (r1, r2, options) => { r1 = new Range(r1, options) @@ -10249,6 +10358,9 @@ module.exports = intersects /***/ 5213: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const outside = __nccwpck_require__(280) // Determine if version is less than all the versions possible in the range const ltr = (version, range, options) => outside(version, range, '<', options) @@ -10260,6 +10372,9 @@ module.exports = ltr /***/ 5574: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const Range = __nccwpck_require__(6782) @@ -10292,6 +10407,9 @@ module.exports = maxSatisfying /***/ 8595: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const Range = __nccwpck_require__(6782) const minSatisfying = (versions, range, options) => { @@ -10323,6 +10441,9 @@ module.exports = minSatisfying /***/ 1866: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const Range = __nccwpck_require__(6782) const gt = __nccwpck_require__(6599) @@ -10391,6 +10512,9 @@ module.exports = minVersion /***/ 280: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const SemVer = __nccwpck_require__(7163) const Comparator = __nccwpck_require__(9379) const { ANY } = Comparator @@ -10478,6 +10602,9 @@ module.exports = outside /***/ 2028: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + // given a set of versions and a range, create a "simplified" range // that includes the same versions that the original range does // If the original range is shorter than the simplified one, return that. @@ -10532,6 +10659,9 @@ module.exports = (versions, range, options) => { /***/ 1489: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const Range = __nccwpck_require__(6782) const Comparator = __nccwpck_require__(9379) const { ANY } = Comparator @@ -10786,6 +10916,9 @@ module.exports = subset /***/ 4750: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const Range = __nccwpck_require__(6782) // Mostly just for testing and legacy API reasons @@ -10801,6 +10934,9 @@ module.exports = toComparators /***/ 4737: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { +"use strict"; + + const Range = __nccwpck_require__(6782) const validRange = (range, options) => { try { From 4117d3c6b16e5c85637d8e2f91e488df6ad37a8a Mon Sep 17 00:00:00 2001 From: per1234 Date: Tue, 13 May 2025 08:11:56 -0700 Subject: [PATCH 3/3] Update dependency license metadata cache for `semver` bump --- .licenses/npm/{semver-7.7.1.dep.yml => semver-7.7.2.dep.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .licenses/npm/{semver-7.7.1.dep.yml => semver-7.7.2.dep.yml} (98%) diff --git a/.licenses/npm/semver-7.7.1.dep.yml b/.licenses/npm/semver-7.7.2.dep.yml similarity index 98% rename from .licenses/npm/semver-7.7.1.dep.yml rename to .licenses/npm/semver-7.7.2.dep.yml index 3194cf4a..41578916 100644 --- a/.licenses/npm/semver-7.7.1.dep.yml +++ b/.licenses/npm/semver-7.7.2.dep.yml @@ -1,6 +1,6 @@ --- name: semver -version: 7.7.1 +version: 7.7.2 type: npm summary: The semantic version parser used by npm. homepage: