C++: turn on CppDependencyInstallation by default for GitHub Enterprise Server

Revert "Update default bundle to 2.17.4"

.github/workflows/update-bundle.yml

@@ -54,7 +54,7 @@ jobs:
           cli_version=$(jq -r '.cliVersion' src/defaults.json)
           pr_url=$(gh pr create \
             --title "Update default bundle to $cli_version" \
-            --body "This pull request updates the default CodeQL bundle, as used with \`tools: latest\` and on GHES, to $cli_version." \
+            --body "This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." \
             --assignee "$GITHUB_ACTOR" \
             --draft \
           )

CHANGELOG.md

@@ -6,7 +6,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the
 
 ## [UNRELEASED]
 
-No user facing changes.
+- We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. [#2306](https://github.com/github/codeql-action/pull/2306)
 
 ## 3.25.6 - 20 May 2024
 

lib/actions-util.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getFileType = exports.FileCmdNotFoundError = exports.getWorkflowRunAttempt = exports.getWorkflowRunID = exports.getUploadValue = exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.getWorkflowEventName = exports.getActionVersion = exports.getRef = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
+exports.getFileType = exports.FileCmdNotFoundError = exports.getWorkflowRunAttempt = exports.getWorkflowRunID = exports.getUploadValue = exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getWorkflowEvent = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.getWorkflowEventName = exports.getActionVersion = exports.getRef = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
@@ -275,6 +275,7 @@ function getWorkflowEvent() {
         throw new Error(`Unable to read workflow event JSON from ${eventJsonFile}: ${e}`);
     }
 }
+exports.getWorkflowEvent = getWorkflowEvent;
 function removeRefsHeadsPrefix(ref) {
     return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref;
 }

lib/analyze-action.js

@@ -48,7 +48,7 @@ const status_report_1 = require("./status-report");
 const trap_caching_1 = require("./trap-caching");
 const uploadLib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
-async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger) {
+async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanup, logger) {
     const status = (0, status_report_1.getActionsStatus)(error, stats?.analyze_failure_language);
     const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, status, startedAt, config, await util.checkDiskUsage(), logger, error?.message, error?.stack);
     if (statusReportBase !== undefined) {
@@ -56,6 +56,7 @@ async function sendStatusReport(startedAt, config, stats, error, trapCacheUpload
             ...statusReportBase,
             ...(stats || {}),
             ...(dbCreationTimings || {}),
+            ...(trapCacheCleanup || {}),
         };
         if (config && didUploadTrapCaches) {
             const trapCacheUploadStatusReport = {
@@ -141,6 +142,7 @@ async function run() {
     let uploadResult = undefined;
     let runStats = undefined;
     let config = undefined;
+    let trapCacheCleanupTelemetry = undefined;
     let trapCacheUploadTime = undefined;
     let dbCreationTimings = undefined;
     let didUploadTrapCaches = false;
@@ -196,6 +198,8 @@ async function run() {
         const trapCacheUploadStartTime = perf_hooks_1.performance.now();
         didUploadTrapCaches = await (0, trap_caching_1.uploadTrapCaches)(codeql, config, logger);
         trapCacheUploadTime = perf_hooks_1.performance.now() - trapCacheUploadStartTime;
+        // Clean up TRAP caches
+        trapCacheCleanupTelemetry = await (0, trap_caching_1.cleanupTrapCaches)(config, features, logger);
         // We don't upload results in test mode, so don't wait for processing
         if (util.isInTestMode()) {
             logger.debug("In test mode. Waiting for processing is disabled.");
@@ -218,10 +222,10 @@ async function run() {
         }
         if (error instanceof analyze_1.CodeQLAnalysisError) {
             const stats = { ...error.queriesStatusReport };
-            await sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
+            await sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
         }
         else {
-            await sendStatusReport(startedAt, config, undefined, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
+            await sendStatusReport(startedAt, config, undefined, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
         }
         return;
     }
@@ -229,13 +233,13 @@ async function run() {
         await sendStatusReport(startedAt, config, {
             ...runStats,
             ...uploadResult.statusReport,
-        }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
+        }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
     }
     else if (runStats) {
-        await sendStatusReport(startedAt, config, { ...runStats }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
+        await sendStatusReport(startedAt, config, { ...runStats }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
     }
     else {
-        await sendStatusReport(startedAt, config, undefined, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
+        await sendStatusReport(startedAt, config, undefined, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
     }
 }
 exports.runPromise = run();

lib/api-client.js

@@ -26,12 +26,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.wrapApiConfigurationError = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.getWorkflowRelativePath = exports.getGitHubVersion = exports.getGitHubVersionFromApi = exports.getApiClientWithExternalAuth = exports.getApiClient = exports.getApiDetails = exports.DisallowedAPIVersionReason = void 0;
+exports.wrapApiConfigurationError = exports.deleteActionsCache = exports.listActionsCaches = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.getWorkflowRelativePath = exports.getGitHubVersion = exports.getGitHubVersionFromApi = exports.getApiClientWithExternalAuth = exports.getApiClient = exports.getApiDetails = exports.DisallowedAPIVersionReason = void 0;
 const core = __importStar(require("@actions/core"));
 const githubUtils = __importStar(require("@actions/github/lib/utils"));
 const retry = __importStar(require("@octokit/plugin-retry"));
 const console_log_level_1 = __importDefault(require("console-log-level"));
 const actions_util_1 = require("./actions-util");
+const repository_1 = require("./repository");
 const util_1 = require("./util");
 const GITHUB_ENTERPRISE_VERSION_HEADER = "x-github-enterprise-version";
 var DisallowedAPIVersionReason;
@@ -163,6 +164,27 @@ function computeAutomationID(analysis_key, environment) {
     return automationID;
 }
 exports.computeAutomationID = computeAutomationID;
+/** List all Actions cache entries matching the provided key and ref. */
+async function listActionsCaches(key, ref) {
+    const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
+    return await getApiClient().paginate("GET /repos/{owner}/{repo}/actions/caches", {
+        owner: repositoryNwo.owner,
+        repo: repositoryNwo.repo,
+        key,
+        ref,
+    });
+}
+exports.listActionsCaches = listActionsCaches;
+/** Delete an Actions cache item by its ID. */
+async function deleteActionsCache(id) {
+    const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
+    await getApiClient().rest.actions.deleteActionsCacheById({
+        owner: repositoryNwo.owner,
+        repo: repositoryNwo.repo,
+        cache_id: id,
+    });
+}
+exports.deleteActionsCache = deleteActionsCache;
 function wrapApiConfigurationError(e) {
     if ((0, util_1.isHTTPError)(e)) {
         if (e.message.includes("API rate limit exceeded for site ID installation") ||

lib/api-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AACtC,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAoE;AACpE,iCASgB;AAEhB,MAAM,gCAAgC,GAAG,6BAA6B,CAAC;AAEvE,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,0CAA1B,0BAA0B,QAGrC;AAiBD,SAAS,0BAA0B,CACjC,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,UAAU,CAAC,MAAM;QAC1B,SAAS,EAAE,iBAAiB,IAAA,+BAAgB,GAAE,EAAE;QAChD,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAND,sCAMC;AAED,SAAgB,YAAY;IAC1B,OAAO,0BAA0B,CAAC,aAAa,EAAE,CAAC,CAAC;AACrD,CAAC;AAFD,oCAEC;AAED,SAAgB,4BAA4B,CAC1C,UAAoC;IAEpC,OAAO,0BAA0B,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;AACzE,CAAC;AAJD,oEAIC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAExD,KAAK,UAAU,uBAAuB,CAC3C,SAAc,EACd,UAA4B;IAE5B,iEAAiE;IACjE,IAAI,IAAA,qBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,KAAK,wBAAiB,EAAE,CAAC;QACzD,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,8DAA8D;IAC9D,mEAAmE;IACnE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEjD,8EAA8E;IAC9E,wEAAwE;IACxE,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,UAAU,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAW,CAAC;IAC7E,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;AAC/C,CAAC;AAzBD,0DAyBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB;IACpC,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACtC,mBAAmB,GAAG,MAAM,uBAAuB,CACjD,YAAY,EAAE,EACd,aAAa,EAAE,CAChB,CAAC;IACJ,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,4CAQC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAA,0BAAmB,EAAC,eAAe,CAAC,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,CAC1C,yEAAyE,EACzE;QACE,KAAK;QACL,IAAI;QACJ,MAAM;KACP,CACF,CAAC;IACF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC;IAEvE,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;AACpC,CAAC;AApBD,0DAoBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;IAEvD,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,uBAAuB,EAAE,CAAC;IACrD,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAElD,WAAW,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAdD,wCAcC;AAEM,KAAK,UAAU,eAAe;IACnC,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,MAAM,WAAW,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAE/C,OAAO,mBAAmB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AALD,0CAKC;AAED,SAAgB,mBAAmB,CACjC,YAAoB,EACpB,WAA+B;IAE/B,IAAI,YAAY,GAAG,GAAG,YAAY,GAAG,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjC,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,qDAAqD;gBACrD,6CAA6C;gBAC7C,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AArBD,kDAqBC;AAED,SAAgB,yBAAyB,CAAC,CAAU;IAClD,IAAI,IAAA,kBAAW,EAAC,CAAC,CAAC,EAAE,CAAC;QACnB,IACE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,kDAAkD,CAAC;YACtE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YACtC,uCAAuC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,EACvD,CAAC;YACD,OAAO,IAAI,yBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAXD,8DAWC"}
+{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AACtC,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAoE;AACpE,6CAAkD;AAClD,iCASgB;AAEhB,MAAM,gCAAgC,GAAG,6BAA6B,CAAC;AAEvE,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,0CAA1B,0BAA0B,QAGrC;AAiBD,SAAS,0BAA0B,CACjC,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,UAAU,CAAC,MAAM;QAC1B,SAAS,EAAE,iBAAiB,IAAA,+BAAgB,GAAE,EAAE;QAChD,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAND,sCAMC;AAED,SAAgB,YAAY;IAC1B,OAAO,0BAA0B,CAAC,aAAa,EAAE,CAAC,CAAC;AACrD,CAAC;AAFD,oCAEC;AAED,SAAgB,4BAA4B,CAC1C,UAAoC;IAEpC,OAAO,0BAA0B,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;AACzE,CAAC;AAJD,oEAIC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAExD,KAAK,UAAU,uBAAuB,CAC3C,SAAc,EACd,UAA4B;IAE5B,iEAAiE;IACjE,IAAI,IAAA,qBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,KAAK,wBAAiB,EAAE,CAAC;QACzD,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,8DAA8D;IAC9D,mEAAmE;IACnE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEjD,8EAA8E;IAC9E,wEAAwE;IACxE,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,UAAU,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAW,CAAC;IAC7E,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;AAC/C,CAAC;AAzBD,0DAyBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB;IACpC,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACtC,mBAAmB,GAAG,MAAM,uBAAuB,CACjD,YAAY,EAAE,EACd,aAAa,EAAE,CAChB,CAAC;IACJ,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,4CAQC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAA,0BAAmB,EAAC,eAAe,CAAC,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,CAC1C,yEAAyE,EACzE;QACE,KAAK;QACL,IAAI;QACJ,MAAM;KACP,CACF,CAAC;IACF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC;IAEvE,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;AACpC,CAAC;AApBD,0DAoBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;IAEvD,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,uBAAuB,EAAE,CAAC;IACrD,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAElD,WAAW,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAdD,wCAcC;AAEM,KAAK,UAAU,eAAe;IACnC,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,MAAM,WAAW,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAE/C,OAAO,mBAAmB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AALD,0CAKC;AAED,SAAgB,mBAAmB,CACjC,YAAoB,EACpB,WAA+B;IAE/B,IAAI,YAAY,GAAG,GAAG,YAAY,GAAG,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjC,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,qDAAqD;gBACrD,6CAA6C;gBAC7C,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AArBD,kDAqBC;AASD,wEAAwE;AACjE,KAAK,UAAU,iBAAiB,CACrC,GAAW,EACX,GAAW;IAEX,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IAEF,OAAO,MAAM,YAAY,EAAE,CAAC,QAAQ,CAClC,0CAA0C,EAC1C;QACE,KAAK,EAAE,aAAa,CAAC,KAAK;QAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;QACxB,GAAG;QACH,GAAG;KACJ,CACF,CAAC;AACJ,CAAC;AAjBD,8CAiBC;AAED,8CAA8C;AACvC,KAAK,UAAU,kBAAkB,CAAC,EAAU;IACjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IAEF,MAAM,YAAY,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC;QACvD,KAAK,EAAE,aAAa,CAAC,KAAK;QAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;QACxB,QAAQ,EAAE,EAAE;KACb,CAAC,CAAC;AACL,CAAC;AAVD,gDAUC;AAED,SAAgB,yBAAyB,CAAC,CAAU;IAClD,IAAI,IAAA,kBAAW,EAAC,CAAC,CAAC,EAAE,CAAC;QACnB,IACE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,kDAAkD,CAAC;YACtE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YACtC,uCAAuC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,EACvD,CAAC;YACD,OAAO,IAAI,yBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAXD,8DAWC"}

lib/cli-errors.js

@@ -130,6 +130,7 @@ var CliConfigErrorCategory;
     CliConfigErrorCategory["NoSupportedBuildSystemDetected"] = "NoSupportedBuildSystemDetected";
     CliConfigErrorCategory["OutOfMemoryOrDisk"] = "OutOfMemoryOrDisk";
     CliConfigErrorCategory["PackCannotBeFound"] = "PackCannotBeFound";
+    CliConfigErrorCategory["PackMissingAuth"] = "PackMissingAuth";
     CliConfigErrorCategory["SwiftBuildFailed"] = "SwiftBuildFailed";
     CliConfigErrorCategory["UnsupportedBuildMode"] = "UnsupportedBuildMode";
 })(CliConfigErrorCategory || (exports.CliConfigErrorCategory = CliConfigErrorCategory = {}));
@@ -217,6 +218,12 @@ exports.cliErrorsConfig = {
             new RegExp("Query pack .* cannot be found\\. Check the spelling of the pack\\."),
         ],
     },
+    [CliConfigErrorCategory.PackMissingAuth]: {
+        cliErrorMessageCandidates: [
+            new RegExp("GitHub Container registry .* 403 Forbidden"),
+            new RegExp("Do you need to specify a token to authenticate to the registry?"),
+        ],
+    },
     [CliConfigErrorCategory.SwiftBuildFailed]: {
         cliErrorMessageCandidates: [
             new RegExp("\\[autobuilder/build\\] \\[build-command-failed\\] `autobuild` failed to run the build command"),

lib/feature-flags.js

@@ -50,6 +50,7 @@ exports.CODEQL_VERSION_FINE_GRAINED_PARALLELISM = "2.15.1";
 var Feature;
 (function (Feature) {
     Feature["AutobuildDirectTracing"] = "autobuild_direct_tracing";
+    Feature["CleanupTrapCaches"] = "cleanup_trap_caches";
     Feature["CppDependencyInstallation"] = "cpp_dependency_installation_enabled";
     Feature["CppTrapCachingEnabled"] = "cpp_trap_caching_enabled";
     Feature["DisableJavaBuildlessEnabled"] = "disable_java_buildless_enabled";
@@ -64,8 +65,13 @@ exports.featureConfig = {
         minimumVersion: undefined,
         toolsFeature: tools_features_1.ToolsFeature.TraceCommandUseBuildMode,
     },
-    [Feature.CppDependencyInstallation]: {
+    [Feature.CleanupTrapCaches]: {
         defaultValue: false,
+        envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES",
+        minimumVersion: undefined,
+    },
+    [Feature.CppDependencyInstallation]: {
+        defaultValue: true,
         envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
         legacyApi: true,
         minimumVersion: "2.15.0",

lib/status-report.js

@@ -133,6 +133,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi
         if (testingEnvironment !== "") {
             core.exportVariable(environment_1.EnvVar.TESTING_ENVIRONMENT, testingEnvironment);
         }
+        const isSteadyStateDefaultSetupRun = process.env["CODE_SCANNING_IS_STEADY_STATE_DEFAULT_SETUP"] === "true";
         const statusReport = {
             action_name: actionName,
             action_oid: "unknown", // TODO decide if it's possible to fill this in
@@ -149,6 +150,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi
             runner_os: runnerOs,
             started_at: workflowStartedAt,
             status,
+            steady_state_default_setup: isSteadyStateDefaultSetupRun,
             testing_environment: testingEnvironment,
             workflow_name: workflowName,
             workflow_run_attempt: workflowRunAttempt,

lib/status-report.test.js

@@ -79,6 +79,7 @@ function setupEnvironmentAndStub(tmpDir) {
             t.is(statusReport.runner_os, process.env["RUNNER_OS"]);
             t.is(statusReport.started_at, process.env[environment_1.EnvVar.WORKFLOW_STARTED_AT]);
             t.is(statusReport.status, "failure");
+            t.is(statusReport.steady_state_default_setup, false);
             t.is(statusReport.workflow_name, process.env["GITHUB_WORKFLOW"] || "");
             t.is(statusReport.workflow_run_attempt, 2);
             t.is(statusReport.workflow_run_id, 100);

lib/trap-caching.js

@@ -23,11 +23,13 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getTotalCacheSize = exports.getLanguagesSupportingCaching = exports.uploadTrapCaches = exports.downloadTrapCaches = void 0;
+exports.getTotalCacheSize = exports.getLanguagesSupportingCaching = exports.cleanupTrapCaches = exports.uploadTrapCaches = exports.downloadTrapCaches = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const cache = __importStar(require("@actions/cache"));
+const actionsCache = __importStar(require("@actions/cache"));
 const actionsUtil = __importStar(require("./actions-util"));
+const apiClient = __importStar(require("./api-client"));
+const feature_flags_1 = require("./feature-flags");
 const util_1 = require("./util");
 // This constant should be bumped if we make a breaking change
 // to how the CodeQL Action stores or retrieves the TRAP cache,
@@ -35,6 +37,7 @@ const util_1 = require("./util");
 // this for CLI/extractor changes, since the CLI version also
 // goes into the cache key.
 const CACHE_VERSION = 1;
+const CODEQL_TRAP_CACHE_PREFIX = "codeql-trap";
 // This constant sets the minimum size in megabytes of a TRAP
 // cache for us to consider it worth uploading.
 const MINIMUM_CACHE_MB_TO_UPLOAD = 10;
@@ -81,7 +84,7 @@ async function downloadTrapCaches(codeql, languages, logger) {
         // The SHA from the base of the PR is the most similar commit we might have a cache for
         const preferredKey = await cacheKey(codeql, language, baseSha);
         logger.info(`Looking in Actions cache for TRAP cache with key ${preferredKey}`);
-        const found = await (0, util_1.withTimeout)(MAX_CACHE_OPERATION_MS, cache.restoreCache([cacheDir], preferredKey, [
+        const found = await (0, util_1.withTimeout)(MAX_CACHE_OPERATION_MS, actionsCache.restoreCache([cacheDir], preferredKey, [
             // Fall back to any cache with the right key prefix
             await cachePrefix(codeql, language),
         ]), () => {
@@ -123,13 +126,76 @@ async function uploadTrapCaches(codeql, config, logger) {
         }
         const key = await cacheKey(codeql, language, process.env.GITHUB_SHA || "unknown");
         logger.info(`Uploading TRAP cache to Actions cache with key ${key}`);
-        await (0, util_1.withTimeout)(MAX_CACHE_OPERATION_MS, cache.saveCache([cacheDir], key), () => {
+        await (0, util_1.withTimeout)(MAX_CACHE_OPERATION_MS, actionsCache.saveCache([cacheDir], key), () => {
             logger.info(`Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading`);
         });
     }
     return true;
 }
 exports.uploadTrapCaches = uploadTrapCaches;
+async function cleanupTrapCaches(config, features, logger) {
+    if (!(await features.getValue(feature_flags_1.Feature.CleanupTrapCaches))) {
+        return {
+            trap_cache_cleanup_skipped_because: "feature disabled",
+        };
+    }
+    if (!(await actionsUtil.isAnalyzingDefaultBranch())) {
+        return {
+            trap_cache_cleanup_skipped_because: "not analyzing default branch",
+        };
+    }
+    try {
+        let totalBytesCleanedUp = 0;
+        const allCaches = await apiClient.listActionsCaches(CODEQL_TRAP_CACHE_PREFIX, await actionsUtil.getRef());
+        for (const language of config.languages) {
+            if (config.trapCaches[language]) {
+                const cachesToRemove = await getTrapCachesForLanguage(allCaches, language, logger);
+                // Dates returned by the API are in ISO 8601 format, so we can sort them lexicographically
+                cachesToRemove.sort((a, b) => a.created_at.localeCompare(b.created_at));
+                // Keep the most recent cache
+                const mostRecentCache = cachesToRemove.pop();
+                logger.debug(`Keeping most recent TRAP cache (${JSON.stringify(mostRecentCache)})`);
+                if (cachesToRemove.length === 0) {
+                    logger.info(`No TRAP caches to clean up for ${language}.`);
+                    continue;
+                }
+                for (const cache of cachesToRemove) {
+                    logger.debug(`Cleaning up TRAP cache (${JSON.stringify(cache)})`);
+                    await apiClient.deleteActionsCache(cache.id);
+                }
+                const bytesCleanedUp = cachesToRemove.reduce((acc, item) => acc + item.size_in_bytes, 0);
+                totalBytesCleanedUp += bytesCleanedUp;
+                const megabytesCleanedUp = (bytesCleanedUp / (1024 * 1024)).toFixed(2);
+                logger.info(`Cleaned up ${megabytesCleanedUp} MiB of old TRAP caches for ${language}.`);
+            }
+        }
+        return { trap_cache_cleanup_size_bytes: totalBytesCleanedUp };
+    }
+    catch (e) {
+        if ((0, util_1.isHTTPError)(e) && e.status === 403) {
+            logger.warning("Could not cleanup TRAP caches as the token did not have the required permissions. " +
+                'To clean up TRAP caches, ensure the token has the "actions:write" permission. ' +
+                "For more information, see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs");
+        }
+        else {
+            logger.info(`Failed to cleanup TRAP caches, continuing. Details: ${e}`);
+        }
+        return { trap_cache_cleanup_error: (0, util_1.wrapError)(e).message };
+    }
+}
+exports.cleanupTrapCaches = cleanupTrapCaches;
+async function getTrapCachesForLanguage(allCaches, language, logger) {
+    logger.debug(`Listing TRAP caches for ${language}`);
+    for (const cache of allCaches) {
+        if (!cache.created_at || !cache.id || !cache.key || !cache.size_in_bytes) {
+            throw new Error("An unexpected cache item was returned from the API that was missing one or " +
+                `more required fields: ${JSON.stringify(cache)}`);
+        }
+    }
+    return allCaches.filter((cache) => {
+        return cache.key?.includes(`-${language}-`);
+    });
+}
 async function getLanguagesSupportingCaching(codeql, languages, logger) {
     const result = [];
     const resolveResult = await codeql.betterResolveLanguages();
@@ -169,6 +235,6 @@ async function cacheKey(codeql, language, baseSha) {
     return `${await cachePrefix(codeql, language)}${baseSha}`;
 }
 async function cachePrefix(codeql, language) {
-    return `codeql-trap-${CACHE_VERSION}-${(await codeql.getVersion()).version}-${language}-`;
+    return `${CODEQL_TRAP_CACHE_PREFIX}-${CACHE_VERSION}-${(await codeql.getVersion()).version}-${language}-`;
 }
 //# sourceMappingURL=trap-caching.js.map

lib/trap-caching.test.js

@@ -32,8 +32,11 @@ const cache = __importStar(require("@actions/cache"));
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
 const actionsUtil = __importStar(require("./actions-util"));
+const apiClient = __importStar(require("./api-client"));
 const codeql_1 = require("./codeql");
+const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
+const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 const trap_caching_1 = require("./trap-caching");
 const util = __importStar(require("./util"));
@@ -168,4 +171,74 @@ function getTestConfigWithTempDir(tempDir) {
         t.assert(fs.existsSync(path.resolve(tmpDir, "trapCaches", "javascript")));
     });
 });
+(0, ava_1.default)("cleanup removes only old CodeQL TRAP caches", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        // This config specifies that we are analyzing JavaScript and Ruby, but not Swift.
+        const config = getTestConfigWithTempDir(tmpDir);
+        sinon.stub(actionsUtil, "getRef").resolves("refs/heads/main");
+        sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
+        const listStub = sinon.stub(apiClient, "listActionsCaches").resolves([
+            // Should be kept, since it's not relevant to CodeQL. In reality, the API shouldn't return
+            // this in the first place, but this is a defensive check.
+            {
+                id: 1,
+                key: "some-other-key",
+                created_at: "2024-05-23T14:25:00Z",
+                size_in_bytes: 100 * 1024 * 1024,
+            },
+            // Should be kept, since it's the newest TRAP cache for JavaScript
+            {
+                id: 2,
+                key: "codeql-trap-1-2.0.0-javascript-newest",
+                created_at: "2024-04-23T14:25:00Z",
+                size_in_bytes: 50 * 1024 * 1024,
+            },
+            // Should be cleaned up
+            {
+                id: 3,
+                key: "codeql-trap-1-2.0.0-javascript-older",
+                created_at: "2024-03-22T14:25:00Z",
+                size_in_bytes: 200 * 1024 * 1024,
+            },
+            // Should be cleaned up
+            {
+                id: 4,
+                key: "codeql-trap-1-2.0.0-javascript-oldest",
+                created_at: "2024-02-21T14:25:00Z",
+                size_in_bytes: 300 * 1024 * 1024,
+            },
+            // Should be kept, since it's the newest TRAP cache for Ruby
+            {
+                id: 5,
+                key: "codeql-trap-1-2.0.0-ruby-newest",
+                created_at: "2024-02-20T14:25:00Z",
+                size_in_bytes: 300 * 1024 * 1024,
+            },
+            // Should be kept, since we aren't analyzing Swift
+            {
+                id: 6,
+                key: "codeql-trap-1-2.0.0-swift-newest",
+                created_at: "2024-02-22T14:25:00Z",
+                size_in_bytes: 300 * 1024 * 1024,
+            },
+            // Should be kept, since we aren't analyzing Swift
+            {
+                id: 7,
+                key: "codeql-trap-1-2.0.0-swift-older",
+                created_at: "2024-02-21T14:25:00Z",
+                size_in_bytes: 300 * 1024 * 1024,
+            },
+        ]);
+        const deleteStub = sinon.stub(apiClient, "deleteActionsCache").resolves();
+        const statusReport = await (0, trap_caching_1.cleanupTrapCaches)(config, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CleanupTrapCaches]), (0, logging_1.getRunnerLogger)(true));
+        t.is(listStub.callCount, 1);
+        t.assert(listStub.calledWithExactly("codeql-trap", "refs/heads/main"));
+        t.deepEqual(statusReport, {
+            trap_cache_cleanup_size_bytes: 500 * 1024 * 1024,
+        });
+        t.is(deleteStub.callCount, 2);
+        t.assert(deleteStub.calledWithExactly(3));
+        t.assert(deleteStub.calledWithExactly(4));
+    });
+});
 //# sourceMappingURL=trap-caching.test.js.map

node_modules/.package-lock.json

@@ -1678,10 +1678,11 @@
       }
     },
     "node_modules/braces": {
-      "version": "3.0.2",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
       "dependencies": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
       },
       "engines": {
         "node": ">=8"
@@ -3269,8 +3270,9 @@
       }
     },
     "node_modules/fill-range": {
-      "version": "7.0.1",
-      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
       "dependencies": {
         "to-regex-range": "^5.0.1"
       },
@@ -3944,6 +3946,7 @@
     },
     "node_modules/is-number": {
       "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
       "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
       "engines": {
         "node": ">=0.12.0"
@@ -4423,11 +4426,11 @@
       }
     },
     "node_modules/micromatch": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
-      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+      "version": "4.0.7",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.7.tgz",
+      "integrity": "sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==",
       "dependencies": {
-        "braces": "^3.0.2",
+        "braces": "^3.0.3",
         "picomatch": "^2.3.1"
       },
       "engines": {
@@ -5853,6 +5856,7 @@
     },
     "node_modules/to-regex-range": {
       "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
       "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
       "dependencies": {
         "is-number": "^7.0.0"

node_modules/braces/CHANGELOG.md

@@ -1,184 +0,0 @@
-# Release history
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
-
-<details>
-  <summary><strong>Guiding Principles</strong></summary>
-
-- Changelogs are for humans, not machines.
-- There should be an entry for every single version.
-- The same types of changes should be grouped.
-- Versions and sections should be linkable.
-- The latest version comes first.
-- The release date of each versions is displayed.
-- Mention whether you follow Semantic Versioning.
-
-</details>
-
-<details>
-  <summary><strong>Types of changes</strong></summary>
-
-Changelog entries are classified using the following labels _(from [keep-a-changelog](http://keepachangelog.com/)_):
-
-- `Added` for new features.
-- `Changed` for changes in existing functionality.
-- `Deprecated` for soon-to-be removed features.
-- `Removed` for now removed features.
-- `Fixed` for any bug fixes.
-- `Security` in case of vulnerabilities.
-
-</details>
-
-## [3.0.0] - 2018-04-08
-
-v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler. 
-
-**Breaking Changes**
-
-- The undocumented `.makeRe` method was removed
-
-**Non-breaking changes**
-
-- Caching was removed
-
-## [2.3.2] - 2018-04-08
-
-- start refactoring
-- cover sets
-- better range handling
-
-## [2.3.1] - 2018-02-17
-
-- Remove unnecessary escape in Regex. (#14)
-
-## [2.3.0] - 2017-10-19
-
-- minor code reorganization
-- optimize regex
-- expose `maxLength` option
-
-## [2.2.1] - 2017-05-30
-
-- don't condense when braces contain extglobs
-
-## [2.2.0] - 2017-05-28
-
-- ensure word boundaries are preserved
-- fixes edge case where extglob characters precede a brace pattern
-
-## [2.1.1] - 2017-04-27
-
-- use snapdragon-node
-- handle edge case
-- optimizations, lint
-
-## [2.0.4] - 2017-04-11
-
-- pass opts to compiler
-- minor optimization in create method
-- re-write parser handlers to remove negation regex
-
-## [2.0.3] - 2016-12-10
-
-- use split-string
-- clear queue at the end
-- adds sequences example
-- add unit tests
-
-## [2.0.2] - 2016-10-21
-
-- fix comma handling in nested extglobs
-
-## [2.0.1] - 2016-10-20
-
-- add comments
-- more tests, ensure quotes are stripped
-
-## [2.0.0] - 2016-10-19
-
-- don't expand braces inside character classes
-- add quantifier pattern
-
-## [1.8.5] - 2016-05-21
-
-- Refactor (#10)
-
-## [1.8.4] - 2016-04-20
-
-- fixes https://github.com/jonschlinkert/micromatch/issues/66
-
-## [1.8.0] - 2015-03-18
-
-- adds exponent examples, tests
-- fixes the first example in https://github.com/jonschlinkert/micromatch/issues/38
-
-## [1.6.0] - 2015-01-30
-
-- optimizations, `bash` mode:
-- improve path escaping
-
-## [1.5.0] - 2015-01-28
-
-- Merge pull request #5 from eush77/lib-files
-
-## [1.4.0] - 2015-01-24
-
-- add extglob tests
-- externalize exponent function
-- better whitespace handling
-
-## [1.3.0] - 2015-01-24
-
-- make regex patterns explicity
-
-## [1.1.0] - 2015-01-11
-
-- don't create a match group with `makeRe`
-
-## [1.0.0] - 2014-12-23
-
-- Merge commit '97b05f5544f8348736a8efaecf5c32bbe3e2ad6e'
-- support empty brace syntax
-- better bash coverage
-- better support for regex strings
-
-## [0.1.4] - 2014-11-14
-
-- improve recognition of bad args, recognize mismatched argument types
-- support escaping
-- remove pathname-expansion
-- support whitespace in patterns
-
-## [0.1.0]
-
-- first commit
-
-[2.3.2]: https://github.com/micromatch/braces/compare/2.3.1...2.3.2
-[2.3.1]: https://github.com/micromatch/braces/compare/2.3.0...2.3.1
-[2.3.0]: https://github.com/micromatch/braces/compare/2.2.1...2.3.0
-[2.2.1]: https://github.com/micromatch/braces/compare/2.2.0...2.2.1
-[2.2.0]: https://github.com/micromatch/braces/compare/2.1.1...2.2.0
-[2.1.1]: https://github.com/micromatch/braces/compare/2.1.0...2.1.1
-[2.1.0]: https://github.com/micromatch/braces/compare/2.0.4...2.1.0
-[2.0.4]: https://github.com/micromatch/braces/compare/2.0.3...2.0.4
-[2.0.3]: https://github.com/micromatch/braces/compare/2.0.2...2.0.3
-[2.0.2]: https://github.com/micromatch/braces/compare/2.0.1...2.0.2
-[2.0.1]: https://github.com/micromatch/braces/compare/2.0.0...2.0.1
-[2.0.0]: https://github.com/micromatch/braces/compare/1.8.5...2.0.0
-[1.8.5]: https://github.com/micromatch/braces/compare/1.8.4...1.8.5
-[1.8.4]: https://github.com/micromatch/braces/compare/1.8.0...1.8.4
-[1.8.0]: https://github.com/micromatch/braces/compare/1.6.0...1.8.0
-[1.6.0]: https://github.com/micromatch/braces/compare/1.5.0...1.6.0
-[1.5.0]: https://github.com/micromatch/braces/compare/1.4.0...1.5.0
-[1.4.0]: https://github.com/micromatch/braces/compare/1.3.0...1.4.0
-[1.3.0]: https://github.com/micromatch/braces/compare/1.2.0...1.3.0
-[1.2.0]: https://github.com/micromatch/braces/compare/1.1.0...1.2.0
-[1.1.0]: https://github.com/micromatch/braces/compare/1.0.0...1.1.0
-[1.0.0]: https://github.com/micromatch/braces/compare/0.1.4...1.0.0
-[0.1.4]: https://github.com/micromatch/braces/compare/0.1.0...0.1.4
-
-[Unreleased]: https://github.com/micromatch/braces/compare/0.1.0...HEAD
-[keep-a-changelog]: https://github.com/olivierlacan/keep-a-changelog

node_modules/braces/LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2014-2018, Jon Schlinkert.
+Copyright (c) 2014-present, Jon Schlinkert.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

node_modules/braces/README.md

@@ -20,15 +20,15 @@ See the [changelog](CHANGELOG.md) for details.
 
 Brace patterns make globs more powerful by adding the ability to match specific ranges and sequences of characters.
 
-* **Accurate** - complete support for the [Bash 4.3 Brace Expansion](www.gnu.org/software/bash/) specification (passes all of the Bash braces tests)
-* **[fast and performant](#benchmarks)** - Starts fast, runs fast and [scales well](#performance) as patterns increase in complexity.
-* **Organized code base** - The parser and compiler are easy to maintain and update when edge cases crop up.
-* **Well-tested** - Thousands of test assertions, and passes all of the Bash, minimatch, and [brace-expansion](https://github.com/juliangruber/brace-expansion) unit tests (as of the date this was written).
-* **Safer** - You shouldn't have to worry about users defining aggressive or malicious brace patterns that can break your application. Braces takes measures to prevent malicious regex that can be used for DDoS attacks (see [catastrophic backtracking](https://www.regular-expressions.info/catastrophic.html)).
-* [Supports lists](#lists) - (aka "sets") `a/{b,c}/d` => `['a/b/d', 'a/c/d']`
-* [Supports sequences](#sequences) - (aka "ranges") `{01..03}` => `['01', '02', '03']`
-* [Supports steps](#steps) - (aka "increments") `{2..10..2}` => `['2', '4', '6', '8', '10']`
-* [Supports escaping](#escaping) - To prevent evaluation of special characters.
+- **Accurate** - complete support for the [Bash 4.3 Brace Expansion](www.gnu.org/software/bash/) specification (passes all of the Bash braces tests)
+- **[fast and performant](#benchmarks)** - Starts fast, runs fast and [scales well](#performance) as patterns increase in complexity.
+- **Organized code base** - The parser and compiler are easy to maintain and update when edge cases crop up.
+- **Well-tested** - Thousands of test assertions, and passes all of the Bash, minimatch, and [brace-expansion](https://github.com/juliangruber/brace-expansion) unit tests (as of the date this was written).
+- **Safer** - You shouldn't have to worry about users defining aggressive or malicious brace patterns that can break your application. Braces takes measures to prevent malicious regex that can be used for DDoS attacks (see [catastrophic backtracking](https://www.regular-expressions.info/catastrophic.html)).
+- [Supports lists](#lists) - (aka "sets") `a/{b,c}/d` => `['a/b/d', 'a/c/d']`
+- [Supports sequences](#sequences) - (aka "ranges") `{01..03}` => `['01', '02', '03']`
+- [Supports steps](#steps) - (aka "increments") `{2..10..2}` => `['2', '4', '6', '8', '10']`
+- [Supports escaping](#escaping) - To prevent evaluation of special characters.
 
 ## Usage
 
@@ -52,9 +52,9 @@ By default, brace patterns are compiled into strings that are optimized for crea
 **Compiled**
 
 ```js
-console.log(braces('a/{x,y,z}/b')); 
+console.log(braces('a/{x,y,z}/b'));
 //=> ['a/(x|y|z)/b']
-console.log(braces(['a/{01..20}/b', 'a/{1..5}/b'])); 
+console.log(braces(['a/{01..20}/b', 'a/{1..5}/b']));
 //=> [ 'a/(0[1-9]|1[0-9]|20)/b', 'a/([1-5])/b' ]
 ```
 
@@ -87,13 +87,13 @@ console.log(braces.expand('a/{foo,bar,baz}/*.js'));
 Expand ranges of characters (like Bash "sequences"):
 
 ```js
-console.log(braces.expand('{1..3}'));                // ['1', '2', '3']
-console.log(braces.expand('a/{1..3}/b'));            // ['a/1/b', 'a/2/b', 'a/3/b']
-console.log(braces('{a..c}', { expand: true }));     // ['a', 'b', 'c']
+console.log(braces.expand('{1..3}')); // ['1', '2', '3']
+console.log(braces.expand('a/{1..3}/b')); // ['a/1/b', 'a/2/b', 'a/3/b']
+console.log(braces('{a..c}', { expand: true })); // ['a', 'b', 'c']
 console.log(braces('foo/{a..c}', { expand: true })); // ['foo/a', 'foo/b', 'foo/c']
 
 // supports zero-padded ranges
-console.log(braces('a/{01..03}/b'));   //=> ['a/(0[1-3])/b']
+console.log(braces('a/{01..03}/b')); //=> ['a/(0[1-3])/b']
 console.log(braces('a/{001..300}/b')); //=> ['a/(0{2}[1-9]|0[1-9][0-9]|[12][0-9]{2}|300)/b']
 ```
 
@@ -178,12 +178,12 @@ console.log(braces.expand('a{b}c'));
 
 **Type**: `Number`
 
-**Default**: `65,536`
+**Default**: `10,000`
 
 **Description**: Limit the length of the input string. Useful when the input string is generated or your application allows users to pass a string, et cetera.
 
 ```js
-console.log(braces('a/{b,c}/d', { maxLength: 3 }));  //=> throws an error
+console.log(braces('a/{b,c}/d', { maxLength: 3 })); //=> throws an error
 ```
 
 ### options.expand
@@ -244,7 +244,7 @@ const alpha = braces.expand('x/{a..e}/y', {
   transform(value, index) {
     // When non-numeric values are passed, "value" is a character code.
     return 'foo/' + String.fromCharCode(value) + '-' + index;
-  }
+  },
 });
 console.log(alpha);
 //=> [ 'x/foo/a-0/y', 'x/foo/b-1/y', 'x/foo/c-2/y', 'x/foo/d-3/y', 'x/foo/e-4/y' ]
@@ -257,9 +257,9 @@ const numeric = braces.expand('{1..5}', {
   transform(value) {
     // when numeric values are passed, "value" is a number
     return 'foo/' + value * 2;
-  }
+  },
 });
-console.log(numeric); 
+console.log(numeric);
 //=> [ 'foo/2', 'foo/4', 'foo/6', 'foo/8', 'foo/10' ]
 ```
 
@@ -281,19 +281,19 @@ The `quantifiers` option tells braces to detect when [regex quantifiers](https:/
 const braces = require('braces');
 console.log(braces('a/b{1,3}/{x,y,z}'));
 //=> [ 'a/b(1|3)/(x|y|z)' ]
-console.log(braces('a/b{1,3}/{x,y,z}', {quantifiers: true}));
+console.log(braces('a/b{1,3}/{x,y,z}', { quantifiers: true }));
 //=> [ 'a/b{1,3}/(x|y|z)' ]
-console.log(braces('a/b{1,3}/{x,y,z}', {quantifiers: true, expand: true}));
+console.log(braces('a/b{1,3}/{x,y,z}', { quantifiers: true, expand: true }));
 //=> [ 'a/b{1,3}/x', 'a/b{1,3}/y', 'a/b{1,3}/z' ]
 ```
 
-### options.unescape
+### options.keepEscaping
 
 **Type**: `Boolean`
 
 **Default**: `undefined`
 
-**Description**: Strip backslashes that were used for escaping from the result.
+**Description**: Do not strip backslashes that were used for escaping from the result.
 
 ## What is "brace expansion"?
 
@@ -301,8 +301,8 @@ Brace expansion is a type of parameter expansion that was made popular by unix s
 
 In addition to "expansion", braces are also used for matching. In other words:
 
-* [brace expansion](#brace-expansion) is for generating new lists
-* [brace matching](#brace-matching) is for filtering existing lists
+- [brace expansion](#brace-expansion) is for generating new lists
+- [brace matching](#brace-matching) is for filtering existing lists
 
 <details>
 <summary><strong>More about brace expansion</strong> (click to expand)</summary>
@@ -382,9 +382,9 @@ Although brace patterns offer a user-friendly way of matching ranges or sets of
 
 **"brace bombs"**
 
-* brace expansion can eat up a huge amount of processing resources
-* as brace patterns increase _linearly in size_, the system resources required to expand the pattern increase exponentially
-* users can accidentally (or intentially) exhaust your system's resources resulting in the equivalent of a DoS attack (bonus: no programming knowledge is required!)
+- brace expansion can eat up a huge amount of processing resources
+- as brace patterns increase _linearly in size_, the system resources required to expand the pattern increase exponentially
+- users can accidentally (or intentially) exhaust your system's resources resulting in the equivalent of a DoS attack (bonus: no programming knowledge is required!)
 
 For a more detailed explanation with examples, see the [geometric complexity](#geometric-complexity) section.
 
@@ -406,8 +406,8 @@ For example, the following sets demonstrate quadratic (`O(n^2)`) complexity:
 But add an element to a set, and we get a n-fold Cartesian product with `O(n^c)` complexity:
 
 ```
-{1,2,3}{4,5,6}{7,8,9} => (3X3X3) => 147 148 149 157 158 159 167 168 169 247 248 
-                                    249 257 258 259 267 268 269 347 348 349 357 
+{1,2,3}{4,5,6}{7,8,9} => (3X3X3) => 147 148 149 157 158 159 167 168 169 247 248
+                                    249 257 258 259 267 268 269 347 348 349 357
                                     358 359 367 368 369
 ```
 
@@ -424,9 +424,9 @@ Although these examples are clearly contrived, they demonstrate how brace patter
 
 Interested in learning more about brace expansion?
 
-* [linuxjournal/bash-brace-expansion](http://www.linuxjournal.com/content/bash-brace-expansion)
-* [rosettacode/Brace_expansion](https://rosettacode.org/wiki/Brace_expansion)
-* [cartesian product](https://en.wikipedia.org/wiki/Cartesian_product)
+- [linuxjournal/bash-brace-expansion](http://www.linuxjournal.com/content/bash-brace-expansion)
+- [rosettacode/Brace_expansion](https://rosettacode.org/wiki/Brace_expansion)
+- [cartesian product](https://en.wikipedia.org/wiki/Cartesian_product)
 
 </details>
 
@@ -444,25 +444,25 @@ Instead, convert the pattern into an optimized regular expression. This is easie
 
 Minimatch gets exponentially slower as patterns increase in complexity, braces does not. The following results were generated using `braces()` and `minimatch.braceExpand()`, respectively.
 
-| **Pattern**                 | **braces**         | **[minimatch][]**            |
-| ---                         | ---                | ---                          |
-| `{1..9007199254740991}`[^1] | `298 B` (5ms 459μs)|  N/A (freezes)               |
-| `{1..1000000000000000}`     | `41 B` (1ms 15μs)  |  N/A (freezes)               |
-| `{1..100000000000000}`      | `40 B` (890μs)     |  N/A (freezes)               |
-| `{1..10000000000000}`       | `39 B` (2ms 49μs)  |  N/A (freezes)               |
-| `{1..1000000000000}`        | `38 B` (608μs)     |  N/A (freezes)               |
-| `{1..100000000000}`         | `37 B` (397μs)     |  N/A (freezes)               |
-| `{1..10000000000}`          | `35 B` (983μs)     |  N/A (freezes)               |
-| `{1..1000000000}`           | `34 B` (798μs)     |  N/A (freezes)               |
-| `{1..100000000}`            | `33 B` (733μs)     |  N/A (freezes)               |
-| `{1..10000000}`             | `32 B` (5ms 632μs) | `78.89 MB` (16s 388ms 569μs) |
-| `{1..1000000}`              | `31 B` (1ms 381μs) | `6.89 MB` (1s 496ms 887μs)   |
-| `{1..100000}`               | `30 B` (950μs)     | `588.89 kB` (146ms 921μs)    |
-| `{1..10000}`                | `29 B` (1ms 114μs) | `48.89 kB` (14ms 187μs)      |
-| `{1..1000}`                 | `28 B` (760μs)     | `3.89 kB` (1ms 453μs)        |
-| `{1..100}`                  | `22 B` (345μs)     | `291 B` (196μs)              |
-| `{1..10}`                   | `10 B` (533μs)     | `20 B` (37μs)                |
-| `{1..3}`                    | `7 B` (190μs)      | `5 B` (27μs)                 |
+| **Pattern**                 | **braces**          | **[minimatch][]**            |
+| --------------------------- | ------------------- | ---------------------------- |
+| `{1..9007199254740991}`[^1] | `298 B` (5ms 459μs) | N/A (freezes)                |
+| `{1..1000000000000000}`     | `41 B` (1ms 15μs)   | N/A (freezes)                |
+| `{1..100000000000000}`      | `40 B` (890μs)      | N/A (freezes)                |
+| `{1..10000000000000}`       | `39 B` (2ms 49μs)   | N/A (freezes)                |
+| `{1..1000000000000}`        | `38 B` (608μs)      | N/A (freezes)                |
+| `{1..100000000000}`         | `37 B` (397μs)      | N/A (freezes)                |
+| `{1..10000000000}`          | `35 B` (983μs)      | N/A (freezes)                |
+| `{1..1000000000}`           | `34 B` (798μs)      | N/A (freezes)                |
+| `{1..100000000}`            | `33 B` (733μs)      | N/A (freezes)                |
+| `{1..10000000}`             | `32 B` (5ms 632μs)  | `78.89 MB` (16s 388ms 569μs) |
+| `{1..1000000}`              | `31 B` (1ms 381μs)  | `6.89 MB` (1s 496ms 887μs)   |
+| `{1..100000}`               | `30 B` (950μs)      | `588.89 kB` (146ms 921μs)    |
+| `{1..10000}`                | `29 B` (1ms 114μs)  | `48.89 kB` (14ms 187μs)      |
+| `{1..1000}`                 | `28 B` (760μs)      | `3.89 kB` (1ms 453μs)        |
+| `{1..100}`                  | `22 B` (345μs)      | `291 B` (196μs)              |
+| `{1..10}`                   | `10 B` (533μs)      | `20 B` (37μs)                |
+| `{1..3}`                    | `7 B` (190μs)       | `5 B` (27μs)                 |
 
 ### Faster algorithms
 
@@ -471,7 +471,7 @@ When you need expansion, braces is still much faster.
 _(the following results were generated using `braces.expand()` and `minimatch.braceExpand()`, respectively)_
 
 | **Pattern**     | **braces**                  | **[minimatch][]**            |
-| ---             | ---                         | ---                          |
+| --------------- | --------------------------- | ---------------------------- |
 | `{1..10000000}` | `78.89 MB` (2s 698ms 642μs) | `78.89 MB` (18s 601ms 974μs) |
 | `{1..1000000}`  | `6.89 MB` (458ms 576μs)     | `6.89 MB` (1s 491ms 621μs)   |
 | `{1..100000}`   | `588.89 kB` (20ms 728μs)    | `588.89 kB` (156ms 919μs)    |
@@ -498,37 +498,30 @@ npm i -d && npm benchmark
 Braces is more accurate, without sacrificing performance.
 
 ```bash
-# range (expanded)
-  braces x 29,040 ops/sec ±3.69% (91 runs sampled))
-  minimatch x 4,735 ops/sec ±1.28% (90 runs sampled)
-
-# range (optimized for regex)
-  braces x 382,878 ops/sec ±0.56% (94 runs sampled)
-  minimatch x 1,040 ops/sec ±0.44% (93 runs sampled)
-
-# nested ranges (expanded)
-  braces x 19,744 ops/sec ±2.27% (92 runs sampled))
-  minimatch x 4,579 ops/sec ±0.50% (93 runs sampled)
-
-# nested ranges (optimized for regex)
-  braces x 246,019 ops/sec ±2.02% (93 runs sampled)
-  minimatch x 1,028 ops/sec ±0.39% (94 runs sampled)
-
-# set (expanded) 
-  braces x 138,641 ops/sec ±0.53% (95 runs sampled)
-  minimatch x 219,582 ops/sec ±0.98% (94 runs sampled)
-
-# set (optimized for regex)
-  braces x 388,408 ops/sec ±0.41% (95 runs sampled)
-  minimatch x 44,724 ops/sec ±0.91% (89 runs sampled)
-
-# nested sets (expanded)
-  braces x 84,966 ops/sec ±0.48% (94 runs sampled)
-  minimatch x 140,720 ops/sec ±0.37% (95 runs sampled)
-
-# nested sets (optimized for regex)
-  braces x 263,340 ops/sec ±2.06% (92 runs sampled)
-  minimatch x 28,714 ops/sec ±0.40% (90 runs sampled)
+● expand - range (expanded)
+     braces x 53,167 ops/sec ±0.12% (102 runs sampled)
+  minimatch x 11,378 ops/sec ±0.10% (102 runs sampled)
+● expand - range (optimized for regex)
+     braces x 373,442 ops/sec ±0.04% (100 runs sampled)
+  minimatch x 3,262 ops/sec ±0.18% (100 runs sampled)
+● expand - nested ranges (expanded)
+     braces x 33,921 ops/sec ±0.09% (99 runs sampled)
+  minimatch x 10,855 ops/sec ±0.28% (100 runs sampled)
+● expand - nested ranges (optimized for regex)
+     braces x 287,479 ops/sec ±0.52% (98 runs sampled)
+  minimatch x 3,219 ops/sec ±0.28% (101 runs sampled)
+● expand - set (expanded)
+     braces x 238,243 ops/sec ±0.19% (97 runs sampled)
+  minimatch x 538,268 ops/sec ±0.31% (96 runs sampled)
+● expand - set (optimized for regex)
+     braces x 321,844 ops/sec ±0.10% (97 runs sampled)
+  minimatch x 140,600 ops/sec ±0.15% (100 runs sampled)
+● expand - nested sets (expanded)
+     braces x 165,371 ops/sec ±0.42% (96 runs sampled)
+  minimatch x 337,720 ops/sec ±0.28% (100 runs sampled)
+● expand - nested sets (optimized for regex)
+     braces x 242,948 ops/sec ±0.12% (99 runs sampled)
+  minimatch x 87,403 ops/sec ±0.79% (96 runs sampled)
 ```
 
 ## About
@@ -566,28 +559,28 @@ $ npm install -g verbose/verb#dev verb-generate-readme && verb
 
 ### Contributors
 
-| **Commits** | **Contributor** |  
-| --- | --- |  
-| 197 | [jonschlinkert](https://github.com/jonschlinkert) |  
-| 4   | [doowb](https://github.com/doowb) |  
-| 1   | [es128](https://github.com/es128) |  
-| 1   | [eush77](https://github.com/eush77) |  
-| 1   | [hemanth](https://github.com/hemanth) |  
-| 1   | [wtgtybhertgeghgtwtg](https://github.com/wtgtybhertgeghgtwtg) |  
+| **Commits** | **Contributor**                                               |
+| ----------- | ------------------------------------------------------------- |
+| 197         | [jonschlinkert](https://github.com/jonschlinkert)             |
+| 4           | [doowb](https://github.com/doowb)                             |
+| 1           | [es128](https://github.com/es128)                             |
+| 1           | [eush77](https://github.com/eush77)                           |
+| 1           | [hemanth](https://github.com/hemanth)                         |
+| 1           | [wtgtybhertgeghgtwtg](https://github.com/wtgtybhertgeghgtwtg) |
 
 ### Author
 
 **Jon Schlinkert**
 
-* [GitHub Profile](https://github.com/jonschlinkert)
-* [Twitter Profile](https://twitter.com/jonschlinkert)
-* [LinkedIn Profile](https://linkedin.com/in/jonschlinkert)
+- [GitHub Profile](https://github.com/jonschlinkert)
+- [Twitter Profile](https://twitter.com/jonschlinkert)
+- [LinkedIn Profile](https://linkedin.com/in/jonschlinkert)
 
 ### License
 
 Copyright © 2019, [Jon Schlinkert](https://github.com/jonschlinkert).
 Released under the [MIT License](LICENSE).
 
-***
+---
 
-_This file was generated by [verb-generate-readme](https://github.com/verbose/verb-generate-readme), v0.8.0, on April 08, 2019._
+_This file was generated by [verb-generate-readme](https://github.com/verbose/verb-generate-readme), v0.8.0, on April 08, 2019._

node_modules/braces/index.js

@@ -23,8 +23,8 @@ const braces = (input, options = {}) => {
   let output = [];
 
   if (Array.isArray(input)) {
-    for (let pattern of input) {
-      let result = braces.create(pattern, options);
+    for (const pattern of input) {
+      const result = braces.create(pattern, options);
       if (Array.isArray(result)) {
         output.push(...result);
       } else {
@@ -158,7 +158,7 @@ braces.create = (input, options = {}) => {
     return [input];
   }
 
- return options.expand !== true
+  return options.expand !== true
     ? braces.compile(input, options)
     : braces.expand(input, options);
 };

node_modules/braces/lib/compile.js

@@ -4,30 +4,32 @@ const fill = require('fill-range');
 const utils = require('./utils');
 
 const compile = (ast, options = {}) => {
-  let walk = (node, parent = {}) => {
-    let invalidBlock = utils.isInvalidBrace(parent);
-    let invalidNode = node.invalid === true && options.escapeInvalid === true;
-    let invalid = invalidBlock === true || invalidNode === true;
-    let prefix = options.escapeInvalid === true ? '\\' : '';
+  const walk = (node, parent = {}) => {
+    const invalidBlock = utils.isInvalidBrace(parent);
+    const invalidNode = node.invalid === true && options.escapeInvalid === true;
+    const invalid = invalidBlock === true || invalidNode === true;
+    const prefix = options.escapeInvalid === true ? '\\' : '';
     let output = '';
 
     if (node.isOpen === true) {
       return prefix + node.value;
     }
+
     if (node.isClose === true) {
+      console.log('node.isClose', prefix, node.value);
       return prefix + node.value;
     }
 
     if (node.type === 'open') {
-      return invalid ? (prefix + node.value) : '(';
+      return invalid ? prefix + node.value : '(';
     }
 
     if (node.type === 'close') {
-      return invalid ? (prefix + node.value) : ')';
+      return invalid ? prefix + node.value : ')';
     }
 
     if (node.type === 'comma') {
-      return node.prev.type === 'comma' ? '' : (invalid ? node.value : '|');
+      return node.prev.type === 'comma' ? '' : invalid ? node.value : '|';
     }
 
     if (node.value) {
@@ -35,8 +37,8 @@ const compile = (ast, options = {}) => {
     }
 
     if (node.nodes && node.ranges > 0) {
-      let args = utils.reduce(node.nodes);
-      let range = fill(...args, { ...options, wrap: false, toRegex: true });
+      const args = utils.reduce(node.nodes);
+      const range = fill(...args, { ...options, wrap: false, toRegex: true, strictZeros: true });
 
       if (range.length !== 0) {
         return args.length > 1 && range.length > 1 ? `(${range})` : range;
@@ -44,10 +46,11 @@ const compile = (ast, options = {}) => {
     }
 
     if (node.nodes) {
-      for (let child of node.nodes) {
+      for (const child of node.nodes) {
         output += walk(child, node);
       }
     }
+
     return output;
   };
 

node_modules/braces/lib/constants.js

@@ -1,7 +1,7 @@
 'use strict';
 
 module.exports = {
-  MAX_LENGTH: 1024 * 64,
+  MAX_LENGTH: 10000,
 
   // Digits
   CHAR_0: '0', /* 0 */

node_modules/braces/lib/expand.js

@@ -5,7 +5,7 @@ const stringify = require('./stringify');
 const utils = require('./utils');
 
 const append = (queue = '', stash = '', enclose = false) => {
-  let result = [];
+  const result = [];
 
   queue = [].concat(queue);
   stash = [].concat(stash);
@@ -15,15 +15,15 @@ const append = (queue = '', stash = '', enclose = false) => {
     return enclose ? utils.flatten(stash).map(ele => `{${ele}}`) : stash;
   }
 
-  for (let item of queue) {
+  for (const item of queue) {
     if (Array.isArray(item)) {
-      for (let value of item) {
+      for (const value of item) {
         result.push(append(value, stash, enclose));
       }
     } else {
       for (let ele of stash) {
         if (enclose === true && typeof ele === 'string') ele = `{${ele}}`;
-        result.push(Array.isArray(ele) ? append(item, ele, enclose) : (item + ele));
+        result.push(Array.isArray(ele) ? append(item, ele, enclose) : item + ele);
       }
     }
   }
@@ -31,9 +31,9 @@ const append = (queue = '', stash = '', enclose = false) => {
 };
 
 const expand = (ast, options = {}) => {
-  let rangeLimit = options.rangeLimit === void 0 ? 1000 : options.rangeLimit;
+  const rangeLimit = options.rangeLimit === undefined ? 1000 : options.rangeLimit;
 
-  let walk = (node, parent = {}) => {
+  const walk = (node, parent = {}) => {
     node.queue = [];
 
     let p = parent;
@@ -55,7 +55,7 @@ const expand = (ast, options = {}) => {
     }
 
     if (node.nodes && node.ranges > 0) {
-      let args = utils.reduce(node.nodes);
+      const args = utils.reduce(node.nodes);
 
       if (utils.exceedsLimit(...args, options.step, rangeLimit)) {
         throw new RangeError('expanded array length exceeds range limit. Use options.rangeLimit to increase or disable the limit.');
@@ -71,7 +71,7 @@ const expand = (ast, options = {}) => {
       return;
     }
 
-    let enclose = utils.encloseBrace(node);
+    const enclose = utils.encloseBrace(node);
     let queue = node.queue;
     let block = node;
 
@@ -81,7 +81,7 @@ const expand = (ast, options = {}) => {
     }
 
     for (let i = 0; i < node.nodes.length; i++) {
-      let child = node.nodes[i];
+      const child = node.nodes[i];
 
       if (child.type === 'comma' && node.type === 'brace') {
         if (i === 1) queue.push('');

node_modules/braces/lib/parse.js

@@ -33,22 +33,21 @@ const parse = (input, options = {}) => {
     throw new TypeError('Expected a string');
   }
 
-  let opts = options || {};
-  let max = typeof opts.maxLength === 'number' ? Math.min(MAX_LENGTH, opts.maxLength) : MAX_LENGTH;
+  const opts = options || {};
+  const max = typeof opts.maxLength === 'number' ? Math.min(MAX_LENGTH, opts.maxLength) : MAX_LENGTH;
   if (input.length > max) {
     throw new SyntaxError(`Input length (${input.length}), exceeds max characters (${max})`);
   }
 
-  let ast = { type: 'root', input, nodes: [] };
-  let stack = [ast];
+  const ast = { type: 'root', input, nodes: [] };
+  const stack = [ast];
   let block = ast;
   let prev = ast;
   let brackets = 0;
-  let length = input.length;
+  const length = input.length;
   let index = 0;
   let depth = 0;
   let value;
-  let memo = {};
 
   /**
    * Helpers
@@ -111,7 +110,6 @@ const parse = (input, options = {}) => {
     if (value === CHAR_LEFT_SQUARE_BRACKET) {
       brackets++;
 
-      let closed = true;
       let next;
 
       while (index < length && (next = advance())) {
@@ -167,7 +165,7 @@ const parse = (input, options = {}) => {
      */
 
     if (value === CHAR_DOUBLE_QUOTE || value === CHAR_SINGLE_QUOTE || value === CHAR_BACKTICK) {
-      let open = value;
+      const open = value;
       let next;
 
       if (options.keepQuotes !== true) {
@@ -199,8 +197,8 @@ const parse = (input, options = {}) => {
     if (value === CHAR_LEFT_CURLY_BRACE) {
       depth++;
 
-      let dollar = prev.value && prev.value.slice(-1) === '$' || block.dollar === true;
-      let brace = {
+      const dollar = prev.value && prev.value.slice(-1) === '$' || block.dollar === true;
+      const brace = {
         type: 'brace',
         open: true,
         close: false,
@@ -227,7 +225,7 @@ const parse = (input, options = {}) => {
         continue;
       }
 
-      let type = 'close';
+      const type = 'close';
       block = stack.pop();
       block.close = true;
 
@@ -245,7 +243,7 @@ const parse = (input, options = {}) => {
     if (value === CHAR_COMMA && depth > 0) {
       if (block.ranges > 0) {
         block.ranges = 0;
-        let open = block.nodes.shift();
+        const open = block.nodes.shift();
         block.nodes = [open, { type: 'text', value: stringify(block) }];
       }
 
@@ -259,7 +257,7 @@ const parse = (input, options = {}) => {
      */
 
     if (value === CHAR_DOT && depth > 0 && block.commas === 0) {
-      let siblings = block.nodes;
+      const siblings = block.nodes;
 
       if (depth === 0 || siblings.length === 0) {
         push({ type: 'text', value });
@@ -286,7 +284,7 @@ const parse = (input, options = {}) => {
       if (prev.type === 'range') {
         siblings.pop();
 
-        let before = siblings[siblings.length - 1];
+        const before = siblings[siblings.length - 1];
         before.value += prev.value + value;
         prev = before;
         block.ranges--;
@@ -319,8 +317,8 @@ const parse = (input, options = {}) => {
       });
 
       // get the location of the block on parent.nodes (block's siblings)
-      let parent = stack[stack.length - 1];
-      let index = parent.nodes.indexOf(block);
+      const parent = stack[stack.length - 1];
+      const index = parent.nodes.indexOf(block);
       // replace the (invalid) block with it's nodes
       parent.nodes.splice(index, 1, ...block.nodes);
     }

node_modules/braces/lib/stringify.js

@@ -3,9 +3,9 @@
 const utils = require('./utils');
 
 module.exports = (ast, options = {}) => {
-  let stringify = (node, parent = {}) => {
-    let invalidBlock = options.escapeInvalid && utils.isInvalidBrace(parent);
-    let invalidNode = node.invalid === true && options.escapeInvalid === true;
+  const stringify = (node, parent = {}) => {
+    const invalidBlock = options.escapeInvalid && utils.isInvalidBrace(parent);
+    const invalidNode = node.invalid === true && options.escapeInvalid === true;
     let output = '';
 
     if (node.value) {
@@ -20,7 +20,7 @@ module.exports = (ast, options = {}) => {
     }
 
     if (node.nodes) {
-      for (let child of node.nodes) {
+      for (const child of node.nodes) {
         output += stringify(child);
       }
     }

node_modules/braces/lib/utils.js

@@ -31,7 +31,7 @@ exports.exceedsLimit = (min, max, step = 1, limit) => {
  */
 
 exports.escapeNode = (block, n = 0, type) => {
-  let node = block.nodes[n];
+  const node = block.nodes[n];
   if (!node) return;
 
   if ((type && node.type === type) || node.type === 'open' || node.type === 'close') {
@@ -100,13 +100,23 @@ exports.reduce = nodes => nodes.reduce((acc, node) => {
 
 exports.flatten = (...args) => {
   const result = [];
+
   const flat = arr => {
     for (let i = 0; i < arr.length; i++) {
-      let ele = arr[i];
-      Array.isArray(ele) ? flat(ele, result) : ele !== void 0 && result.push(ele);
+      const ele = arr[i];
+
+      if (Array.isArray(ele)) {
+        flat(ele);
+        continue;
+      }
+
+      if (ele !== undefined) {
+        result.push(ele);
+      }
     }
     return result;
   };
+
   flat(args);
   return result;
 };

node_modules/braces/package.json

@@ -1,7 +1,7 @@
 {
   "name": "braces",
   "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.",
-  "version": "3.0.2",
+  "version": "3.0.3",
   "homepage": "https://github.com/micromatch/braces",
   "author": "Jon Schlinkert (https://github.com/jonschlinkert)",
   "contributors": [
@@ -29,7 +29,7 @@
     "benchmark": "node benchmark"
   },
   "dependencies": {
-    "fill-range": "^7.0.1"
+    "fill-range": "^7.1.1"
   },
   "devDependencies": {
     "ansi-colors": "^3.2.4",

node_modules/fill-range/index.js

@@ -60,7 +60,7 @@ const toMaxLen = (input, maxLength) => {
   return negative ? ('-' + input) : input;
 };
 
-const toSequence = (parts, options) => {
+const toSequence = (parts, options, maxLen) => {
   parts.negatives.sort((a, b) => a < b ? -1 : a > b ? 1 : 0);
   parts.positives.sort((a, b) => a < b ? -1 : a > b ? 1 : 0);
 
@@ -70,11 +70,11 @@ const toSequence = (parts, options) => {
   let result;
 
   if (parts.positives.length) {
-    positives = parts.positives.join('|');
+    positives = parts.positives.map(v => toMaxLen(String(v), maxLen)).join('|');
   }
 
   if (parts.negatives.length) {
-    negatives = `-(${prefix}${parts.negatives.join('|')})`;
+    negatives = `-(${prefix}${parts.negatives.map(v => toMaxLen(String(v), maxLen)).join('|')})`;
   }
 
   if (positives && negatives) {
@@ -172,7 +172,7 @@ const fillNumbers = (start, end, step = 1, options = {}) => {
 
   if (options.toRegex === true) {
     return step > 1
-      ? toSequence(parts, options)
+      ? toSequence(parts, options, maxLen)
       : toRegex(range, null, { wrap: false, ...options });
   }
 
@@ -184,7 +184,6 @@ const fillLetters = (start, end, step = 1, options = {}) => {
     return invalidRange(start, end, options);
   }
 
-
   let format = options.transform || (val => String.fromCharCode(val));
   let a = `${start}`.charCodeAt(0);
   let b = `${end}`.charCodeAt(0);

node_modules/fill-range/package.json

@@ -1,7 +1,7 @@
 {
   "name": "fill-range",
   "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`",
-  "version": "7.0.1",
+  "version": "7.1.1",
   "homepage": "https://github.com/jonschlinkert/fill-range",
   "author": "Jon Schlinkert (https://github.com/jonschlinkert)",
   "contributors": [
@@ -24,14 +24,19 @@
     "node": ">=8"
   },
   "scripts": {
-    "test": "mocha"
+    "lint": "eslint --cache --cache-location node_modules/.cache/.eslintcache --report-unused-disable-directives --ignore-path .gitignore .",
+    "mocha": "mocha --reporter dot",
+    "test": "npm run lint && npm run mocha",
+    "test:ci": "npm run test:cover",
+    "test:cover": "nyc npm run mocha"
   },
   "dependencies": {
     "to-regex-range": "^5.0.1"
   },
   "devDependencies": {
     "gulp-format-md": "^2.0.0",
-    "mocha": "^6.1.1"
+    "mocha": "^6.1.1",
+    "nyc": "^15.1.0"
   },
   "keywords": [
     "alpha",

node_modules/micromatch/README.md

@@ -9,46 +9,48 @@ Please consider following this project's author, [Jon Schlinkert](https://github
 <details>
 <summary><strong>Details</strong></summary>
 
-- [Install](#install)
-- [Quickstart](#quickstart)
-- [Why use micromatch?](#why-use-micromatch)
-  * [Matching features](#matching-features)
-- [Switching to micromatch](#switching-to-micromatch)
-  * [From minimatch](#from-minimatch)
-  * [From multimatch](#from-multimatch)
-- [API](#api)
-- [Options](#options)
-- [Options Examples](#options-examples)
-  * [options.basename](#optionsbasename)
-  * [options.bash](#optionsbash)
-  * [options.expandRange](#optionsexpandrange)
-  * [options.format](#optionsformat)
-  * [options.ignore](#optionsignore)
-  * [options.matchBase](#optionsmatchbase)
-  * [options.noextglob](#optionsnoextglob)
-  * [options.nonegate](#optionsnonegate)
-  * [options.noglobstar](#optionsnoglobstar)
-  * [options.nonull](#optionsnonull)
-  * [options.nullglob](#optionsnullglob)
-  * [options.onIgnore](#optionsonignore)
-  * [options.onMatch](#optionsonmatch)
-  * [options.onResult](#optionsonresult)
-  * [options.posixSlashes](#optionsposixslashes)
-  * [options.unescape](#optionsunescape)
-- [Extended globbing](#extended-globbing)
-  * [Extglobs](#extglobs)
-  * [Braces](#braces)
-  * [Regex character classes](#regex-character-classes)
-  * [Regex groups](#regex-groups)
-  * [POSIX bracket expressions](#posix-bracket-expressions)
-- [Notes](#notes)
-  * [Bash 4.3 parity](#bash-43-parity)
-  * [Backslashes](#backslashes)
-- [Benchmarks](#benchmarks)
-  * [Running benchmarks](#running-benchmarks)
-  * [Latest results](#latest-results)
-- [Contributing](#contributing)
-- [About](#about)
+  * [Install](#install)
+- [Sponsors](#sponsors)
+  * [Gold Sponsors](#gold-sponsors)
+  * [Quickstart](#quickstart)
+  * [Why use micromatch?](#why-use-micromatch)
+    + [Matching features](#matching-features)
+  * [Switching to micromatch](#switching-to-micromatch)
+    + [From minimatch](#from-minimatch)
+    + [From multimatch](#from-multimatch)
+  * [API](#api)
+  * [Options](#options)
+  * [Options Examples](#options-examples)
+    + [options.basename](#optionsbasename)
+    + [options.bash](#optionsbash)
+    + [options.expandRange](#optionsexpandrange)
+    + [options.format](#optionsformat)
+    + [options.ignore](#optionsignore)
+    + [options.matchBase](#optionsmatchbase)
+    + [options.noextglob](#optionsnoextglob)
+    + [options.nonegate](#optionsnonegate)
+    + [options.noglobstar](#optionsnoglobstar)
+    + [options.nonull](#optionsnonull)
+    + [options.nullglob](#optionsnullglob)
+    + [options.onIgnore](#optionsonignore)
+    + [options.onMatch](#optionsonmatch)
+    + [options.onResult](#optionsonresult)
+    + [options.posixSlashes](#optionsposixslashes)
+    + [options.unescape](#optionsunescape)
+  * [Extended globbing](#extended-globbing)
+    + [Extglobs](#extglobs)
+    + [Braces](#braces)
+    + [Regex character classes](#regex-character-classes)
+    + [Regex groups](#regex-groups)
+    + [POSIX bracket expressions](#posix-bracket-expressions)
+  * [Notes](#notes)
+    + [Bash 4.3 parity](#bash-43-parity)
+    + [Backslashes](#backslashes)
+  * [Benchmarks](#benchmarks)
+    + [Running benchmarks](#running-benchmarks)
+    + [Latest results](#latest-results)
+  * [Contributing](#contributing)
+  * [About](#about)
 
 </details>
 
@@ -60,6 +62,14 @@ Install with [npm](https://www.npmjs.com/) (requires [Node.js](https://nodejs.or
 $ npm install --save micromatch
 ```
 
+<br />
+
+# Sponsors
+
+[Become a Sponsor](https://github.com/sponsors/jonschlinkert) to add your logo to this README, or any of [my other projects](https://github.com/jonschlinkert?tab=repositories&q=&type=&language=&sort=stargazers)
+
+<br />
+
 ## Quickstart
 
 ```js
@@ -89,15 +99,15 @@ console.log(micromatch.isMatch('foo', ['b*', 'f*'])) //=> true
 
 > micromatch is a [replacement](#switching-to-micromatch) for minimatch and multimatch
 
-* Supports all of the same matching features as [minimatch](https://github.com/isaacs/minimatch) and [multimatch](https://github.com/sindresorhus/multimatch)
-* More complete support for the Bash 4.3 specification than minimatch and multimatch. Micromatch passes _all of the spec tests_ from bash, including some that bash still fails.
-* **Fast & Performant** - Loads in about 5ms and performs [fast matches](#benchmarks).
-* **Glob matching** - Using wildcards (`*` and `?`), globstars (`**`) for nested directories
-* **[Advanced globbing](#extended-globbing)** - Supports [extglobs](#extglobs), [braces](#braces-1), and [POSIX brackets](#posix-bracket-expressions), and support for escaping special characters with `\` or quotes.
-* **Accurate** - Covers more scenarios [than minimatch](https://github.com/yarnpkg/yarn/pull/3339)
-* **Well tested** - More than 5,000 [test assertions](./test)
-* **Windows support** - More reliable windows support than minimatch and multimatch.
-* **[Safe](https://github.com/micromatch/braces#braces-is-safe)** - Micromatch is not subject to DoS with brace patterns like minimatch and multimatch.
+- Supports all of the same matching features as [minimatch][] and [multimatch][]
+- More complete support for the Bash 4.3 specification than minimatch and multimatch. Micromatch passes _all of the spec tests_ from bash, including some that bash still fails.
+- **Fast & Performant** - Loads in about 5ms and performs [fast matches](#benchmarks).
+- **Glob matching** - Using wildcards (`*` and `?`), globstars (`**`) for nested directories
+- **[Advanced globbing](#extended-globbing)** - Supports [extglobs](#extglobs), [braces](#braces-1), and [POSIX brackets](#posix-bracket-expressions), and support for escaping special characters with `\` or quotes.
+- **Accurate** - Covers more scenarios [than minimatch](https://github.com/yarnpkg/yarn/pull/3339)
+- **Well tested** - More than 5,000 [test assertions](./test)
+- **Windows support** - More reliable windows support than minimatch and multimatch.
+- **[Safe][braces]{#braces-is-safe}** - Micromatch is not subject to DoS with brace patterns like minimatch and multimatch.
 
 ### Matching features
 
@@ -106,7 +116,7 @@ console.log(micromatch.isMatch('foo', ['b*', 'f*'])) //=> true
 * Negation (`'!a/*.js'`, `'*!(b).js'`)
 * [extglobs](#extglobs) (`+(x|y)`, `!(a|b)`)
 * [POSIX character classes](#posix-bracket-expressions) (`[[:alpha:][:digit:]]`)
-* [brace expansion](https://github.com/micromatch/braces) (`foo/{1..5}.md`, `bar/{a,b,c}.js`)
+* [brace expansion][braces] (`foo/{1..5}.md`, `bar/{a,b,c}.js`)
 * regex character classes (`foo-[1-5].js`)
 * regex logical "or" (`foo/(abc|xyz).js`)
 
@@ -158,7 +168,6 @@ console.log(mm(['a.js', 'a.txt'], ['*.js']));
 ```
 
 ### [.matcher](index.js#L104)
-
 Returns a matcher function from the given glob `pattern` and `options`. The returned function takes a string to match as its only argument and returns true if the string is a match.
 
 **Params**
@@ -179,7 +188,6 @@ console.log(isMatch('a.b')); //=> true
 ```
 
 ### [.isMatch](index.js#L123)
-
 Returns true if **any** of the given glob `patterns` match the specified `string`.
 
 **Params**
@@ -200,7 +208,6 @@ console.log(mm.isMatch('a.a', 'b.*')); //=> false
 ```
 
 ### [.not](index.js#L148)
-
 Returns a list of strings that _**do not match any**_ of the given `patterns`.
 
 **Params**
@@ -221,7 +228,6 @@ console.log(mm.not(['a.a', 'b.b', 'c.c'], '*.a'));
 ```
 
 ### [.contains](index.js#L188)
-
 Returns true if the given `string` contains the given pattern. Similar to [.isMatch](#isMatch) but the pattern can match any part of the string.
 
 **Params**
@@ -244,8 +250,7 @@ console.log(mm.contains('aa/bb/cc', '*d'));
 ```
 
 ### [.matchKeys](index.js#L230)
-
-Filter the keys of the given object with the given `glob` pattern and `options`. Does not attempt to match nested keys. If you need this feature, use [glob-object](https://github.com/jonschlinkert/glob-object) instead.
+Filter the keys of the given object with the given `glob` pattern and `options`. Does not attempt to match nested keys. If you need this feature, use [glob-object][] instead.
 
 **Params**
 
@@ -266,7 +271,6 @@ console.log(mm.matchKeys(obj, '*b'));
 ```
 
 ### [.some](index.js#L259)
-
 Returns true if some of the strings in the given `list` match any of the given glob `patterns`.
 
 **Params**
@@ -289,7 +293,6 @@ console.log(mm.some(['foo.js'], ['*.js', '!foo.js']));
 ```
 
 ### [.every](index.js#L295)
-
 Returns true if every string in the given `list` matches any of the given glob `patterns`.
 
 **Params**
@@ -316,7 +319,6 @@ console.log(mm.every(['foo.js'], ['*.js', '!foo.js']));
 ```
 
 ### [.all](index.js#L334)
-
 Returns true if **all** of the given `patterns` match the specified string.
 
 **Params**
@@ -346,8 +348,7 @@ console.log(mm.all('foo.js', ['*.js', 'f*', '*o*', '*o.js']));
 ```
 
 ### [.capture](index.js#L361)
-
-Returns an array of matches captured by `pattern` in `string, or`null` if the pattern did not match.
+Returns an array of matches captured by `pattern` in `string, or `null` if the pattern did not match.
 
 **Params**
 
@@ -369,7 +370,6 @@ console.log(mm.capture('test/*.js', 'foo/bar.css'));
 ```
 
 ### [.makeRe](index.js#L387)
-
 Create a regular expression from the given glob `pattern`.
 
 **Params**
@@ -389,7 +389,6 @@ console.log(mm.makeRe('*.js'));
 ```
 
 ### [.scan](index.js#L403)
-
 Scan a glob pattern to separate the pattern into segments. Used by the [split](#split) method.
 
 **Params**
@@ -406,7 +405,6 @@ const state = mm.scan(pattern[, options]);
 ```
 
 ### [.parse](index.js#L419)
-
 Parse a glob pattern to create the source string for a regular expression.
 
 **Params**
@@ -423,13 +421,12 @@ const state = mm.parse(pattern[, options]);
 ```
 
 ### [.braces](index.js#L446)
-
 Process the given brace `pattern`.
 
 **Params**
 
 * `pattern` **{String}**: String with brace pattern to process.
-* `options` **{Object}**: Any [options](#options) to change how expansion is performed. See the [braces](https://github.com/micromatch/braces) library for all available options.
+* `options` **{Object}**: Any [options](#options) to change how expansion is performed. See the [braces][] library for all available options.
 * `returns` **{Array}**
 
 **Example**
@@ -490,7 +487,7 @@ console.log(braces('foo/{a,b,c}/bar', { expand: true }));
 
 ### options.basename
 
-Allow glob patterns without slashes to match a file path based on its basename. Same behavior as [minimatch](https://github.com/isaacs/minimatch) option `matchBase`.
+Allow glob patterns without slashes to match a file path based on its basename. Same behavior as [minimatch][] option `matchBase`.
 
 **Type**: `Boolean`
 
@@ -530,7 +527,7 @@ console.log(micromatch(files, '[a-c]*', { bash: false }));
 
 **Default**: `undefined`
 
-Custom function for expanding ranges in brace patterns. The [fill-range](https://github.com/jonschlinkert/fill-range) library is ideal for this purpose, or you can use custom code to do whatever you need.
+Custom function for expanding ranges in brace patterns. The [fill-range][] library is ideal for this purpose, or you can use custom code to do whatever you need.
 
 **Example**
 
@@ -639,7 +636,7 @@ Alias for [options.nullglob](#options-nullglob).
 
 ### options.nullglob
 
-If `true`, when no matches are found the actual (arrayified) glob pattern is returned instead of an empty array. Same behavior as [minimatch](https://github.com/isaacs/minimatch) option `nonull`.
+If `true`, when no matches are found the actual (arrayified) glob pattern is returned instead of an empty array. Same behavior as [minimatch][] option `nonull`.
 
 **Type**: `Boolean`
 
@@ -764,7 +761,7 @@ baz/2/qux
 baz/3/qux
 ```
 
-Visit [braces](https://github.com/micromatch/braces) to see the full range of features and options related to brace expansion, or to create brace matching or expansion related issues.
+Visit [braces][] to see the full range of features and options related to brace expansion, or to create brace matching or expansion related issues.
 
 ### Regex character classes
 
@@ -774,7 +771,7 @@ Given the list: `['a.js', 'b.js', 'c.js', 'd.js', 'E.js']`:
 * `[b-d].js`: matches from `b` to `d`, returning `['b.js', 'c.js', 'd.js']`
 * `a/[A-Z].js`: matches and uppercase letter, returning `['a/E.md']`
 
-Learn about [regex character classes](http://www.regular-expressions.info/charclass.html).
+Learn about [regex character classes][charclass].
 
 ### Regex groups
 
@@ -811,13 +808,13 @@ However, it's suprising how many edge cases and rabbit holes there are with glob
 
 There is an important, notable difference between minimatch and micromatch _in regards to how backslashes are handled_ in glob patterns.
 
-* Micromatch exclusively and explicitly reserves backslashes for escaping characters in a glob pattern, even on windows, which is consistent with bash behavior. _More importantly, unescaping globs can result in unsafe regular expressions_.
-* Minimatch converts all backslashes to forward slashes, which means you can't use backslashes to escape any characters in your glob patterns.
+- Micromatch exclusively and explicitly reserves backslashes for escaping characters in a glob pattern, even on windows, which is consistent with bash behavior. _More importantly, unescaping globs can result in unsafe regular expressions_.
+- Minimatch converts all backslashes to forward slashes, which means you can't use backslashes to escape any characters in your glob patterns.
 
 We made this decision for micromatch for a couple of reasons:
 
-* Consistency with bash conventions.
-* Glob patterns are not filepaths. They are a type of [regular language](https://en.wikipedia.org/wiki/Regular_language) that is converted to a JavaScript regular expression. Thus, when forward slashes are defined in a glob pattern, the resulting regular expression will match windows or POSIX path separators just fine.
+- Consistency with bash conventions.
+- Glob patterns are not filepaths. They are a type of [regular language][regular-language] that is converted to a JavaScript regular expression. Thus, when forward slashes are defined in a glob pattern, the resulting regular expression will match windows or POSIX path separators just fine.
 
 **A note about joining paths to globs**
 
@@ -845,7 +842,7 @@ $ npm run bench
 
 ### Latest results
 
-As of March 24, 2022 (longer bars are better):
+As of July 12, 2023 (longer bars are better):
 
 ```sh
 # .makeRe star
@@ -905,19 +902,25 @@ All contributions are welcome! Please read [the contributing guide](.github/cont
 
 Please create an issue if you encounter a bug or matching behavior that doesn't seem correct. If you find a matching-related issue, please:
 
-* [research existing issues first](../../issues) (open and closed)
-* visit the [GNU Bash documentation](https://www.gnu.org/software/bash/manual/) to see how Bash deals with the pattern
-* visit the [minimatch](https://github.com/isaacs/minimatch) documentation to cross-check expected behavior in node.js
-* if all else fails, since there is no real specification for globs we will probably need to discuss expected behavior and decide how to resolve it. which means any detail you can provide to help with this discussion would be greatly appreciated.
+- [research existing issues first](../../issues) (open and closed)
+- visit the [GNU Bash documentation][bash] to see how Bash deals with the pattern
+- visit the [minimatch][] documentation to cross-check expected behavior in node.js
+- if all else fails, since there is no real specification for globs we will probably need to discuss expected behavior and decide how to resolve it. which means any detail you can provide to help with this discussion would be greatly appreciated.
 
 **Platform issues**
 
 It's important to us that micromatch work consistently on all platforms. If you encounter any platform-specific matching or path related issues, please let us know (pull requests are also greatly appreciated).
 
-## About
+[regular-language]: https://en.wikipedia.org/wiki/Regular_language
+[bash]: https://www.gnu.org/software/bash/manual/
+[charclass]: http://www.regular-expressions.info/charclass.html
+[extended]: http://mywiki.wooledge.org/BashGuide/Patterns#Extended_Globs
+[brackets]: https://github.com/micromatch/expand-brackets
+[braces]: https://github.com/micromatch/braces
 
+## About
 <details>
-<summary><strong>Contributing</strong></summary>
+  <summary><strong>Contributing</strong></summary>
 
 Pull requests and stars are always welcome. For bugs and feature requests, [please create an issue](../../issues/new).
 
@@ -926,7 +929,7 @@ Please read the [contributing guide](.github/contributing.md) for advice on open
 </details>
 
 <details>
-<summary><strong>Running Tests</strong></summary>
+  <summary><strong>Running Tests</strong></summary>
 
 Running and reviewing unit tests is a great way to get familiarized with a library and its API. You can install dependencies and run tests with the following command:
 
@@ -937,7 +940,7 @@ $ npm install && npm test
 </details>
 
 <details>
-<summary><strong>Building docs</strong></summary>
+  <summary><strong>Building docs</strong></summary>
 
 _(This project's readme.md is generated by [verb](https://github.com/verbose/verb-generate-readme), please don't edit the readme directly. Any changes to the readme must be made in the [.verb.md](.verb.md) readme template.)_
 
@@ -953,59 +956,62 @@ $ npm install -g verbose/verb#dev verb-generate-readme && verb
 
 You might also be interested in these projects:
 
-* [braces](https://www.npmjs.com/package/braces): Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support… [more](https://github.com/micromatch/braces) | [homepage](https://github.com/micromatch/braces "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.")
-* [expand-brackets](https://www.npmjs.com/package/expand-brackets): Expand POSIX bracket expressions (character classes) in glob patterns. | [homepage](https://github.com/micromatch/expand-brackets "Expand POSIX bracket expressions (character classes) in glob patterns.")
-* [extglob](https://www.npmjs.com/package/extglob): Extended glob support for JavaScript. Adds (almost) the expressive power of regular expressions to glob… [more](https://github.com/micromatch/extglob) | [homepage](https://github.com/micromatch/extglob "Extended glob support for JavaScript. Adds (almost) the expressive power of regular expressions to glob patterns.")
-* [fill-range](https://www.npmjs.com/package/fill-range): Fill in a range of numbers or letters, optionally passing an increment or `step` to… [more](https://github.com/jonschlinkert/fill-range) | [homepage](https://github.com/jonschlinkert/fill-range "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`")
-* [nanomatch](https://www.npmjs.com/package/nanomatch): Fast, minimal glob matcher for node.js. Similar to micromatch, minimatch and multimatch, but complete Bash… [more](https://github.com/micromatch/nanomatch) | [homepage](https://github.com/micromatch/nanomatch "Fast, minimal glob matcher for node.js. Similar to micromatch, minimatch and multimatch, but complete Bash 4.3 wildcard support only (no support for exglobs, posix brackets or braces)")
+- [braces](https://www.npmjs.com/package/braces): Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support… [more](https://github.com/micromatch/braces) | [homepage](https://github.com/micromatch/braces "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.")
+- [expand-brackets](https://www.npmjs.com/package/expand-brackets): Expand POSIX bracket expressions (character classes) in glob patterns. | [homepage](https://github.com/micromatch/expand-brackets "Expand POSIX bracket expressions (character classes) in glob patterns.")
+- [extglob](https://www.npmjs.com/package/extglob): Extended glob support for JavaScript. Adds (almost) the expressive power of regular expressions to glob… [more](https://github.com/micromatch/extglob) | [homepage](https://github.com/micromatch/extglob "Extended glob support for JavaScript. Adds (almost) the expressive power of regular expressions to glob patterns.")
+- [fill-range](https://www.npmjs.com/package/fill-range): Fill in a range of numbers or letters, optionally passing an increment or `step` to… [more](https://github.com/jonschlinkert/fill-range) | [homepage](https://github.com/jonschlinkert/fill-range "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`")
+- [nanomatch](https://www.npmjs.com/package/nanomatch): Fast, minimal glob matcher for node.js. Similar to micromatch, minimatch and multimatch, but complete Bash… [more](https://github.com/micromatch/nanomatch) | [homepage](https://github.com/micromatch/nanomatch "Fast, minimal glob matcher for node.js. Similar to micromatch, minimatch and multimatch, but complete Bash 4.3 wildcard support only (no support for exglobs, posix brackets or braces)")
 
 ### Contributors
-
-| **Commits** | **Contributor** |  
-| --- | --- |  
-| 512 | [jonschlinkert](https://github.com/jonschlinkert) |  
-| 12  | [es128](https://github.com/es128) |  
-| 9   | [danez](https://github.com/danez) |  
-| 8   | [doowb](https://github.com/doowb) |  
-| 6   | [paulmillr](https://github.com/paulmillr) |  
-| 5   | [mrmlnc](https://github.com/mrmlnc) |  
-| 3   | [DrPizza](https://github.com/DrPizza) |  
-| 2   | [TrySound](https://github.com/TrySound) |  
-| 2   | [mceIdo](https://github.com/mceIdo) |  
-| 2   | [Glazy](https://github.com/Glazy) |  
-| 2   | [MartinKolarik](https://github.com/MartinKolarik) |  
-| 2   | [antonyk](https://github.com/antonyk) |  
-| 2   | [Tvrqvoise](https://github.com/Tvrqvoise) |  
-| 1   | [amilajack](https://github.com/amilajack) |  
-| 1   | [Cslove](https://github.com/Cslove) |  
-| 1   | [devongovett](https://github.com/devongovett) |  
-| 1   | [DianeLooney](https://github.com/DianeLooney) |  
-| 1   | [UltCombo](https://github.com/UltCombo) |  
-| 1   | [frangio](https://github.com/frangio) |  
-| 1   | [joyceerhl](https://github.com/joyceerhl) |  
-| 1   | [juszczykjakub](https://github.com/juszczykjakub) |  
-| 1   | [muescha](https://github.com/muescha) |  
-| 1   | [sebdeckers](https://github.com/sebdeckers) |  
-| 1   | [tomByrer](https://github.com/tomByrer) |  
-| 1   | [fidian](https://github.com/fidian) |  
-| 1   | [curbengh](https://github.com/curbengh) |  
-| 1   | [simlu](https://github.com/simlu) |  
-| 1   | [wtgtybhertgeghgtwtg](https://github.com/wtgtybhertgeghgtwtg) |  
-| 1   | [yvele](https://github.com/yvele) |  
+| **Commits** | **Contributor** |
+| --- | --- |
+| 515 | [jonschlinkert](https://github.com/jonschlinkert) |
+| 12  | [es128](https://github.com/es128) |
+| 9   | [danez](https://github.com/danez) |
+| 8   | [doowb](https://github.com/doowb) |
+| 6   | [paulmillr](https://github.com/paulmillr) |
+| 5   | [mrmlnc](https://github.com/mrmlnc) |
+| 3   | [DrPizza](https://github.com/DrPizza) |
+| 2   | [TrySound](https://github.com/TrySound) |
+| 2   | [mceIdo](https://github.com/mceIdo) |
+| 2   | [Glazy](https://github.com/Glazy) |
+| 2   | [MartinKolarik](https://github.com/MartinKolarik) |
+| 2   | [antonyk](https://github.com/antonyk) |
+| 2   | [Tvrqvoise](https://github.com/Tvrqvoise) |
+| 1   | [amilajack](https://github.com/amilajack) |
+| 1   | [Cslove](https://github.com/Cslove) |
+| 1   | [devongovett](https://github.com/devongovett) |
+| 1   | [DianeLooney](https://github.com/DianeLooney) |
+| 1   | [UltCombo](https://github.com/UltCombo) |
+| 1   | [frangio](https://github.com/frangio) |
+| 1   | [joyceerhl](https://github.com/joyceerhl) |
+| 1   | [juszczykjakub](https://github.com/juszczykjakub) |
+| 1   | [muescha](https://github.com/muescha) |
+| 1   | [sebdeckers](https://github.com/sebdeckers) |
+| 1   | [tomByrer](https://github.com/tomByrer) |
+| 1   | [fidian](https://github.com/fidian) |
+| 1   | [curbengh](https://github.com/curbengh) |
+| 1   | [simlu](https://github.com/simlu) |
+| 1   | [wtgtybhertgeghgtwtg](https://github.com/wtgtybhertgeghgtwtg) |
+| 1   | [yvele](https://github.com/yvele) |
 
 ### Author
-
 **Jon Schlinkert**
-
-* [GitHub Profile](https://github.com/jonschlinkert)
-* [Twitter Profile](https://twitter.com/jonschlinkert)
-* [LinkedIn Profile](https://linkedin.com/in/jonschlinkert)
++ [GitHub Profile](https://github.com/jonschlinkert)
++ [Twitter Profile](https://twitter.com/jonschlinkert)
++ [LinkedIn Profile](https://linkedin.com/in/jonschlinkert)
 
 ### License
-
-Copyright © 2022, [Jon Schlinkert](https://github.com/jonschlinkert).
+Copyright © 2023, [Jon Schlinkert](https://github.com/jonschlinkert).
 Released under the [MIT License](LICENSE).
 
 ***
 
-_This file was generated by [verb-generate-readme](https://github.com/verbose/verb-generate-readme), v0.8.0, on March 24, 2022._
+_This file was generated by [verb-generate-readme](https://github.com/verbose/verb-generate-readme), v0.8.0, on July 12, 2023._
+
+[extglob]: https://github.com/micromatch/extglob
+[fill-range]: https://github.com/jonschlinkert/fill-range
+[glob-object]: https://github.com/jonschlinkert/glob-object
+[minimatch]: https://github.com/isaacs/minimatch
+[multimatch]: https://github.com/sindresorhus/multimatch
+

node_modules/micromatch/package.json

@@ -1,7 +1,7 @@
 {
   "name": "micromatch",
   "description": "Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.",
-  "version": "4.0.5",
+  "version": "4.0.7",
   "homepage": "https://github.com/micromatch/micromatch",
   "author": "Jon Schlinkert (https://github.com/jonschlinkert)",
   "contributors": [
@@ -37,7 +37,7 @@
     "test": "mocha"
   },
   "dependencies": {
-    "braces": "^3.0.2",
+    "braces": "^3.0.3",
     "picomatch": "^2.3.1"
   },
   "devDependencies": {

package-lock.json

@@ -54,7 +54,7 @@
         "eslint-plugin-github": "^4.10.2",
         "eslint-plugin-import": "^2.29.1",
         "eslint-plugin-no-async-foreach": "^0.1.1",
-        "micromatch": "4.0.5",
+        "micromatch": "4.0.7",
         "nock": "^13.5.4",
         "removeNPMAbsolutePaths": "3.0.1",
         "sinon": "^18.0.0",
@@ -1735,10 +1735,11 @@
       }
     },
     "node_modules/braces": {
-      "version": "3.0.2",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
       "dependencies": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
       },
       "engines": {
         "node": ">=8"
@@ -3326,8 +3327,9 @@
       }
     },
     "node_modules/fill-range": {
-      "version": "7.0.1",
-      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
       "dependencies": {
         "to-regex-range": "^5.0.1"
       },
@@ -4001,6 +4003,7 @@
     },
     "node_modules/is-number": {
       "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
       "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
       "engines": {
         "node": ">=0.12.0"
@@ -4480,11 +4483,11 @@
       }
     },
     "node_modules/micromatch": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
-      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+      "version": "4.0.7",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.7.tgz",
+      "integrity": "sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==",
       "dependencies": {
-        "braces": "^3.0.2",
+        "braces": "^3.0.3",
         "picomatch": "^2.3.1"
       },
       "engines": {
@@ -5910,6 +5913,7 @@
     },
     "node_modules/to-regex-range": {
       "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
       "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
       "dependencies": {
         "is-number": "^7.0.0"

package.json

@@ -69,7 +69,7 @@
     "eslint-plugin-github": "^4.10.2",
     "eslint-plugin-import": "^2.29.1",
     "eslint-plugin-no-async-foreach": "^0.1.1",
-    "micromatch": "4.0.5",
+    "micromatch": "4.0.7",
     "nock": "^13.5.4",
     "removeNPMAbsolutePaths": "3.0.1",
     "sinon": "^18.0.0",

src/actions-util.ts

@@ -291,7 +291,7 @@ export function getRelativeScriptPath(): string {
 }
 
 /** Returns the contents of `GITHUB_EVENT_PATH` as a JSON object. */
-function getWorkflowEvent(): any {
+export function getWorkflowEvent(): any {
   const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH");
   try {
     return JSON.parse(fs.readFileSync(eventJsonFile, "utf-8"));

src/analyze-action.ts

@@ -32,7 +32,12 @@ import {
   getActionsStatus,
   StatusReportBase,
 } from "./status-report";
-import { getTotalCacheSize, uploadTrapCaches } from "./trap-caching";
+import {
+  cleanupTrapCaches,
+  getTotalCacheSize,
+  TrapCacheCleanupStatusReport,
+  uploadTrapCaches,
+} from "./trap-caching";
 import * as uploadLib from "./upload-lib";
 import { UploadResult } from "./upload-lib";
 import * as util from "./util";
@@ -61,6 +66,7 @@ async function sendStatusReport(
   trapCacheUploadTime: number | undefined,
   dbCreationTimings: DatabaseCreationTimings | undefined,
   didUploadTrapCaches: boolean,
+  trapCacheCleanup: TrapCacheCleanupStatusReport | undefined,
   logger: Logger,
 ) {
   const status = getActionsStatus(error, stats?.analyze_failure_language);
@@ -79,6 +85,7 @@ async function sendStatusReport(
       ...statusReportBase,
       ...(stats || {}),
       ...(dbCreationTimings || {}),
+      ...(trapCacheCleanup || {}),
     };
     if (config && didUploadTrapCaches) {
       const trapCacheUploadStatusReport: FinishWithTrapUploadStatusReport = {
@@ -189,6 +196,8 @@ async function run() {
   let uploadResult: UploadResult | undefined = undefined;
   let runStats: QueriesStatusReport | undefined = undefined;
   let config: Config | undefined = undefined;
+  let trapCacheCleanupTelemetry: TrapCacheCleanupStatusReport | undefined =
+    undefined;
   let trapCacheUploadTime: number | undefined = undefined;
   let dbCreationTimings: DatabaseCreationTimings | undefined = undefined;
   let didUploadTrapCaches = false;
@@ -311,6 +320,13 @@ async function run() {
     didUploadTrapCaches = await uploadTrapCaches(codeql, config, logger);
     trapCacheUploadTime = performance.now() - trapCacheUploadStartTime;
 
+    // Clean up TRAP caches
+    trapCacheCleanupTelemetry = await cleanupTrapCaches(
+      config,
+      features,
+      logger,
+    );
+
     // We don't upload results in test mode, so don't wait for processing
     if (util.isInTestMode()) {
       logger.debug("In test mode. Waiting for processing is disabled.");
@@ -350,6 +366,7 @@ async function run() {
         trapCacheUploadTime,
         dbCreationTimings,
         didUploadTrapCaches,
+        trapCacheCleanupTelemetry,
         logger,
       );
     } else {
@@ -361,6 +378,7 @@ async function run() {
         trapCacheUploadTime,
         dbCreationTimings,
         didUploadTrapCaches,
+        trapCacheCleanupTelemetry,
         logger,
       );
     }
@@ -380,6 +398,7 @@ async function run() {
       trapCacheUploadTime,
       dbCreationTimings,
       didUploadTrapCaches,
+      trapCacheCleanupTelemetry,
       logger,
     );
   } else if (runStats) {
@@ -391,6 +410,7 @@ async function run() {
       trapCacheUploadTime,
       dbCreationTimings,
       didUploadTrapCaches,
+      trapCacheCleanupTelemetry,
       logger,
     );
   } else {
@@ -402,6 +422,7 @@ async function run() {
       trapCacheUploadTime,
       dbCreationTimings,
       didUploadTrapCaches,
+      trapCacheCleanupTelemetry,
       logger,
     );
   }

src/api-client.ts

@@ -4,6 +4,7 @@ import * as retry from "@octokit/plugin-retry";
 import consoleLogLevel from "console-log-level";
 
 import { getActionVersion, getRequiredInput } from "./actions-util";
+import { parseRepositoryNwo } from "./repository";
 import {
   ConfigurationError,
   getRequiredEnvParam,
@@ -195,6 +196,46 @@ export function computeAutomationID(
   return automationID;
 }
 
+export interface ActionsCacheItem {
+  created_at?: string;
+  id?: number;
+  key?: string;
+  size_in_bytes?: number;
+}
+
+/** List all Actions cache entries matching the provided key and ref. */
+export async function listActionsCaches(
+  key: string,
+  ref: string,
+): Promise<ActionsCacheItem[]> {
+  const repositoryNwo = parseRepositoryNwo(
+    getRequiredEnvParam("GITHUB_REPOSITORY"),
+  );
+
+  return await getApiClient().paginate(
+    "GET /repos/{owner}/{repo}/actions/caches",
+    {
+      owner: repositoryNwo.owner,
+      repo: repositoryNwo.repo,
+      key,
+      ref,
+    },
+  );
+}
+
+/** Delete an Actions cache item by its ID. */
+export async function deleteActionsCache(id: number) {
+  const repositoryNwo = parseRepositoryNwo(
+    getRequiredEnvParam("GITHUB_REPOSITORY"),
+  );
+
+  await getApiClient().rest.actions.deleteActionsCacheById({
+    owner: repositoryNwo.owner,
+    repo: repositoryNwo.repo,
+    cache_id: id,
+  });
+}
+
 export function wrapApiConfigurationError(e: unknown) {
   if (isHTTPError(e)) {
     if (

src/cli-errors.ts

@@ -135,6 +135,7 @@ export enum CliConfigErrorCategory {
   NoSupportedBuildSystemDetected = "NoSupportedBuildSystemDetected",
   OutOfMemoryOrDisk = "OutOfMemoryOrDisk",
   PackCannotBeFound = "PackCannotBeFound",
+  PackMissingAuth = "PackMissingAuth",
   SwiftBuildFailed = "SwiftBuildFailed",
   UnsupportedBuildMode = "UnsupportedBuildMode",
 }
@@ -244,6 +245,14 @@ export const cliErrorsConfig: Record<
       ),
     ],
   },
+  [CliConfigErrorCategory.PackMissingAuth]: {
+    cliErrorMessageCandidates: [
+      new RegExp("GitHub Container registry .* 403 Forbidden"),
+      new RegExp(
+        "Do you need to specify a token to authenticate to the registry?",
+      ),
+    ],
+  },
   [CliConfigErrorCategory.SwiftBuildFailed]: {
     cliErrorMessageCandidates: [
       new RegExp(

src/diagnostics.ts

@@ -1,7 +1,7 @@
 import { existsSync, mkdirSync, writeFileSync } from "fs";
 import path from "path";
 
-import { Config } from "./config-utils";
+import type { Config } from "./config-utils";
 import { Language } from "./languages";
 import { getActionsLogger } from "./logging";
 import { getCodeQLDatabasePath } from "./util";

src/feature-flags.ts

@@ -46,6 +46,7 @@ export interface FeatureEnablement {
  */
 export enum Feature {
   AutobuildDirectTracing = "autobuild_direct_tracing",
+  CleanupTrapCaches = "cleanup_trap_caches",
   CppDependencyInstallation = "cpp_dependency_installation_enabled",
   CppTrapCachingEnabled = "cpp_trap_caching_enabled",
   DisableJavaBuildlessEnabled = "disable_java_buildless_enabled",
@@ -91,8 +92,13 @@ export const featureConfig: Record<
     minimumVersion: undefined,
     toolsFeature: ToolsFeature.TraceCommandUseBuildMode,
   },
-  [Feature.CppDependencyInstallation]: {
+  [Feature.CleanupTrapCaches]: {
     defaultValue: false,
+    envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES",
+    minimumVersion: undefined,
+  },
+  [Feature.CppDependencyInstallation]: {
+    defaultValue: true,
     envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
     legacyApi: true,
     minimumVersion: "2.15.0",

src/status-report.test.ts

@@ -75,6 +75,7 @@ test("createStatusReportBase", async (t) => {
       t.is(statusReport.runner_os, process.env["RUNNER_OS"]!);
       t.is(statusReport.started_at, process.env[EnvVar.WORKFLOW_STARTED_AT]!);
       t.is(statusReport.status, "failure");
+      t.is(statusReport.steady_state_default_setup, false);
       t.is(statusReport.workflow_name, process.env["GITHUB_WORKFLOW"] || "");
       t.is(statusReport.workflow_run_attempt, 2);
       t.is(statusReport.workflow_run_id, 100);

src/status-report.ts

@@ -143,6 +143,8 @@ export interface StatusReportBase {
   started_at: string;
   /** State this action is currently in. */
   status: ActionStatus;
+  /** Whether this run is part of a steady-state, and not new, default setup run. */
+  steady_state_default_setup: boolean;
   /**
    * Testing environment: Set if non-production environment.
    * The server accepts one of the following values:
@@ -270,6 +272,8 @@ export async function createStatusReportBase(
     if (testingEnvironment !== "") {
       core.exportVariable(EnvVar.TESTING_ENVIRONMENT, testingEnvironment);
     }
+    const isSteadyStateDefaultSetupRun =
+      process.env["CODE_SCANNING_IS_STEADY_STATE_DEFAULT_SETUP"] === "true";
 
     const statusReport: StatusReportBase = {
       action_name: actionName,
@@ -287,6 +291,7 @@ export async function createStatusReportBase(
       runner_os: runnerOs,
       started_at: workflowStartedAt,
       status,
+      steady_state_default_setup: isSteadyStateDefaultSetupRun,
       testing_environment: testingEnvironment,
       workflow_name: workflowName,
       workflow_run_attempt: workflowRunAttempt,
@@ -373,7 +378,6 @@ const INCOMPATIBLE_MSG =
 export async function sendStatusReport<S extends StatusReportBase>(
   statusReport: S,
 ): Promise<void> {
-  core.debug("Inside of sendsStatusReport");
   setJobStatusIfUnsuccessful(statusReport.status);
 
   const statusReportJSON = JSON.stringify(statusReport);
@@ -384,16 +388,11 @@ export async function sendStatusReport<S extends StatusReportBase>(
     return;
   }
 
-  core.debug("FOTIS WAS HERE");
-
   const nwo = getRequiredEnvParam("GITHUB_REPOSITORY");
   const [owner, repo] = nwo.split("/");
   const client = getApiClient();
 
-  core.debug("FOTIS WAS HERE 2");
-
   try {
-    core.debug("Sending status report to code scanning endpoint.");
     await client.request(
       "PUT /repos/:owner/:repo/code-scanning/analysis/status",
       {
@@ -402,9 +401,7 @@ export async function sendStatusReport<S extends StatusReportBase>(
         data: statusReportJSON,
       },
     );
-    core.debug("Successfully completed sending of report to code scanning endpoint.");
   } catch (e) {
-    core.debug("Failed to send status report to code scanning endpoint.");
     console.log(e);
     if (isHTTPError(e)) {
       switch (e.status) {

src/trap-caching.test.ts

@@ -6,20 +6,25 @@ import test from "ava";
 import * as sinon from "sinon";
 
 import * as actionsUtil from "./actions-util";
+import * as apiClient from "./api-client";
 import {
   setCodeQL,
   getTrapCachingExtractorConfigArgs,
   getTrapCachingExtractorConfigArgsForLang,
 } from "./codeql";
 import * as configUtils from "./config-utils";
+import { Feature } from "./feature-flags";
 import { Language } from "./languages";
+import { getRunnerLogger } from "./logging";
 import {
+  createFeatures,
   createTestConfig,
   getRecordingLogger,
   makeVersionInfo,
   setupTests,
 } from "./testing-utils";
 import {
+  cleanupTrapCaches,
   downloadTrapCaches,
   getLanguagesSupportingCaching,
   uploadTrapCaches,
@@ -189,3 +194,84 @@ test("download cache looks for the right key and creates dir", async (t) => {
     t.assert(fs.existsSync(path.resolve(tmpDir, "trapCaches", "javascript")));
   });
 });
+
+test("cleanup removes only old CodeQL TRAP caches", async (t) => {
+  await util.withTmpDir(async (tmpDir) => {
+    // This config specifies that we are analyzing JavaScript and Ruby, but not Swift.
+    const config = getTestConfigWithTempDir(tmpDir);
+
+    sinon.stub(actionsUtil, "getRef").resolves("refs/heads/main");
+    sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
+    const listStub = sinon.stub(apiClient, "listActionsCaches").resolves([
+      // Should be kept, since it's not relevant to CodeQL. In reality, the API shouldn't return
+      // this in the first place, but this is a defensive check.
+      {
+        id: 1,
+        key: "some-other-key",
+        created_at: "2024-05-23T14:25:00Z",
+        size_in_bytes: 100 * 1024 * 1024,
+      },
+      // Should be kept, since it's the newest TRAP cache for JavaScript
+      {
+        id: 2,
+        key: "codeql-trap-1-2.0.0-javascript-newest",
+        created_at: "2024-04-23T14:25:00Z",
+        size_in_bytes: 50 * 1024 * 1024,
+      },
+      // Should be cleaned up
+      {
+        id: 3,
+        key: "codeql-trap-1-2.0.0-javascript-older",
+        created_at: "2024-03-22T14:25:00Z",
+        size_in_bytes: 200 * 1024 * 1024,
+      },
+      // Should be cleaned up
+      {
+        id: 4,
+        key: "codeql-trap-1-2.0.0-javascript-oldest",
+        created_at: "2024-02-21T14:25:00Z",
+        size_in_bytes: 300 * 1024 * 1024,
+      },
+      // Should be kept, since it's the newest TRAP cache for Ruby
+      {
+        id: 5,
+        key: "codeql-trap-1-2.0.0-ruby-newest",
+        created_at: "2024-02-20T14:25:00Z",
+        size_in_bytes: 300 * 1024 * 1024,
+      },
+      // Should be kept, since we aren't analyzing Swift
+      {
+        id: 6,
+        key: "codeql-trap-1-2.0.0-swift-newest",
+        created_at: "2024-02-22T14:25:00Z",
+        size_in_bytes: 300 * 1024 * 1024,
+      },
+      // Should be kept, since we aren't analyzing Swift
+      {
+        id: 7,
+        key: "codeql-trap-1-2.0.0-swift-older",
+        created_at: "2024-02-21T14:25:00Z",
+        size_in_bytes: 300 * 1024 * 1024,
+      },
+    ]);
+
+    const deleteStub = sinon.stub(apiClient, "deleteActionsCache").resolves();
+
+    const statusReport = await cleanupTrapCaches(
+      config,
+      createFeatures([Feature.CleanupTrapCaches]),
+      getRunnerLogger(true),
+    );
+
+    t.is(listStub.callCount, 1);
+    t.assert(listStub.calledWithExactly("codeql-trap", "refs/heads/main"));
+
+    t.deepEqual(statusReport, {
+      trap_cache_cleanup_size_bytes: 500 * 1024 * 1024,
+    });
+
+    t.is(deleteStub.callCount, 2);
+    t.assert(deleteStub.calledWithExactly(3));
+    t.assert(deleteStub.calledWithExactly(4));
+  });
+});

src/trap-caching.ts

@@ -1,14 +1,16 @@
 import * as fs from "fs";
 import * as path from "path";
 
-import * as cache from "@actions/cache";
+import * as actionsCache from "@actions/cache";
 
 import * as actionsUtil from "./actions-util";
+import * as apiClient from "./api-client";
 import { CodeQL } from "./codeql";
 import type { Config } from "./config-utils";
+import { Feature, FeatureEnablement } from "./feature-flags";
 import { Language } from "./languages";
 import { Logger } from "./logging";
-import { tryGetFolderBytes, withTimeout } from "./util";
+import { isHTTPError, tryGetFolderBytes, withTimeout, wrapError } from "./util";
 
 // This constant should be bumped if we make a breaking change
 // to how the CodeQL Action stores or retrieves the TRAP cache,
@@ -17,6 +19,8 @@ import { tryGetFolderBytes, withTimeout } from "./util";
 // goes into the cache key.
 const CACHE_VERSION = 1;
 
+const CODEQL_TRAP_CACHE_PREFIX = "codeql-trap";
+
 // This constant sets the minimum size in megabytes of a TRAP
 // cache for us to consider it worth uploading.
 const MINIMUM_CACHE_MB_TO_UPLOAD = 10;
@@ -87,7 +91,7 @@ export async function downloadTrapCaches(
     );
     const found = await withTimeout(
       MAX_CACHE_OPERATION_MS,
-      cache.restoreCache([cacheDir], preferredKey, [
+      actionsCache.restoreCache([cacheDir], preferredKey, [
         // Fall back to any cache with the right key prefix
         await cachePrefix(codeql, language),
       ]),
@@ -147,7 +151,7 @@ export async function uploadTrapCaches(
     logger.info(`Uploading TRAP cache to Actions cache with key ${key}`);
     await withTimeout(
       MAX_CACHE_OPERATION_MS,
-      cache.saveCache([cacheDir], key),
+      actionsCache.saveCache([cacheDir], key),
       () => {
         logger.info(
           `Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading`,
@@ -158,6 +162,107 @@ export async function uploadTrapCaches(
   return true;
 }
 
+export interface TrapCacheCleanupStatusReport {
+  trap_cache_cleanup_error?: string;
+  trap_cache_cleanup_size_bytes?: number;
+  trap_cache_cleanup_skipped_because?: string;
+}
+
+export async function cleanupTrapCaches(
+  config: Config,
+  features: FeatureEnablement,
+  logger: Logger,
+): Promise<TrapCacheCleanupStatusReport> {
+  if (!(await features.getValue(Feature.CleanupTrapCaches))) {
+    return {
+      trap_cache_cleanup_skipped_because: "feature disabled",
+    };
+  }
+  if (!(await actionsUtil.isAnalyzingDefaultBranch())) {
+    return {
+      trap_cache_cleanup_skipped_because: "not analyzing default branch",
+    };
+  }
+
+  try {
+    let totalBytesCleanedUp = 0;
+
+    const allCaches = await apiClient.listActionsCaches(
+      CODEQL_TRAP_CACHE_PREFIX,
+      await actionsUtil.getRef(),
+    );
+
+    for (const language of config.languages) {
+      if (config.trapCaches[language]) {
+        const cachesToRemove = await getTrapCachesForLanguage(
+          allCaches,
+          language,
+          logger,
+        );
+        // Dates returned by the API are in ISO 8601 format, so we can sort them lexicographically
+        cachesToRemove.sort((a, b) => a.created_at.localeCompare(b.created_at));
+        // Keep the most recent cache
+        const mostRecentCache = cachesToRemove.pop();
+        logger.debug(
+          `Keeping most recent TRAP cache (${JSON.stringify(mostRecentCache)})`,
+        );
+
+        if (cachesToRemove.length === 0) {
+          logger.info(`No TRAP caches to clean up for ${language}.`);
+          continue;
+        }
+
+        for (const cache of cachesToRemove) {
+          logger.debug(`Cleaning up TRAP cache (${JSON.stringify(cache)})`);
+          await apiClient.deleteActionsCache(cache.id);
+        }
+        const bytesCleanedUp = cachesToRemove.reduce(
+          (acc, item) => acc + item.size_in_bytes,
+          0,
+        );
+        totalBytesCleanedUp += bytesCleanedUp;
+        const megabytesCleanedUp = (bytesCleanedUp / (1024 * 1024)).toFixed(2);
+        logger.info(
+          `Cleaned up ${megabytesCleanedUp} MiB of old TRAP caches for ${language}.`,
+        );
+      }
+    }
+    return { trap_cache_cleanup_size_bytes: totalBytesCleanedUp };
+  } catch (e) {
+    if (isHTTPError(e) && e.status === 403) {
+      logger.warning(
+        "Could not cleanup TRAP caches as the token did not have the required permissions. " +
+          'To clean up TRAP caches, ensure the token has the "actions:write" permission. ' +
+          "For more information, see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs",
+      );
+    } else {
+      logger.info(`Failed to cleanup TRAP caches, continuing. Details: ${e}`);
+    }
+    return { trap_cache_cleanup_error: wrapError(e).message };
+  }
+}
+
+async function getTrapCachesForLanguage(
+  allCaches: apiClient.ActionsCacheItem[],
+  language: Language,
+  logger: Logger,
+): Promise<Array<Required<apiClient.ActionsCacheItem>>> {
+  logger.debug(`Listing TRAP caches for ${language}`);
+
+  for (const cache of allCaches) {
+    if (!cache.created_at || !cache.id || !cache.key || !cache.size_in_bytes) {
+      throw new Error(
+        "An unexpected cache item was returned from the API that was missing one or " +
+          `more required fields: ${JSON.stringify(cache)}`,
+      );
+    }
+  }
+
+  return allCaches.filter((cache) => {
+    return cache.key?.includes(`-${language}-`);
+  }) as Array<Required<apiClient.ActionsCacheItem>>;
+}
+
 export async function getLanguagesSupportingCaching(
   codeql: CodeQL,
   languages: Language[],
@@ -225,7 +330,7 @@ async function cachePrefix(
   codeql: CodeQL,
   language: Language,
 ): Promise<string> {
-  return `codeql-trap-${CACHE_VERSION}-${
+  return `${CODEQL_TRAP_CACHE_PREFIX}-${CACHE_VERSION}-${
     (await codeql.getVersion()).version
   }-${language}-`;
 }