Merge pull request #2908 from github/henrymercer/dependabot

Dependabot: Remove deprecated `reviewers` config

.github/dependabot.yml

@@ -2,8 +2,6 @@ version: 2
 updates:
   - package-ecosystem: npm
     directory: "/"
-    reviewers:
-      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     labels:
@@ -26,8 +24,6 @@ updates:
           - "*"
   - package-ecosystem: github-actions
     directory: "/"
-    reviewers:
-      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     groups:
@@ -36,8 +32,6 @@ updates:
           - "*"
   - package-ecosystem: github-actions
     directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
-    reviewers:
-      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     groups:

.github/workflows/__rubocop-multi-language.yml

@@ -46,7 +46,7 @@ jobs:
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
       - name: Set up Ruby
-        uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1.229.0
+        uses: ruby/setup-ruby@13e7a03dc3ac6c3798f4570bfead2aed4d96abfb # v1.244.0
         with:
           ruby-version: 2.6
       - name: Install Code Scanning integration

.github/workflows/codeql.yml

@@ -75,7 +75,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-20.04,ubuntu-22.04,windows-2019,windows-2022,macos-13,macos-14]
+        os: [ubuntu-22.04,ubuntu-24.04,windows-2019,windows-2022,macos-13,macos-14]
         tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
     runs-on: ${{ matrix.os }}
 

.github/workflows/codescanning-config-cli.yml

@@ -3,6 +3,9 @@
 name: Code-Scanning config CLI tests
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  # Diff informed queries add an additional query filter which is not yet
+  # taken into account by these tests.
+  CODEQL_ACTION_DIFF_INFORMED_QUERIES: false
 
 on:
   push:

.github/workflows/post-release-mergeback.yml

@@ -168,7 +168,7 @@ jobs:
             --draft
 
       - name: Generate token
-        uses: actions/create-github-app-token@v2.0.2
+        uses: actions/create-github-app-token@v2.0.6
         id: app-token
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}

.github/workflows/update-release-branch.yml

@@ -124,7 +124,7 @@ jobs:
       pull-requests: write # needed to create pull request
     steps:
     - name: Generate token
-      uses: actions/create-github-app-token@v2.0.2
+      uses: actions/create-github-app-token@v2.0.6
       id: app-token
       with:
         app-id: ${{ vars.AUTOMATION_APP_ID }}

CHANGELOG.md

@@ -4,7 +4,24 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 ## [UNRELEASED]
 
-No user facing changes.
+- The CodeQL Action no longer includes its own copy of the extractor for the `actions` language, which is currently in public preview.
+  The `actions` extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the `actions` language _and_ you have pinned
+  your `tools:` property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable
+  `actions` analysis.
+
+## 3.28.18 - 16 May 2025
+
+- Update default CodeQL bundle version to 2.21.3. [#2893](https://github.com/github/codeql-action/pull/2893)
+- Skip validating SARIF produced by CodeQL for improved performance. [#2894](https://github.com/github/codeql-action/pull/2894)
+- The number of threads and amount of RAM used by CodeQL can now be set via the `CODEQL_THREADS` and `CODEQL_RAM` runner environment variables. If set, these environment variables override the `threads` and `ram` inputs respectively. [#2891](https://github.com/github/codeql-action/pull/2891)
+
+## 3.28.17 - 02 May 2025
+
+- Update default CodeQL bundle version to 2.21.2. [#2872](https://github.com/github/codeql-action/pull/2872)
+
+## 3.28.16 - 23 Apr 2025
+
+- Update default CodeQL bundle version to 2.21.1. [#2863](https://github.com/github/codeql-action/pull/2863)
 
 ## 3.28.15 - 07 Apr 2025
 

README.md

@@ -70,10 +70,11 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n
 
 | Minimum CodeQL Action | Minimum CodeQL Bundle Version | GitHub Environment | Notes |
 |-----------------------|-------------------------------|--------------------|-------|
-| `v3.26.6`  | `2.18.4` | Enterprise Server 3.15 | |
-| `v3.25.11` | `2.17.6` | Enterprise Server 3.14 | |
-| `v3.24.11` | `2.16.6` | Enterprise Server 3.13 | |
-| `v3.22.12` | `2.15.5` | Enterprise Server 3.12 | |
+| `v3.28.12`  | `2.20.7` | Enterprise Server 3.17 | |
+| `v3.28.6`  | `2.20.3` | Enterprise Server 3.16 | |
+| `v3.28.6`  | `2.20.3` | Enterprise Server 3.15 | |
+| `v3.28.6` | `2.20.3` | Enterprise Server 3.14 | |
+| `v3.28.6` | `2.20.3` | Enterprise Server 3.13 | |
 
 See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).
 

actions-extractor/codeql-extractor.yml

@@ -1,44 +0,0 @@
-name: "actions"
-aliases: []
-display_name: "GitHub Actions"
-version: 0.0.1
-column_kind: "utf16"
-unicode_newlines: true
-build_modes:
-  - none
-file_coverage_languages: []
-github_api_languages: []
-scc_languages: []
-file_types:
-  - name: workflow
-    display_name: GitHub Actions workflow files
-    extensions:
-      - .yml
-      - .yaml
-forwarded_extractor_name: javascript
-options:
-  trap:
-    title: TRAP options
-    description: Options about how the extractor handles TRAP files
-    type: object
-    visibility: 3
-    properties:
-      cache:
-        title: TRAP cache options
-        description: Options about how the extractor handles its TRAP cache
-        type: object
-        properties:
-          dir:
-            title: TRAP cache directory
-            description: The directory of the TRAP cache to use
-            type: string
-          bound:
-            title: TRAP cache bound
-            description: A soft limit (in MB) on the size of the TRAP cache
-            type: string
-            pattern: "[0-9]+"
-          write:
-            title: TRAP cache writeable
-            description: Whether to write to the TRAP cache as well as reading it
-            type: string
-            pattern: "(true|TRUE|false|FALSE)"

actions-extractor/tools/autobuild-impl.ps1

@@ -1,40 +0,0 @@
-if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) -or ($null -ne $env:LGTM_INDEX_FILTERS)) {
-    Write-Output 'Path filters set. Passing them through to the JavaScript extractor.' 
-} else {
-    Write-Output 'No path filters set. Using the default filters.'
-    $DefaultPathFilters = @(
-        'exclude:**/*',
-        'include:.github/workflows/**/*.yml',
-        'include:.github/workflows/**/*.yaml',
-        'include:**/action.yml',
-        'include:**/action.yaml'
-    )
-
-    $env:LGTM_INDEX_FILTERS = $DefaultPathFilters -join "`n"
-}
-
-# Find the JavaScript extractor directory via `codeql resolve extractor`.
-$CodeQL = Join-Path $env:CODEQL_DIST 'codeql.exe'
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &$CodeQL resolve extractor --language javascript
-if ($LASTEXITCODE -ne 0) {
-    throw 'Failed to resolve JavaScript extractor.'
-}
-
-Write-Output "Found JavaScript extractor at '${env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'."
-
-# Run the JavaScript autobuilder.
-$JavaScriptAutoBuild = Join-Path $env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT 'tools\autobuild.cmd'
-Write-Output "Running JavaScript autobuilder at '${JavaScriptAutoBuild}'."
-
-# Copy the values of the Actions extractor environment variables to the JavaScript extractor environment variables.
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_DIAGNOSTIC_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_LOG_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_LOG_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_SCRATCH_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE = $env:CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE
-
-&$JavaScriptAutoBuild
-if ($LASTEXITCODE -ne 0) {
-    throw "JavaScript autobuilder failed."
-}

actions-extractor/tools/autobuild.cmd

@@ -1,3 +0,0 @@
-@echo off
-rem All of the work is done in the PowerShell script
-powershell.exe %~dp0autobuild-impl.ps1

actions-extractor/tools/autobuild.sh

@@ -1,39 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-DEFAULT_PATH_FILTERS=$(cat << END
-exclude:**/*
-include:.github/workflows/**/*.yml
-include:.github/workflows/**/*.yaml
-include:**/action.yml
-include:**/action.yaml
-END
-)
-
-if [ -n "${LGTM_INDEX_INCLUDE:-}" ] || [ -n "${LGTM_INDEX_EXCLUDE:-}" ] || [ -n "${LGTM_INDEX_FILTERS:-}" ] ; then
-    echo "Path filters set. Passing them through to the JavaScript extractor."
-else
-    echo "No path filters set. Using the default filters."
-    LGTM_INDEX_FILTERS="${DEFAULT_PATH_FILTERS}"
-    export LGTM_INDEX_FILTERS
-fi
-
-# Find the JavaScript extractor directory via `codeql resolve extractor`.
-CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$($CODEQL_DIST/codeql resolve extractor --language javascript)"
-export CODEQL_EXTRACTOR_JAVASCRIPT_ROOT
-
-echo "Found JavaScript extractor at '${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'."
-
-# Run the JavaScript autobuilder
-JAVASCRIPT_AUTO_BUILD="${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}/tools/autobuild.sh"
-echo "Running JavaScript autobuilder at '${JAVASCRIPT_AUTO_BUILD}'."
-
-# Copy the values of the Actions extractor environment variables to the JavaScript extractor environment variables.
-env CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR="${CODEQL_EXTRACTOR_ACTIONS_DIAGNOSTIC_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_LOG_DIR="${CODEQL_EXTRACTOR_ACTIONS_LOG_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR="${CODEQL_EXTRACTOR_ACTIONS_SCRATCH_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR="${CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR="${CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE}" \
-    ${JAVASCRIPT_AUTO_BUILD}

lib/analyze.js

@@ -64,7 +64,6 @@ const logging_1 = require("./logging");
 const repository_1 = require("./repository");
 const tools_features_1 = require("./tools-features");
 const tracer_config_1 = require("./tracer-config");
-const upload_lib_1 = require("./upload-lib");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 class CodeQLAnalysisError extends Error {
@@ -343,7 +342,12 @@ function writeDiffRangeDataExtensionPack(logger, ranges) {
         ranges = [{ path: "", startLine: 0, endLine: 0 }];
     }
     const diffRangeDir = path.join(actionsUtil.getTemporaryDirectory(), "pr-diff-range");
-    fs.mkdirSync(diffRangeDir);
+    // We expect the Actions temporary directory to already exist, so are mainly
+    // using `recursive: true` to avoid errors if the directory already exists,
+    // for example if the analyze Action is run multiple times in the same job.
+    // This is not really something that is supported, but we make use of it in
+    // tests.
+    fs.mkdirSync(diffRangeDir, { recursive: true });
     fs.writeFileSync(path.join(diffRangeDir, "qlpack.yml"), `
 name: codeql-action/pr-diff-range
 version: 0.0.0
@@ -424,7 +428,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
             logger.endGroup();
             logger.info(analysisSummary);
             if (await features.getValue(feature_flags_1.Feature.QaTelemetryEnabled)) {
-                const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile, logger);
+                const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile);
                 const perQueryAlertCountEventReport = {
                     event: "codeql database interpret-results",
                     started_at: startTimeInterpretResults.toISOString(),
@@ -452,8 +456,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", sarifRunPropertyFlag, automationDetailsId, config, features);
     }
     /** Get an object with all queries and their counts parsed from a SARIF file path. */
-    function getPerQueryAlertCounts(sarifPath, log) {
-        (0, upload_lib_1.validateSarifFileSchema)(sarifPath, log);
+    function getPerQueryAlertCounts(sarifPath) {
         const sarifObject = JSON.parse(fs.readFileSync(sarifPath, "utf8"));
         // We do not need to compute fingerprints because we are not sending data based off of locations.
         // Generate the query: alert count object

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.17", "minimumVersion": "3.12" }
+{ "maximumVersion": "3.17", "minimumVersion": "3.13" }

lib/codeql.js

@@ -54,7 +54,6 @@ const doc_url_1 = require("./doc-url");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const git_utils_1 = require("./git-utils");
-const languages_1 = require("./languages");
 const overlay_database_utils_1 = require("./overlay-database-utils");
 const setupCodeql = __importStar(require("./setup-codeql"));
 const tools_features_1 = require("./tools-features");
@@ -78,15 +77,15 @@ const CODEQL_MINIMUM_VERSION = "2.15.5";
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.
  */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.15.5";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.16.6";
 /**
  * This is the version of GHES that was most recently deprecated.
  */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.11";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.12";
 /**
  * This is the deprecation date for the version of GHES that was most recently deprecated.
  */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-12-19";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2025-04-03";
 /** The CLI verbosity level to use for extraction in debug mode. */
 const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
 /*
@@ -262,19 +261,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 extraArgs.push(...(await getTrapCachingExtractorConfigArgs(config)));
                 extraArgs.push(`--trace-process-name=${processName}`);
             }
-            if (config.languages.indexOf(languages_1.Language.actions) >= 0) {
-                // We originally added an embedded version of the Actions extractor to the CodeQL Action
-                // itself in order to deploy the extractor between CodeQL releases. When we did add the
-                // extractor to the CLI, though, its autobuild script was missing the execute bit.
-                // 2.20.6 is the first CLI release with the fully-functional extractor in the CLI. For older
-                // versions, we'll keep using the embedded extractor. We can remove the embedded extractor
-                // once 2.20.6 is deployed in the runner images.
-                if (!(await util.codeQlVersionAtLeast(codeql, "2.20.6"))) {
-                    extraArgs.push("--search-path");
-                    const extractorPath = path.resolve(__dirname, "../actions-extractor");
-                    extraArgs.push(extractorPath);
-                }
-            }
             const codeScanningConfigFile = await generateCodeScanningConfig(config, logger);
             const externalRepositoryToken = (0, actions_util_1.getOptionalInput)("external-repository-token");
             extraArgs.push(`--codescanning-config=${codeScanningConfigFile}`);

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.21.0",
-    "cliVersion": "2.21.0",
-    "priorBundleVersion": "codeql-bundle-v2.20.7",
-    "priorCliVersion": "2.20.7"
+    "bundleVersion": "codeql-bundle-v2.21.3",
+    "cliVersion": "2.21.3",
+    "priorBundleVersion": "codeql-bundle-v2.21.2",
+    "priorCliVersion": "2.21.2"
 }

lib/dependency-caching.js

@@ -57,7 +57,8 @@ function getJavaTempDependencyDir() {
 /**
  * Default caching configurations per language.
  */
-const CODEQL_DEFAULT_CACHE_CONFIG = {
+function getDefaultCacheConfig() {
+    return {
         java: {
             paths: [
                 // Maven
@@ -92,7 +93,8 @@ const CODEQL_DEFAULT_CACHE_CONFIG = {
             paths: [(0, path_1.join)(os.homedir(), "go", "pkg", "mod")],
             hash: ["**/go.sum"],
         },
-};
+    };
+}
 async function makeGlobber(patterns) {
     return glob.create(patterns.join("\n"));
 }
@@ -106,7 +108,7 @@ async function makeGlobber(patterns) {
 async function downloadDependencyCaches(languages, logger) {
     const restoredCaches = [];
     for (const language of languages) {
-        const cacheConfig = CODEQL_DEFAULT_CACHE_CONFIG[language];
+        const cacheConfig = getDefaultCacheConfig()[language];
         if (cacheConfig === undefined) {
             logger.info(`Skipping download of dependency cache for ${language} as we have no caching configuration for it.`);
             continue;
@@ -140,7 +142,7 @@ async function downloadDependencyCaches(languages, logger) {
  */
 async function uploadDependencyCaches(config, logger) {
     for (const language of config.languages) {
-        const cacheConfig = CODEQL_DEFAULT_CACHE_CONFIG[language];
+        const cacheConfig = getDefaultCacheConfig()[language];
         if (cacheConfig === undefined) {
             logger.info(`Skipping upload of dependency cache for ${language} as we have no caching configuration for it.`);
             continue;

lib/dependency-caching.js.map

@@ -1 +1 @@
-{"version":3,"file":"dependency-caching.js","sourceRoot":"","sources":["../src/dependency-caching.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,4DAEC;AAqDD,4DAmDC;AAQD,wDAiEC;AAvND,uCAAyB;AACzB,+BAA4B;AAE5B,6DAA+C;AAC/C,oDAAsC;AAEtC,iDAAuD;AACvD,mDAAoD;AAEpD,+CAAuC;AAGvC,iCAA6C;AAgB7C,MAAM,8BAA8B,GAAG,qBAAqB,CAAC;AAC7D,MAAM,+BAA+B,GAAG,CAAC,CAAC;AAE1C;;;;GAIG;AACH,SAAgB,wBAAwB;IACtC,OAAO,IAAA,WAAI,EAAC,IAAA,oCAAqB,GAAE,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,MAAM,2BAA2B,GAAwC;IACvE,IAAI,EAAE;QACJ,KAAK,EAAE;YACL,QAAQ;YACR,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC;YACvC,SAAS;YACT,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC;YACvC,+BAA+B;YAC/B,wBAAwB,EAAE;SAC3B;QACD,IAAI,EAAE;YACJ,QAAQ;YACR,YAAY;YACZ,SAAS;YACT,cAAc;YACd,8BAA8B;YAC9B,yBAAyB;YACzB,6BAA6B;YAC7B,wBAAwB;YACxB,wBAAwB;SACzB;KACF;IACD,MAAM,EAAE;QACN,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QACjD,IAAI,EAAE;YACJ,QAAQ;YACR,uBAAuB;YACvB,QAAQ;YACR,eAAe;SAChB;KACF;IACD,EAAE,EAAE;QACF,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QAC/C,IAAI,EAAE,CAAC,WAAW,CAAC;KACpB;CACF,CAAC;AAEF,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,wBAAwB,CAC5C,SAAqB,EACrB,MAAc;IAEd,MAAM,cAAc,GAAe,EAAE,CAAC;IAEtC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,WAAW,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAC;QAE1D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,8CAA8C,CACpG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,mDAAmD,CACzG,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACzD,MAAM,WAAW,GAAa,CAAC,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE5D,MAAM,CAAC,IAAI,CACT,yBAAyB,QAAQ,aAAa,UAAU,qBAAqB,WAAW,CAAC,IAAI,CAC3F,IAAI,CACL,EAAE,CACJ,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,YAAY,CAC5C,WAAW,CAAC,KAAK,EACjB,UAAU,EACV,WAAW,CACZ,CAAC;QAEF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,oBAAoB,MAAM,QAAQ,QAAQ,GAAG,CAAC,CAAC;YAC3D,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,+BAA+B,QAAQ,GAAG,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,sBAAsB,CAAC,MAAc,EAAE,MAAc;IACzE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAC;QAE1D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,8CAA8C,CAClG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,mDAAmD,CACvG,CAAC;YACF,SAAS;QACX,CAAC;QAED,yGAAyG;QACzG,uGAAuG;QACvG,uCAAuC;QACvC,uGAAuG;QACvG,uGAAuG;QACvG,sCAAsC;QACtC,uGAAuG;QACvG,sGAAsG;QACtG,sGAAsG;QACtG,4CAA4C;QAC5C,MAAM,IAAI,GAAG,MAAM,IAAA,iCAAiB,EAAC,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAEtE,iCAAiC;QACjC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,qBAAqB,CACzE,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAElD,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,QAAQ,QAAQ,aAAa,GAAG,KAAK,CACrE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,yFAAyF;YACzF,uFAAuF;YACvF,gCAAgC;YAChC,IAAI,KAAK,YAAY,YAAY,CAAC,iBAAiB,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CACT,2BAA2B,QAAQ,aAAa,GAAG,qBAAqB,CACzE,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,kCAAkC;gBAClC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,QAAQ,CACrB,QAAkB,EAClB,WAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,OAAO,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,CAAC;AACjD,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,WAAW,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,yBAAyB,CAAC,CAAC;IACnE,IAAI,MAAM,GAAG,8BAA8B,CAAC;IAE5C,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,MAAM,IAAI,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,+BAA+B,IAAI,QAAQ,IAAI,QAAQ,GAAG,CAAC;AACjF,CAAC"}
+{"version":3,"file":"dependency-caching.js","sourceRoot":"","sources":["../src/dependency-caching.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,4DAEC;AAuDD,4DAmDC;AAQD,wDAiEC;AAzND,uCAAyB;AACzB,+BAA4B;AAE5B,6DAA+C;AAC/C,oDAAsC;AAEtC,iDAAuD;AACvD,mDAAoD;AAEpD,+CAAuC;AAGvC,iCAA6C;AAgB7C,MAAM,8BAA8B,GAAG,qBAAqB,CAAC;AAC7D,MAAM,+BAA+B,GAAG,CAAC,CAAC;AAE1C;;;;GAIG;AACH,SAAgB,wBAAwB;IACtC,OAAO,IAAA,WAAI,EAAC,IAAA,oCAAqB,GAAE,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB;IAC5B,OAAO;QACL,IAAI,EAAE;YACJ,KAAK,EAAE;gBACL,QAAQ;gBACR,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC;gBACvC,SAAS;gBACT,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC;gBACvC,+BAA+B;gBAC/B,wBAAwB,EAAE;aAC3B;YACD,IAAI,EAAE;gBACJ,QAAQ;gBACR,YAAY;gBACZ,SAAS;gBACT,cAAc;gBACd,8BAA8B;gBAC9B,yBAAyB;gBACzB,6BAA6B;gBAC7B,wBAAwB;gBACxB,wBAAwB;aACzB;SACF;QACD,MAAM,EAAE;YACN,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;YACjD,IAAI,EAAE;gBACJ,QAAQ;gBACR,uBAAuB;gBACvB,QAAQ;gBACR,eAAe;aAChB;SACF;QACD,EAAE,EAAE;YACF,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;YAC/C,IAAI,EAAE,CAAC,WAAW,CAAC;SACpB;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,wBAAwB,CAC5C,SAAqB,EACrB,MAAc;IAEd,MAAM,cAAc,GAAe,EAAE,CAAC;IAEtC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEtD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,8CAA8C,CACpG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,mDAAmD,CACzG,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACzD,MAAM,WAAW,GAAa,CAAC,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE5D,MAAM,CAAC,IAAI,CACT,yBAAyB,QAAQ,aAAa,UAAU,qBAAqB,WAAW,CAAC,IAAI,CAC3F,IAAI,CACL,EAAE,CACJ,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,YAAY,CAC5C,WAAW,CAAC,KAAK,EACjB,UAAU,EACV,WAAW,CACZ,CAAC;QAEF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,oBAAoB,MAAM,QAAQ,QAAQ,GAAG,CAAC,CAAC;YAC3D,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,+BAA+B,QAAQ,GAAG,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,sBAAsB,CAAC,MAAc,EAAE,MAAc;IACzE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEtD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,8CAA8C,CAClG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,mDAAmD,CACvG,CAAC;YACF,SAAS;QACX,CAAC;QAED,yGAAyG;QACzG,uGAAuG;QACvG,uCAAuC;QACvC,uGAAuG;QACvG,uGAAuG;QACvG,sCAAsC;QACtC,uGAAuG;QACvG,sGAAsG;QACtG,sGAAsG;QACtG,4CAA4C;QAC5C,MAAM,IAAI,GAAG,MAAM,IAAA,iCAAiB,EAAC,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAEtE,iCAAiC;QACjC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,qBAAqB,CACzE,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAElD,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,QAAQ,QAAQ,aAAa,GAAG,KAAK,CACrE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,yFAAyF;YACzF,uFAAuF;YACvF,gCAAgC;YAChC,IAAI,KAAK,YAAY,YAAY,CAAC,iBAAiB,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CACT,2BAA2B,QAAQ,aAAa,GAAG,qBAAqB,CACzE,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,kCAAkC;gBAClC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,QAAQ,CACrB,QAAkB,EAClB,WAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,OAAO,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,CAAC;AACjD,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,WAAW,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,yBAAyB,CAAC,CAAC;IACnE,IAAI,MAAM,GAAG,8BAA8B,CAAC;IAE5C,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,MAAM,IAAI,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,+BAA+B,IAAI,QAAQ,IAAI,QAAQ,GAAG,CAAC;AACjF,CAAC"}

lib/init-action.js

@@ -319,7 +319,8 @@ async function run() {
         // for details.
         core.exportVariable("CODEQL_RAM", process.env["CODEQL_RAM"] ||
             (0, util_1.getMemoryFlagValue)((0, actions_util_1.getOptionalInput)("ram"), logger).toString());
-        core.exportVariable("CODEQL_THREADS", (0, util_1.getThreadsFlagValue)((0, actions_util_1.getOptionalInput)("threads"), logger).toString());
+        core.exportVariable("CODEQL_THREADS", process.env["CODEQL_THREADS"] ||
+            (0, util_1.getThreadsFlagValue)((0, actions_util_1.getOptionalInput)("threads"), logger).toString());
         // Disable Kotlin extractor if feature flag set
         if (await features.getValue(feature_flags_1.Feature.DisableKotlinAnalysisEnabled)) {
             core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");

lib/start-proxy-action.js

@@ -43,8 +43,8 @@ const logging_1 = require("./logging");
 const start_proxy_1 = require("./start-proxy");
 const util = __importStar(require("./util"));
 const UPDATEJOB_PROXY = "update-job-proxy";
-const UPDATEJOB_PROXY_VERSION = "v2.0.20241023203727";
-const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.18.1/";
+const UPDATEJOB_PROXY_VERSION = "v2.0.20250424171100";
+const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.1/";
 const KEY_SIZE = 2048;
 const KEY_EXPIRY_YEARS = 2;
 const CERT_SUBJECT = [

lib/start-proxy.js

@@ -10,10 +10,10 @@ const LANGUAGE_TO_REGISTRY_TYPE = {
     python: "python_index",
     ruby: "rubygems_server",
     rust: "cargo_registry",
+    go: "goproxy_server",
     // We do not have an established proxy type for these languages, thus leaving empty.
     actions: "",
     cpp: "",
-    go: "",
     swift: "",
 };
 // getCredentials returns registry credentials from action inputs.

lib/start-proxy.js.map

@@ -1 +1 @@
-{"version":3,"file":"start-proxy.js","sourceRoot":"","sources":["../src/start-proxy.ts"],"names":[],"mappings":";;AA8BA,wCA2EC;AAzGD,2CAAsD;AAEtD,iCAA4C;AAW5C,MAAM,yBAAyB,GAA6B;IAC1D,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,cAAc;IAC1B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,gBAAgB;IACtB,oFAAoF;IACpF,OAAO,EAAE,EAAE;IACX,GAAG,EAAE,EAAE;IACP,EAAE,EAAE,EAAE;IACN,KAAK,EAAE,EAAE;CACD,CAAC;AAEX,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAgB,cAAc,CAC5B,MAAc,EACd,eAAmC,EACnC,qBAAyC,EACzC,cAAkC;IAElC,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,uBAAuB,GAAG,QAAQ;QACtC,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtD,MAAM,IAAI,yBAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChD,yFAAyF;YACzF,MAAM,IAAI,yBAAkB,CAC1B,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAED,kFAAkF;QAClF,iEAAiE;QACjE,IAAI,uBAAuB,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAuB,EAAW,EAAE;YACvD,OAAO,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjD,CAAC,CAAC;QAEF,IACE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;YACnB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EACrB,CAAC;YACD,MAAM,IAAI,yBAAkB,CAC1B,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"start-proxy.js","sourceRoot":"","sources":["../src/start-proxy.ts"],"names":[],"mappings":";;AA8BA,wCA2EC;AAzGD,2CAAsD;AAEtD,iCAA4C;AAW5C,MAAM,yBAAyB,GAA6B;IAC1D,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,cAAc;IAC1B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,gBAAgB;IACtB,EAAE,EAAE,gBAAgB;IACpB,oFAAoF;IACpF,OAAO,EAAE,EAAE;IACX,GAAG,EAAE,EAAE;IACP,KAAK,EAAE,EAAE;CACD,CAAC;AAEX,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAgB,cAAc,CAC5B,MAAc,EACd,eAAmC,EACnC,qBAAyC,EACzC,cAAkC;IAElC,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,uBAAuB,GAAG,QAAQ;QACtC,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtD,MAAM,IAAI,yBAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChD,yFAAyF;YACzF,MAAM,IAAI,yBAAkB,CAC1B,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAED,kFAAkF;QAClF,iEAAiE;QACjE,IAAI,uBAAuB,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAuB,EAAW,EAAE;YACvD,OAAO,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjD,CAAC,CAAC;QAEF,IACE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;YACnB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EACrB,CAAC;YACD,MAAM,IAAI,yBAAkB,CAC1B,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

lib/status-report.js

@@ -149,10 +149,10 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi
         const runnerOs = (0, util_1.getRequiredEnvParam)("RUNNER_OS");
         const codeQlCliVersion = (0, util_1.getCachedCodeQlVersion)();
         const actionRef = process.env["GITHUB_ACTION_REF"] || "";
-        const testingEnvironment = process.env[environment_1.EnvVar.TESTING_ENVIRONMENT] || "";
+        const testingEnvironment = (0, util_1.getTestingEnvironment)();
         // re-export the testing environment variable so that it is available to subsequent steps,
         // even if it was only set for this step
-        if (testingEnvironment !== "") {
+        if (testingEnvironment) {
             core.exportVariable(environment_1.EnvVar.TESTING_ENVIRONMENT, testingEnvironment);
         }
         const isSteadyStateDefaultSetupRun = process.env["CODE_SCANNING_IS_STEADY_STATE_DEFAULT_SETUP"] === "true";
@@ -173,7 +173,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi
             started_at: workflowStartedAt,
             status,
             steady_state_default_setup: isSteadyStateDefaultSetupRun,
-            testing_environment: testingEnvironment,
+            testing_environment: testingEnvironment || "",
             workflow_name: workflowName,
             workflow_run_attempt: workflowRunAttempt,
             workflow_run_id: workflowRunID,

lib/upload-lib.js

@@ -40,6 +40,7 @@ exports.InvalidSarifUploadError = void 0;
 exports.shouldShowCombineSarifFilesDeprecationWarning = shouldShowCombineSarifFilesDeprecationWarning;
 exports.populateRunAutomationDetails = populateRunAutomationDetails;
 exports.findSarifFilesInDir = findSarifFilesInDir;
+exports.readSarifFile = readSarifFile;
 exports.validateSarifFileSchema = validateSarifFileSchema;
 exports.buildPayload = buildPayload;
 exports.uploadFiles = uploadFiles;
@@ -324,17 +325,24 @@ function countResultsInSarif(sarif) {
     }
     return numResults;
 }
-// Validates that the given file path refers to a valid SARIF file.
-// Throws an error if the file is invalid.
-function validateSarifFileSchema(sarifFilePath, logger) {
-    logger.info(`Validating ${sarifFilePath}`);
-    let sarif;
+function readSarifFile(sarifFilePath) {
     try {
-        sarif = JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
+        return JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
     }
     catch (e) {
         throw new InvalidSarifUploadError(`Invalid SARIF. JSON syntax error: ${(0, util_1.getErrorMessage)(e)}`);
     }
+}
+// Validates the given SARIF object and throws an error if the SARIF object is invalid.
+// The file path is only used in error messages to improve clarity.
+function validateSarifFileSchema(sarif, sarifFilePath, logger) {
+    if (areAllRunsProducedByCodeQL([sarif]) &&
+        // We want to validate CodeQL SARIF in testing environments.
+        !util.getTestingEnvironment()) {
+        logger.debug(`Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.`);
+        return;
+    }
+    logger.info(`Validating ${sarifFilePath}`);
     // eslint-disable-next-line @typescript-eslint/no-require-imports
     const schema = require("../src/sarif-schema-2.1.0.json");
     const result = new jsonschema.Validator().validate(sarif, schema);
@@ -402,27 +410,28 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
     return payloadObj;
 }
 /**
- * Uploads a single SARIF file or a directory of SARIF files depending on what `sarifPath` refers
+ * Uploads a single SARIF file or a directory of SARIF files depending on what `inputSarifPath` refers
  * to.
  */
-async function uploadFiles(sarifPath, checkoutPath, category, features, logger) {
-    const sarifFiles = getSarifFilePaths(sarifPath);
+async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger) {
+    const sarifPaths = getSarifFilePaths(inputSarifPath);
     logger.startGroup("Uploading results");
-    logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);
+    logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
     const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
-    try {
+    let sarif;
+    if (sarifPaths.length > 1) {
         // Validate that the files we were asked to upload are all valid SARIF files
-        for (const file of sarifFiles) {
-            validateSarifFileSchema(file, logger);
+        for (const sarifPath of sarifPaths) {
+            const parsedSarif = readSarifFile(sarifPath);
+            validateSarifFileSchema(parsedSarif, sarifPath, logger);
         }
+        sarif = await combineSarifFilesUsingCLI(sarifPaths, gitHubVersion, features, logger);
     }
-    catch (e) {
-        if (e instanceof SyntaxError) {
-            throw new InvalidSarifUploadError(e.message);
+    else {
+        const sarifPath = sarifPaths[0];
+        sarif = readSarifFile(sarifPath);
+        validateSarifFileSchema(sarif, sarifPath, logger);
     }
-        throw e;
-    }
-    let sarif = await combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger);
     sarif = filterAlertsByDiffRange(logger, sarif);
     sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger);
     const analysisKey = await api.getAnalysisKey();

lib/upload-lib.test.js

@@ -49,11 +49,11 @@ ava_1.default.beforeEach(() => {
 });
 (0, ava_1.default)("validateSarifFileSchema - valid", (t) => {
     const inputFile = `${__dirname}/../src/testdata/valid-sarif.sarif`;
-    t.notThrows(() => uploadLib.validateSarifFileSchema(inputFile, (0, logging_1.getRunnerLogger)(true)));
+    t.notThrows(() => uploadLib.validateSarifFileSchema(uploadLib.readSarifFile(inputFile), inputFile, (0, logging_1.getRunnerLogger)(true)));
 });
 (0, ava_1.default)("validateSarifFileSchema - invalid", (t) => {
     const inputFile = `${__dirname}/../src/testdata/invalid-sarif.sarif`;
-    t.throws(() => uploadLib.validateSarifFileSchema(inputFile, (0, logging_1.getRunnerLogger)(true)));
+    t.throws(() => uploadLib.validateSarifFileSchema(uploadLib.readSarifFile(inputFile), inputFile, (0, logging_1.getRunnerLogger)(true)));
 });
 (0, ava_1.default)("validate correct payload used for push, PR merge commit, and PR head", async (t) => {
     process.env["GITHUB_EVENT_NAME"] = "push";
@@ -202,7 +202,7 @@ ava_1.default.beforeEach(() => {
         },
     };
     const sarifFile = `${__dirname}/../src/testdata/with-invalid-uri.sarif`;
-    uploadLib.validateSarifFileSchema(sarifFile, mockLogger);
+    uploadLib.validateSarifFileSchema(uploadLib.readSarifFile(sarifFile), sarifFile, mockLogger);
     t.deepEqual(loggedMessages.length, 3);
     t.deepEqual(loggedMessages[1], "Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].tool.driver.rules[0].helpUri'.", "Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].results[0].locations[0].physicalLocation.artifactLocation.uri'.");
 });

lib/util.js

@@ -62,6 +62,7 @@ exports.bundleDb = bundleDb;
 exports.delay = delay;
 exports.isGoodVersion = isGoodVersion;
 exports.isInTestMode = isInTestMode;
+exports.getTestingEnvironment = getTestingEnvironment;
 exports.doesDirectoryExist = doesDirectoryExist;
 exports.listFolder = listFolder;
 exports.tryGetFolderBytes = tryGetFolderBytes;
@@ -577,15 +578,27 @@ async function delay(milliseconds, opts) {
 function isGoodVersion(versionSpec) {
     return !BROKEN_VERSIONS.includes(versionSpec);
 }
-/*
- * Returns whether we are in test mode.
+/**
+ * Returns whether we are in test mode. This is used by CodeQL Action PR checks.
  *
  * In test mode, we don't upload SARIF results or status reports to the GitHub API.
  */
 function isInTestMode() {
     return process.env[environment_1.EnvVar.TEST_MODE] === "true";
 }
-/*
+/**
+ * Get the testing environment.
+ *
+ * This is set if the CodeQL Action is running in a non-production environment.
+ */
+function getTestingEnvironment() {
+    const testingEnvironment = process.env[environment_1.EnvVar.TESTING_ENVIRONMENT] || "";
+    if (testingEnvironment === "") {
+        return undefined;
+    }
+    return testingEnvironment;
+}
+/**
  * Returns whether the path in the argument represents an existing directory.
  */
 function doesDirectoryExist(dirPath) {

lib/workflow.js

@@ -51,7 +51,6 @@ const zlib_1 = __importDefault(require("zlib"));
 const core = __importStar(require("@actions/core"));
 const yaml = __importStar(require("js-yaml"));
 const api = __importStar(require("./api-client"));
-const environment_1 = require("./environment");
 const util_1 = require("./util");
 function toCodedErrors(errors) {
     return Object.entries(errors).reduce((acc, [code, message]) => {
@@ -274,8 +273,7 @@ function getInputOrThrow(workflow, jobName, actionName, inputName, matrixVars) {
  * This allows us to test workflow parsing functionality as a CodeQL Action PR check.
  */
 function getAnalyzeActionName() {
-    if ((0, util_1.isInTestMode)() ||
-        process.env[environment_1.EnvVar.TESTING_ENVIRONMENT] === "codeql-action-pr-checks") {
+    if ((0, util_1.isInTestMode)() || (0, util_1.getTestingEnvironment)() === "codeql-action-pr-checks") {
         return "./analyze";
     }
     else {

node_modules/@actions/artifact/node_modules/@octokit/types/LICENSE

@@ -0,0 +1,7 @@
+MIT License Copyright (c) 2019 Octokit contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

node_modules/@actions/artifact/node_modules/@octokit/types/README.md

@@ -0,0 +1,65 @@
+# types.ts
+
+> Shared TypeScript definitions for Octokit projects
+
+[![@latest](https://img.shields.io/npm/v/@octokit/types.svg)](https://www.npmjs.com/package/@octokit/types)
+[![Build Status](https://github.com/octokit/types.ts/workflows/Test/badge.svg)](https://github.com/octokit/types.ts/actions?workflow=Test)
+
+<!-- toc -->
+
+- [Usage](#usage)
+- [Examples](#examples)
+  - [Get parameter and response data types for a REST API endpoint](#get-parameter-and-response-data-types-for-a-rest-api-endpoint)
+  - [Get response types from endpoint methods](#get-response-types-from-endpoint-methods)
+- [Contributing](#contributing)
+- [License](#license)
+
+<!-- tocstop -->
+
+## Usage
+
+See all exported types at https://octokit.github.io/types.ts
+
+## Examples
+
+### Get parameter and response data types for a REST API endpoint
+
+```ts
+import { Endpoints } from "@octokit/types";
+
+type listUserReposParameters =
+  Endpoints["GET /repos/{owner}/{repo}"]["parameters"];
+type listUserReposResponse = Endpoints["GET /repos/{owner}/{repo}"]["response"];
+
+async function listRepos(
+  options: listUserReposParameters,
+): listUserReposResponse["data"] {
+  // ...
+}
+```
+
+### Get response types from endpoint methods
+
+```ts
+import {
+  GetResponseTypeFromEndpointMethod,
+  GetResponseDataTypeFromEndpointMethod,
+} from "@octokit/types";
+import { Octokit } from "@octokit/rest";
+
+const octokit = new Octokit();
+type CreateLabelResponseType = GetResponseTypeFromEndpointMethod<
+  typeof octokit.issues.createLabel
+>;
+type CreateLabelResponseDataType = GetResponseDataTypeFromEndpointMethod<
+  typeof octokit.issues.createLabel
+>;
+```
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md)
+
+## License
+
+[MIT](LICENSE)

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/AuthInterface.d.ts

@@ -0,0 +1,31 @@
+import type { EndpointOptions } from "./EndpointOptions.js";
+import type { OctokitResponse } from "./OctokitResponse.js";
+import type { RequestInterface } from "./RequestInterface.js";
+import type { RequestParameters } from "./RequestParameters.js";
+import type { Route } from "./Route.js";
+/**
+ * Interface to implement complex authentication strategies for Octokit.
+ * An object Implementing the AuthInterface can directly be passed as the
+ * `auth` option in the Octokit constructor.
+ *
+ * For the official implementations of the most common authentication
+ * strategies, see https://github.com/octokit/auth.js
+ */
+export interface AuthInterface<AuthOptions extends any[], Authentication extends any> {
+    (...args: AuthOptions): Promise<Authentication>;
+    hook: {
+        /**
+         * Sends a request using the passed `request` instance
+         *
+         * @param {object} endpoint Must set `method` and `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+         */
+        <T = any>(request: RequestInterface, options: EndpointOptions): Promise<OctokitResponse<T>>;
+        /**
+         * Sends a request using the passed `request` instance
+         *
+         * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
+         * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+         */
+        <T = any>(request: RequestInterface, route: Route, parameters?: RequestParameters): Promise<OctokitResponse<T>>;
+    };
+}

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/EndpointDefaults.d.ts

@@ -0,0 +1,21 @@
+import type { RequestHeaders } from "./RequestHeaders.js";
+import type { RequestMethod } from "./RequestMethod.js";
+import type { RequestParameters } from "./RequestParameters.js";
+import type { Url } from "./Url.js";
+/**
+ * The `.endpoint()` method is guaranteed to set all keys defined by RequestParameters
+ * as well as the method property.
+ */
+export type EndpointDefaults = RequestParameters & {
+    baseUrl: Url;
+    method: RequestMethod;
+    url?: Url;
+    headers: RequestHeaders & {
+        accept: string;
+        "user-agent": string;
+    };
+    mediaType: {
+        format: string;
+        previews?: string[];
+    };
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/EndpointInterface.d.ts

@@ -0,0 +1,65 @@
+import type { EndpointDefaults } from "./EndpointDefaults.js";
+import type { RequestOptions } from "./RequestOptions.js";
+import type { RequestParameters } from "./RequestParameters.js";
+import type { Route } from "./Route.js";
+import type { Endpoints } from "./generated/Endpoints.js";
+export interface EndpointInterface<D extends object = object> {
+    /**
+     * Transforms a GitHub REST API endpoint into generic request options
+     *
+     * @param {object} endpoint Must set `url` unless it's set defaults. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+     */
+    <O extends RequestParameters = RequestParameters>(options: O & {
+        method?: string;
+    } & ("url" extends keyof D ? {
+        url?: string;
+    } : {
+        url: string;
+    })): RequestOptions & Pick<D & O, keyof RequestOptions>;
+    /**
+     * Transforms a GitHub REST API endpoint into generic request options
+     *
+     * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
+     * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+     */
+    <R extends Route, P extends RequestParameters = R extends keyof Endpoints ? Endpoints[R]["parameters"] & RequestParameters : RequestParameters>(route: keyof Endpoints | R, parameters?: P): (R extends keyof Endpoints ? Endpoints[R]["request"] : RequestOptions) & Pick<P, keyof RequestOptions>;
+    /**
+     * Object with current default route and parameters
+     */
+    DEFAULTS: D & EndpointDefaults;
+    /**
+     * Returns a new `endpoint` interface with new defaults
+     */
+    defaults: <O extends RequestParameters = RequestParameters>(newDefaults: O) => EndpointInterface<D & O>;
+    merge: {
+        /**
+         * Merges current endpoint defaults with passed route and parameters,
+         * without transforming them into request options.
+         *
+         * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
+         * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+         *
+         */
+        <R extends Route, P extends RequestParameters = R extends keyof Endpoints ? Endpoints[R]["parameters"] & RequestParameters : RequestParameters>(route: keyof Endpoints | R, parameters?: P): D & (R extends keyof Endpoints ? Endpoints[R]["request"] & Endpoints[R]["parameters"] : EndpointDefaults) & P;
+        /**
+         * Merges current endpoint defaults with passed route and parameters,
+         * without transforming them into request options.
+         *
+         * @param {object} endpoint Must set `method` and `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+         */
+        <P extends RequestParameters = RequestParameters>(options: P): EndpointDefaults & D & P;
+        /**
+         * Returns current default options.
+         *
+         * @deprecated use endpoint.DEFAULTS instead
+         */
+        (): D & EndpointDefaults;
+    };
+    /**
+     * Stateless method to turn endpoint options into request options.
+     * Calling `endpoint(options)` is the same as calling `endpoint.parse(endpoint.merge(options))`.
+     *
+     * @param {object} options `method`, `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+     */
+    parse: <O extends EndpointDefaults = EndpointDefaults>(options: O) => RequestOptions & Pick<O, keyof RequestOptions>;
+}

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/EndpointOptions.d.ts

@@ -0,0 +1,7 @@
+import type { RequestMethod } from "./RequestMethod.js";
+import type { Url } from "./Url.js";
+import type { RequestParameters } from "./RequestParameters.js";
+export type EndpointOptions = RequestParameters & {
+    method: RequestMethod;
+    url: Url;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/Fetch.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Browser's fetch method (or compatible such as fetch-mock)
+ */
+export type Fetch = any;

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/GetResponseTypeFromEndpointMethod.d.ts

@@ -0,0 +1,5 @@
+type Unwrap<T> = T extends Promise<infer U> ? U : T;
+type AnyFunction = (...args: any[]) => any;
+export type GetResponseTypeFromEndpointMethod<T extends AnyFunction> = Unwrap<ReturnType<T>>;
+export type GetResponseDataTypeFromEndpointMethod<T extends AnyFunction> = Unwrap<ReturnType<T>>["data"];
+export {};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/OctokitResponse.d.ts

@@ -0,0 +1,17 @@
+import type { ResponseHeaders } from "./ResponseHeaders.js";
+import type { Url } from "./Url.js";
+export interface OctokitResponse<T, S extends number = number> {
+    headers: ResponseHeaders;
+    /**
+     * http response code
+     */
+    status: S;
+    /**
+     * URL of response after all redirects
+     */
+    url: Url;
+    /**
+     * Response data as documented in the REST API reference documentation at https://docs.github.com/rest/reference
+     */
+    data: T;
+}

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestError.d.ts

@@ -0,0 +1,11 @@
+export type RequestError = {
+    name: string;
+    status: number;
+    documentation_url: string;
+    errors?: Array<{
+        resource: string;
+        code: string;
+        field: string;
+        message?: string;
+    }>;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestHeaders.d.ts

@@ -0,0 +1,15 @@
+export type RequestHeaders = {
+    /**
+     * Avoid setting `headers.accept`, use `mediaType.{format|previews}` option instead.
+     */
+    accept?: string;
+    /**
+     * Use `authorization` to send authenticated request, remember `token ` / `bearer ` prefixes. Example: `token 1234567890abcdef1234567890abcdef12345678`
+     */
+    authorization?: string;
+    /**
+     * `user-agent` is set do a default and can be overwritten as needed.
+     */
+    "user-agent"?: string;
+    [header: string]: string | number | undefined;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestInterface.d.ts

@@ -0,0 +1,34 @@
+import type { EndpointInterface } from "./EndpointInterface.js";
+import type { OctokitResponse } from "./OctokitResponse.js";
+import type { RequestParameters } from "./RequestParameters.js";
+import type { Route } from "./Route.js";
+import type { Endpoints } from "./generated/Endpoints.js";
+export interface RequestInterface<D extends object = object> {
+    /**
+     * Sends a request based on endpoint options
+     *
+     * @param {object} endpoint Must set `method` and `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+     */
+    <T = any, O extends RequestParameters = RequestParameters>(options: O & {
+        method?: string;
+    } & ("url" extends keyof D ? {
+        url?: string;
+    } : {
+        url: string;
+    })): Promise<OctokitResponse<T>>;
+    /**
+     * Sends a request based on endpoint options
+     *
+     * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
+     * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+     */
+    <R extends Route>(route: keyof Endpoints | R, options?: R extends keyof Endpoints ? Endpoints[R]["parameters"] & RequestParameters : RequestParameters): R extends keyof Endpoints ? Promise<Endpoints[R]["response"]> : Promise<OctokitResponse<any>>;
+    /**
+     * Returns a new `request` with updated route and parameters
+     */
+    defaults: <O extends RequestParameters = RequestParameters>(newDefaults: O) => RequestInterface<D & O>;
+    /**
+     * Octokit endpoint API, see {@link https://github.com/octokit/endpoint.js|@octokit/endpoint}
+     */
+    endpoint: EndpointInterface<D>;
+}

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestMethod.d.ts

@@ -0,0 +1,4 @@
+/**
+ * HTTP Verb supported by GitHub's REST API
+ */
+export type RequestMethod = "DELETE" | "GET" | "HEAD" | "PATCH" | "POST" | "PUT";

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestOptions.d.ts

@@ -0,0 +1,14 @@
+import type { RequestHeaders } from "./RequestHeaders.js";
+import type { RequestMethod } from "./RequestMethod.js";
+import type { RequestRequestOptions } from "./RequestRequestOptions.js";
+import type { Url } from "./Url.js";
+/**
+ * Generic request options as they are returned by the `endpoint()` method
+ */
+export type RequestOptions = {
+    method: RequestMethod;
+    url: Url;
+    headers: RequestHeaders;
+    body?: any;
+    request?: RequestRequestOptions;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestParameters.d.ts

@@ -0,0 +1,55 @@
+import type { RequestRequestOptions } from "./RequestRequestOptions.js";
+import type { RequestHeaders } from "./RequestHeaders.js";
+import type { Url } from "./Url.js";
+/**
+ * Parameters that can be passed into `request(route, parameters)` or `endpoint(route, parameters)` methods
+ */
+export type RequestParameters = {
+    /**
+     * Base URL to be used when a relative URL is passed, such as `/orgs/{org}`.
+     * If `baseUrl` is `https://enterprise.acme-inc.com/api/v3`, then the request
+     * will be sent to `https://enterprise.acme-inc.com/api/v3/orgs/{org}`.
+     */
+    baseUrl?: Url;
+    /**
+     * HTTP headers. Use lowercase keys.
+     */
+    headers?: RequestHeaders;
+    /**
+     * Media type options, see {@link https://developer.github.com/v3/media/|GitHub Developer Guide}
+     */
+    mediaType?: {
+        /**
+         * `json` by default. Can be `raw`, `text`, `html`, `full`, `diff`, `patch`, `sha`, `base64`. Depending on endpoint
+         */
+        format?: string;
+        /**
+         * Custom media type names of {@link https://docs.github.com/en/graphql/overview/schema-previews|GraphQL API Previews} without the `-preview` suffix.
+         * Example for single preview: `['squirrel-girl']`.
+         * Example for multiple previews: `['squirrel-girl', 'mister-fantastic']`.
+         */
+        previews?: string[];
+    };
+    /**
+     * The name of the operation to execute.
+     * Required only if multiple operations are present in the query document.
+     */
+    operationName?: string;
+    /**
+     * The GraphQL query string to be sent in the request.
+     * This is required and must contain a valid GraphQL document.
+     */
+    query?: string;
+    /**
+     * Pass custom meta information for the request. The `request` object will be returned as is.
+     */
+    request?: RequestRequestOptions;
+    /**
+     * Any additional parameter will be passed as follows
+     * 1. URL parameter if `':parameter'` or `{parameter}` is part of `url`
+     * 2. Query parameter if `method` is `'GET'` or `'HEAD'`
+     * 3. Request body if `parameter` is `'data'`
+     * 4. JSON in the request body in the form of `body[parameter]` unless `parameter` key is `'data'`
+     */
+    [parameter: string]: unknown;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestRequestOptions.d.ts

@@ -0,0 +1,20 @@
+import type { Fetch } from "./Fetch.js";
+/**
+ * Octokit-specific request options which are ignored for the actual request, but can be used by Octokit or plugins to manipulate how the request is sent or how a response is handled
+ */
+export type RequestRequestOptions = {
+    /**
+     * Custom replacement for built-in fetch method. Useful for testing or request hooks.
+     */
+    fetch?: Fetch;
+    /**
+     * Use an `AbortController` instance to cancel a request. In node you can only cancel streamed requests.
+     */
+    signal?: AbortSignal;
+    /**
+     * If set to `false`, the response body will not be parsed and will be returned as a stream.
+     */
+    parseSuccessResponseBody?: boolean;
+    redirect?: "follow" | "error" | "manual";
+    [option: string]: any;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/ResponseHeaders.d.ts

@@ -0,0 +1,21 @@
+export type ResponseHeaders = {
+    "cache-control"?: string;
+    "content-length"?: number;
+    "content-type"?: string;
+    date?: string;
+    etag?: string;
+    "last-modified"?: string;
+    link?: string;
+    location?: string;
+    server?: string;
+    status?: string;
+    vary?: string;
+    "x-accepted-github-permissions"?: string;
+    "x-github-mediatype"?: string;
+    "x-github-request-id"?: string;
+    "x-oauth-scopes"?: string;
+    "x-ratelimit-limit"?: string;
+    "x-ratelimit-remaining"?: string;
+    "x-ratelimit-reset"?: string;
+    [header: string]: string | number | undefined;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/Route.d.ts

@@ -0,0 +1,4 @@
+/**
+ * String consisting of an optional HTTP method and relative path or absolute URL. Examples: `'/orgs/{org}'`, `'PUT /orgs/{org}'`, `GET https://example.com/foo/bar`
+ */
+export type Route = string;

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/StrategyInterface.d.ts

@@ -0,0 +1,4 @@
+import type { AuthInterface } from "./AuthInterface.js";
+export interface StrategyInterface<StrategyOptions extends any[], AuthOptions extends any[], Authentication extends object> {
+    (...args: StrategyOptions): AuthInterface<AuthOptions, Authentication>;
+}

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/Url.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Relative or absolute URL. Examples: `'/orgs/{org}'`, `https://example.com/foo/bar`
+ */
+export type Url = string;

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/VERSION.d.ts

@@ -0,0 +1 @@
+export declare const VERSION = "13.10.0";

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/index.d.ts

@@ -0,0 +1,20 @@
+export * from "./AuthInterface.js";
+export * from "./EndpointDefaults.js";
+export * from "./EndpointInterface.js";
+export * from "./EndpointOptions.js";
+export * from "./Fetch.js";
+export * from "./OctokitResponse.js";
+export * from "./RequestError.js";
+export * from "./RequestHeaders.js";
+export * from "./RequestInterface.js";
+export * from "./RequestMethod.js";
+export * from "./RequestOptions.js";
+export * from "./RequestParameters.js";
+export * from "./RequestRequestOptions.js";
+export * from "./ResponseHeaders.js";
+export * from "./Route.js";
+export * from "./StrategyInterface.js";
+export * from "./Url.js";
+export * from "./VERSION.js";
+export * from "./GetResponseTypeFromEndpointMethod.js";
+export * from "./generated/Endpoints.js";

node_modules/@actions/artifact/node_modules/@octokit/types/node_modules/@octokit/openapi-types/LICENSE

@@ -0,0 +1,7 @@
+Copyright 2020 Gregor Martynus
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

node_modules/@actions/artifact/node_modules/@octokit/types/node_modules/@octokit/openapi-types/README.md

@@ -0,0 +1,17 @@
+# @octokit/openapi-types
+
+> Generated TypeScript definitions based on GitHub's OpenAPI spec
+
+This package is continuously updated based on [GitHub's OpenAPI specification](https://github.com/github/rest-api-description/)
+
+## Usage
+
+```ts
+import { components } from "@octokit/openapi-types";
+
+type Repository = components["schemas"]["full-repository"];
+```
+
+## License
+
+[MIT](LICENSE)

node_modules/@actions/artifact/node_modules/@octokit/types/node_modules/@octokit/openapi-types/package.json

@@ -0,0 +1,21 @@
+{
+  "name": "@octokit/openapi-types",
+  "description": "Generated TypeScript definitions based on GitHub's OpenAPI spec for api.github.com",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/octokit/openapi-types.ts.git",
+    "directory": "packages/openapi-types"
+  },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "version": "24.2.0",
+  "main": "",
+  "types": "types.d.ts",
+  "author": "Gregor Martynus (https://twitter.com/gr2m)",
+  "license": "MIT",
+  "octokit": {
+    "openapi-version": "18.2.0"
+  }
+}

node_modules/@actions/artifact/node_modules/@octokit/types/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "@octokit/types",
+  "version": "13.10.0",
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "description": "Shared TypeScript definitions for Octokit projects",
+  "dependencies": {
+    "@octokit/openapi-types": "^24.2.0"
+  },
+  "repository": "github:octokit/types.ts",
+  "keywords": [
+    "github",
+    "api",
+    "sdk",
+    "toolkit",
+    "typescript"
+  ],
+  "author": "Gregor Martynus (https://twitter.com/gr2m)",
+  "license": "MIT",
+  "devDependencies": {
+    "@octokit/tsconfig": "^4.0.0",
+    "github-openapi-graphql-query": "^4.5.0",
+    "handlebars": "^4.7.6",
+    "npm-run-all2": "^7.0.0",
+    "prettier": "^3.0.0",
+    "semantic-release": "^24.0.0",
+    "semantic-release-plugin-update-version-in-files": "^2.0.0",
+    "sort-keys": "^5.0.0",
+    "typedoc": "^0.26.0",
+    "typescript": "^5.0.0"
+  },
+  "octokit": {
+    "openapi-version": "18.2.0"
+  },
+  "files": [
+    "dist-types/**"
+  ],
+  "types": "dist-types/index.d.ts",
+  "sideEffects": false
+}

node_modules/@asamuzakjp/css-color/dist/cjs/index.cjs

@@ -4688,9 +4688,12 @@ var sortCalcValues = (values = [], finalize = false) => {
         operator = "";
       }
     }
-    resolvedValue = finalizedValues.join(" ");
+    resolvedValue = finalizedValues.join(" ").replace(/\+\s-/g, "- ");
   } else {
-    resolvedValue = sortedValues.join(" ");
+    resolvedValue = sortedValues.join(" ").replace(/\+\s-/g, "- ");
+  }
+  if (resolvedValue.startsWith("(") && resolvedValue.endsWith(")") && resolvedValue.lastIndexOf("(") === 0 && resolvedValue.indexOf(")") === resolvedValue.length - 1) {
+    resolvedValue = resolvedValue.replace(/^\(/, "").replace(/\)$/, "");
   }
   return `${start}${resolvedValue}${end}`;
 };
@@ -4889,6 +4892,9 @@ var cssCalc = (value, opt = {}) => {
       resolvedValue = `calc(${resolvedValue})`;
     }
   }
+  if (format === VAL_SPEC && /\s[-+*/]\s/.test(resolvedValue) && !resolvedValue.includes("NaN")) {
+    resolvedValue = serializeCalc(resolvedValue, opt);
+  }
   setCache(cacheKey, resolvedValue);
   return resolvedValue;
 };

node_modules/@asamuzakjp/css-color/dist/esm/js/css-calc.js

@@ -633,9 +633,12 @@ const sortCalcValues = (values = [], finalize = false) => {
         operator = "";
       }
     }
-    resolvedValue = finalizedValues.join(" ");
+    resolvedValue = finalizedValues.join(" ").replace(/\+\s-/g, "- ");
   } else {
-    resolvedValue = sortedValues.join(" ");
+    resolvedValue = sortedValues.join(" ").replace(/\+\s-/g, "- ");
+  }
+  if (resolvedValue.startsWith("(") && resolvedValue.endsWith(")") && resolvedValue.lastIndexOf("(") === 0 && resolvedValue.indexOf(")") === resolvedValue.length - 1) {
+    resolvedValue = resolvedValue.replace(/^\(/, "").replace(/\)$/, "");
   }
   return `${start}${resolvedValue}${end}`;
 };
@@ -834,6 +837,9 @@ const cssCalc = (value, opt = {}) => {
       resolvedValue = `calc(${resolvedValue})`;
     }
   }
+  if (format === VAL_SPEC && /\s[-+*/]\s/.test(resolvedValue) && !resolvedValue.includes("NaN")) {
+    resolvedValue = serializeCalc(resolvedValue, opt);
+  }
   setCache(cacheKey, resolvedValue);
   return resolvedValue;
 };

node_modules/@asamuzakjp/css-color/package.json

@@ -32,31 +32,30 @@
     },
     "./package.json": "./package.json"
   },
-  "packageManager": "pnpm@10.6.1",
+  "packageManager": "pnpm@10.6.3",
   "dependencies": {
-    "@csstools/css-calc": "^2.1.2",
-    "@csstools/css-color-parser": "^3.0.8",
+    "@csstools/css-calc": "^2.1.3",
+    "@csstools/css-color-parser": "^3.0.9",
     "@csstools/css-parser-algorithms": "^3.0.4",
     "@csstools/css-tokenizer": "^3.0.3",
     "lru-cache": "^10.4.3"
   },
   "devDependencies": {
-    "@tanstack/vite-config": "^0.1.0",
-    "@vitest/coverage-istanbul": "^3.0.8",
-    "esbuild": "^0.25.0",
-    "eslint": "^9.22.0",
-    "eslint-plugin-import-x": "^4.6.1",
+    "@tanstack/vite-config": "^0.2.0",
+    "@vitest/coverage-istanbul": "^3.1.1",
+    "esbuild": "^0.25.2",
+    "eslint": "^9.25.0",
     "eslint-plugin-regexp": "^2.7.0",
     "globals": "^16.0.0",
-    "knip": "^5.45.0",
+    "knip": "^5.50.5",
     "neostandard": "^0.12.1",
     "prettier": "^3.5.3",
-    "publint": "^0.3.8",
+    "publint": "^0.3.12",
     "rimraf": "^6.0.1",
     "tsup": "^8.4.0",
-    "typescript": "^5.8.2",
-    "vite": "^6.2.1",
-    "vitest": "^3.0.8"
+    "typescript": "^5.8.3",
+    "vite": "^6.3.2",
+    "vitest": "^3.1.1"
   },
   "scripts": {
     "build": "pnpm run clean && pnpm run test && pnpm run knip && pnpm run build:prod && pnpm run build:cjs && pnpm run build:browser && pnpm run publint",
@@ -72,5 +71,5 @@
     "test:types": "tsc",
     "test:unit": "vitest"
   },
-  "version": "3.1.1"
+  "version": "3.1.3"
 }

node_modules/@asamuzakjp/css-color/src/js/css-calc.ts

@@ -694,9 +694,17 @@ export const sortCalcValues = (
         operator = '';
       }
     }
-    resolvedValue = finalizedValues.join(' ');
+    resolvedValue = finalizedValues.join(' ').replace(/\+\s-/g, '- ');
   } else {
-    resolvedValue = sortedValues.join(' ');
+    resolvedValue = sortedValues.join(' ').replace(/\+\s-/g, '- ');
+  }
+  if (
+    resolvedValue.startsWith('(') &&
+    resolvedValue.endsWith(')') &&
+    resolvedValue.lastIndexOf('(') === 0 &&
+    resolvedValue.indexOf(')') === resolvedValue.length - 1
+  ) {
+    resolvedValue = resolvedValue.replace(/^\(/, '').replace(/\)$/, '');
   }
   return `${start}${resolvedValue}${end}`;
 };
@@ -943,6 +951,13 @@ export const cssCalc = (value: string, opt: Options = {}): string => {
       resolvedValue = `calc(${resolvedValue})`;
     }
   }
+  if (
+    format === VAL_SPEC &&
+    /\s[-+*/]\s/.test(resolvedValue) &&
+    !resolvedValue.includes('NaN')
+  ) {
+    resolvedValue = serializeCalc(resolvedValue, opt);
+  }
   setCache(cacheKey, resolvedValue);
   return resolvedValue;
 };

node_modules/@csstools/css-calc/CHANGELOG.md

@@ -1,9 +1,10 @@
 # Changes to CSS Calc
 
-### 2.1.2
+### 2.1.3
 
-_February 23, 2025_
+_April 19, 2025_
 
-- Update `random()` to correctly handle extremely large ranges or extremely tiny steps.
+- Update `random()` to better handle floating point errors.
+- Update `random()` to match the latest [specification](https://drafts.csswg.org/css-values-5/#randomness)
 
 [Full CHANGELOG](https://github.com/csstools/postcss-plugins/tree/main/packages/css-calc/CHANGELOG.md)

node_modules/@csstools/css-calc/README.md

@@ -1,7 +1,7 @@
 # CSS Calc <img src="https://cssdb.org/images/css.svg" alt="for CSS" width="90" height="90" align="right">
 
 [<img alt="npm version" src="https://img.shields.io/npm/v/@csstools/css-calc.svg" height="20">][npm-url]
-[<img alt="Build Status" src="https://github.com/csstools/postcss-plugins/workflows/test/badge.svg" height="20">][cli-url]
+[<img alt="Build Status" src="https://github.com/csstools/postcss-plugins/actions/workflows/test.yml/badge.svg?branch=main" height="20">][cli-url]
 [<img alt="Discord" src="https://shields.io/badge/Discord-5865F2?logo=discord&logoColor=white">][discord]
 
 Implemented from : https://drafts.csswg.org/css-values-4/ on 2023-02-17

node_modules/@csstools/css-calc/dist/index.d.ts

@@ -40,9 +40,28 @@ export declare type conversionOptions = {
      */
     rawPercentages?: boolean;
     /**
-     * Seed the pseudo random number generator used in `random()`
+     * The values used to generate random value cache keys.
      */
-    randomSeed?: number;
+    randomCaching?: {
+        /**
+         * The name of the property the random function is used in.
+         */
+        propertyName: string;
+        /**
+         * N is the index of the random function among other random functions in the same property value.
+         */
+        propertyN: number;
+        /**
+         * An element ID identifying the element the style is being applied to.
+         * When omitted any `random()` call will not be computed.
+         */
+        elementID: string;
+        /**
+         * A document ID identifying the Document the styles are from.
+         * When omitted any `random()` call will not be computed.
+         */
+        documentID: string;
+    };
 };
 
 export declare type GlobalsWithStrings = Map<string, TokenDimension | TokenNumber | TokenPercentage | string>;

node_modules/@csstools/css-calc/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@csstools/css-calc",
   "description": "Solve CSS math expressions",
-  "version": "2.1.2",
+  "version": "2.1.3",
   "contributors": [
     {
       "name": "Antonio Laguna",

node_modules/@csstools/css-color-parser/CHANGELOG.md

@@ -1,11 +1,10 @@
 # Changes to CSS Color Parser
 
-### 3.0.8
+### 3.0.9
 
-_February 23, 2025_
+_April 19, 2025_
 
-- Use `Number.isNaN` instead of `NaN` for consistency.
-- Updated [`@csstools/color-helpers`](https://github.com/csstools/postcss-plugins/tree/main/packages/color-helpers) to [`5.0.2`](https://github.com/csstools/postcss-plugins/tree/main/packages/color-helpers/CHANGELOG.md#502) (patch)
-- Updated [`@csstools/css-calc`](https://github.com/csstools/postcss-plugins/tree/main/packages/css-calc) to [`2.1.2`](https://github.com/csstools/postcss-plugins/tree/main/packages/css-calc/CHANGELOG.md#212) (patch)
+- Drop the `max` keyword for `contrast-color( <color> )`
+- Updated [`@csstools/css-calc`](https://github.com/csstools/postcss-plugins/tree/main/packages/css-calc) to [`2.1.3`](https://github.com/csstools/postcss-plugins/tree/main/packages/css-calc/CHANGELOG.md#213) (patch)
 
 [Full CHANGELOG](https://github.com/csstools/postcss-plugins/tree/main/packages/css-color-parser/CHANGELOG.md)

node_modules/@csstools/css-color-parser/README.md

@@ -1,7 +1,7 @@
 # CSS Color Parser <img src="https://cssdb.org/images/css.svg" alt="for CSS" width="90" height="90" align="right">
 
 [<img alt="npm version" src="https://img.shields.io/npm/v/@csstools/css-color-parser.svg" height="20">][npm-url]
-[<img alt="Build Status" src="https://github.com/csstools/postcss-plugins/workflows/test/badge.svg" height="20">][cli-url]
+[<img alt="Build Status" src="https://github.com/csstools/postcss-plugins/actions/workflows/test.yml/badge.svg?branch=main" height="20">][cli-url]
 [<img alt="Discord" src="https://shields.io/badge/Discord-5865F2?logo=discord&logoColor=white">][discord]
 
 ## Usage

node_modules/@csstools/css-color-parser/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@csstools/css-color-parser",
   "description": "Parse CSS color values",
-  "version": "3.0.8",
+  "version": "3.0.9",
   "contributors": [
     {
       "name": "Antonio Laguna",
@@ -49,7 +49,7 @@
   ],
   "dependencies": {
     "@csstools/color-helpers": "^5.0.2",
-    "@csstools/css-calc": "^2.1.2"
+    "@csstools/css-calc": "^2.1.3"
   },
   "peerDependencies": {
     "@csstools/css-parser-algorithms": "^3.0.4",

node_modules/@eslint-community/eslint-utils/README.md

@@ -30,8 +30,8 @@ Please use GitHub's Issues/PRs.
 
 ### Development Tools
 
--   `npm test` runs tests and measures coverage.
--   `npm run clean` removes the coverage result of `npm test` command.
--   `npm run coverage` shows the coverage result of the last `npm test` command.
+-   `npm run test-coverage` runs tests and measures coverage.
+-   `npm run clean` removes the coverage result of `npm run test-coverage` command.
+-   `npm run coverage` shows the coverage result of the last `npm run test-coverage` command.
 -   `npm run lint` runs ESLint.
 -   `npm run watch` runs tests on each file change.

node_modules/@eslint-community/eslint-utils/index.d.mts

@@ -0,0 +1,217 @@
+import * as eslint from 'eslint';
+import { Rule, AST } from 'eslint';
+import * as estree from 'estree';
+
+declare const READ: unique symbol;
+declare const CALL: unique symbol;
+declare const CONSTRUCT: unique symbol;
+declare const ESM: unique symbol;
+declare class ReferenceTracker {
+    constructor(globalScope: Scope$2, options?: {
+        mode?: "legacy" | "strict" | undefined;
+        globalObjectNames?: string[] | undefined;
+    } | undefined);
+    private variableStack;
+    private globalScope;
+    private mode;
+    private globalObjectNames;
+    iterateGlobalReferences<T>(traceMap: TraceMap$2<T>): IterableIterator<TrackedReferences$2<T>>;
+    iterateCjsReferences<T_1>(traceMap: TraceMap$2<T_1>): IterableIterator<TrackedReferences$2<T_1>>;
+    iterateEsmReferences<T_2>(traceMap: TraceMap$2<T_2>): IterableIterator<TrackedReferences$2<T_2>>;
+    iteratePropertyReferences<T_3>(node: Expression, traceMap: TraceMap$2<T_3>): IterableIterator<TrackedReferences$2<T_3>>;
+    private _iterateVariableReferences;
+    private _iteratePropertyReferences;
+    private _iterateLhsReferences;
+    private _iterateImportReferences;
+}
+declare namespace ReferenceTracker {
+    export { READ };
+    export { CALL };
+    export { CONSTRUCT };
+    export { ESM };
+}
+type Scope$2 = eslint.Scope.Scope;
+type Expression = estree.Expression;
+type TraceMap$2<T> = TraceMap$1<T>;
+type TrackedReferences$2<T> = TrackedReferences$1<T>;
+
+type StaticValue$2 = StaticValueProvided$1 | StaticValueOptional$1;
+type StaticValueProvided$1 = {
+    optional?: undefined;
+    value: unknown;
+};
+type StaticValueOptional$1 = {
+    optional?: true;
+    value: undefined;
+};
+type ReferenceTrackerOptions$1 = {
+    globalObjectNames?: string[];
+    mode?: "legacy" | "strict";
+};
+type TraceMap$1<T = unknown> = {
+    [i: string]: TraceMapObject<T>;
+};
+type TraceMapObject<T> = {
+    [i: string]: TraceMapObject<T>;
+    [CALL]?: T;
+    [CONSTRUCT]?: T;
+    [READ]?: T;
+    [ESM]?: boolean;
+};
+type TrackedReferences$1<T> = {
+    info: T;
+    node: Rule.Node;
+    path: string[];
+    type: typeof CALL | typeof CONSTRUCT | typeof READ;
+};
+type HasSideEffectOptions$1 = {
+    considerGetters?: boolean;
+    considerImplicitTypeConversion?: boolean;
+};
+type PunctuatorToken<Value extends string> = AST.Token & {
+    type: "Punctuator";
+    value: Value;
+};
+type ArrowToken$1 = PunctuatorToken<"=>">;
+type CommaToken$1 = PunctuatorToken<",">;
+type SemicolonToken$1 = PunctuatorToken<";">;
+type ColonToken$1 = PunctuatorToken<":">;
+type OpeningParenToken$1 = PunctuatorToken<"(">;
+type ClosingParenToken$1 = PunctuatorToken<")">;
+type OpeningBracketToken$1 = PunctuatorToken<"[">;
+type ClosingBracketToken$1 = PunctuatorToken<"]">;
+type OpeningBraceToken$1 = PunctuatorToken<"{">;
+type ClosingBraceToken$1 = PunctuatorToken<"}">;
+
+declare function findVariable(initialScope: Scope$1, nameOrNode: string | Identifier): Variable | null;
+type Scope$1 = eslint.Scope.Scope;
+type Variable = eslint.Scope.Variable;
+type Identifier = estree.Identifier;
+
+declare function getFunctionHeadLocation(node: FunctionNode$1, sourceCode: SourceCode$2): SourceLocation | null;
+type SourceCode$2 = eslint.SourceCode;
+type FunctionNode$1 = estree.Function;
+type SourceLocation = estree.SourceLocation;
+
+declare function getFunctionNameWithKind(node: FunctionNode, sourceCode?: eslint.SourceCode | undefined): string;
+type FunctionNode = estree.Function;
+
+declare function getInnermostScope(initialScope: Scope, node: Node$4): Scope;
+type Scope = eslint.Scope.Scope;
+type Node$4 = estree.Node;
+
+declare function getPropertyName(node: MemberExpression | MethodDefinition | Property | PropertyDefinition, initialScope?: eslint.Scope.Scope | undefined): string | null | undefined;
+type MemberExpression = estree.MemberExpression;
+type MethodDefinition = estree.MethodDefinition;
+type Property = estree.Property;
+type PropertyDefinition = estree.PropertyDefinition;
+
+declare function getStaticValue(node: Node$3, initialScope?: eslint.Scope.Scope | null | undefined): StaticValue$1 | null;
+type StaticValue$1 = StaticValue$2;
+type Node$3 = estree.Node;
+
+declare function getStringIfConstant(node: Node$2, initialScope?: eslint.Scope.Scope | null | undefined): string | null;
+type Node$2 = estree.Node;
+
+declare function hasSideEffect(node: Node$1, sourceCode: SourceCode$1, options?: HasSideEffectOptions$1 | undefined): boolean;
+type Node$1 = estree.Node;
+type SourceCode$1 = eslint.SourceCode;
+
+declare function isArrowToken(token: CommentOrToken): token is ArrowToken$1;
+declare function isCommaToken(token: CommentOrToken): token is CommaToken$1;
+declare function isSemicolonToken(token: CommentOrToken): token is SemicolonToken$1;
+declare function isColonToken(token: CommentOrToken): token is ColonToken$1;
+declare function isOpeningParenToken(token: CommentOrToken): token is OpeningParenToken$1;
+declare function isClosingParenToken(token: CommentOrToken): token is ClosingParenToken$1;
+declare function isOpeningBracketToken(token: CommentOrToken): token is OpeningBracketToken$1;
+declare function isClosingBracketToken(token: CommentOrToken): token is ClosingBracketToken$1;
+declare function isOpeningBraceToken(token: CommentOrToken): token is OpeningBraceToken$1;
+declare function isClosingBraceToken(token: CommentOrToken): token is ClosingBraceToken$1;
+declare function isCommentToken(token: CommentOrToken): token is estree.Comment;
+declare function isNotArrowToken(arg0: CommentOrToken): boolean;
+declare function isNotCommaToken(arg0: CommentOrToken): boolean;
+declare function isNotSemicolonToken(arg0: CommentOrToken): boolean;
+declare function isNotColonToken(arg0: CommentOrToken): boolean;
+declare function isNotOpeningParenToken(arg0: CommentOrToken): boolean;
+declare function isNotClosingParenToken(arg0: CommentOrToken): boolean;
+declare function isNotOpeningBracketToken(arg0: CommentOrToken): boolean;
+declare function isNotClosingBracketToken(arg0: CommentOrToken): boolean;
+declare function isNotOpeningBraceToken(arg0: CommentOrToken): boolean;
+declare function isNotClosingBraceToken(arg0: CommentOrToken): boolean;
+declare function isNotCommentToken(arg0: CommentOrToken): boolean;
+type Token = eslint.AST.Token;
+type Comment = estree.Comment;
+type CommentOrToken = Comment | Token;
+
+declare function isParenthesized(timesOrNode: Node | number, nodeOrSourceCode: Node | SourceCode, optionalSourceCode?: eslint.SourceCode | undefined): boolean;
+type Node = estree.Node;
+type SourceCode = eslint.SourceCode;
+
+declare class PatternMatcher {
+    constructor(pattern: RegExp, options?: {
+        escaped?: boolean | undefined;
+    } | undefined);
+    execAll(str: string): IterableIterator<RegExpExecArray>;
+    test(str: string): boolean;
+    [Symbol.replace](str: string, replacer: string | ((...strs: string[]) => string)): string;
+}
+
+declare namespace _default {
+    export { CALL };
+    export { CONSTRUCT };
+    export { ESM };
+    export { findVariable };
+    export { getFunctionHeadLocation };
+    export { getFunctionNameWithKind };
+    export { getInnermostScope };
+    export { getPropertyName };
+    export { getStaticValue };
+    export { getStringIfConstant };
+    export { hasSideEffect };
+    export { isArrowToken };
+    export { isClosingBraceToken };
+    export { isClosingBracketToken };
+    export { isClosingParenToken };
+    export { isColonToken };
+    export { isCommaToken };
+    export { isCommentToken };
+    export { isNotArrowToken };
+    export { isNotClosingBraceToken };
+    export { isNotClosingBracketToken };
+    export { isNotClosingParenToken };
+    export { isNotColonToken };
+    export { isNotCommaToken };
+    export { isNotCommentToken };
+    export { isNotOpeningBraceToken };
+    export { isNotOpeningBracketToken };
+    export { isNotOpeningParenToken };
+    export { isNotSemicolonToken };
+    export { isOpeningBraceToken };
+    export { isOpeningBracketToken };
+    export { isOpeningParenToken };
+    export { isParenthesized };
+    export { isSemicolonToken };
+    export { PatternMatcher };
+    export { READ };
+    export { ReferenceTracker };
+}
+
+type StaticValue = StaticValue$2;
+type StaticValueOptional = StaticValueOptional$1;
+type StaticValueProvided = StaticValueProvided$1;
+type ReferenceTrackerOptions = ReferenceTrackerOptions$1;
+type TraceMap<T> = TraceMap$1<T>;
+type TrackedReferences<T> = TrackedReferences$1<T>;
+type HasSideEffectOptions = HasSideEffectOptions$1;
+type ArrowToken = ArrowToken$1;
+type CommaToken = CommaToken$1;
+type SemicolonToken = SemicolonToken$1;
+type ColonToken = ColonToken$1;
+type OpeningParenToken = OpeningParenToken$1;
+type ClosingParenToken = ClosingParenToken$1;
+type OpeningBracketToken = OpeningBracketToken$1;
+type ClosingBracketToken = ClosingBracketToken$1;
+type OpeningBraceToken = OpeningBraceToken$1;
+type ClosingBraceToken = ClosingBraceToken$1;
+
+export { ArrowToken, CALL, CONSTRUCT, ClosingBraceToken, ClosingBracketToken, ClosingParenToken, ColonToken, CommaToken, ESM, HasSideEffectOptions, OpeningBraceToken, OpeningBracketToken, OpeningParenToken, PatternMatcher, READ, ReferenceTracker, ReferenceTrackerOptions, SemicolonToken, StaticValue, StaticValueOptional, StaticValueProvided, TraceMap, TrackedReferences, _default as default, findVariable, getFunctionHeadLocation, getFunctionNameWithKind, getInnermostScope, getPropertyName, getStaticValue, getStringIfConstant, hasSideEffect, isArrowToken, isClosingBraceToken, isClosingBracketToken, isClosingParenToken, isColonToken, isCommaToken, isCommentToken, isNotArrowToken, isNotClosingBraceToken, isNotClosingBracketToken, isNotClosingParenToken, isNotColonToken, isNotCommaToken, isNotCommentToken, isNotOpeningBraceToken, isNotOpeningBracketToken, isNotOpeningParenToken, isNotSemicolonToken, isOpeningBraceToken, isOpeningBracketToken, isOpeningParenToken, isParenthesized, isSemicolonToken };

node_modules/@eslint-community/eslint-utils/index.d.ts

@@ -0,0 +1,217 @@
+import * as eslint from 'eslint';
+import { Rule, AST } from 'eslint';
+import * as estree from 'estree';
+
+declare const READ: unique symbol;
+declare const CALL: unique symbol;
+declare const CONSTRUCT: unique symbol;
+declare const ESM: unique symbol;
+declare class ReferenceTracker {
+    constructor(globalScope: Scope$2, options?: {
+        mode?: "legacy" | "strict" | undefined;
+        globalObjectNames?: string[] | undefined;
+    } | undefined);
+    private variableStack;
+    private globalScope;
+    private mode;
+    private globalObjectNames;
+    iterateGlobalReferences<T>(traceMap: TraceMap$2<T>): IterableIterator<TrackedReferences$2<T>>;
+    iterateCjsReferences<T_1>(traceMap: TraceMap$2<T_1>): IterableIterator<TrackedReferences$2<T_1>>;
+    iterateEsmReferences<T_2>(traceMap: TraceMap$2<T_2>): IterableIterator<TrackedReferences$2<T_2>>;
+    iteratePropertyReferences<T_3>(node: Expression, traceMap: TraceMap$2<T_3>): IterableIterator<TrackedReferences$2<T_3>>;
+    private _iterateVariableReferences;
+    private _iteratePropertyReferences;
+    private _iterateLhsReferences;
+    private _iterateImportReferences;
+}
+declare namespace ReferenceTracker {
+    export { READ };
+    export { CALL };
+    export { CONSTRUCT };
+    export { ESM };
+}
+type Scope$2 = eslint.Scope.Scope;
+type Expression = estree.Expression;
+type TraceMap$2<T> = TraceMap$1<T>;
+type TrackedReferences$2<T> = TrackedReferences$1<T>;
+
+type StaticValue$2 = StaticValueProvided$1 | StaticValueOptional$1;
+type StaticValueProvided$1 = {
+    optional?: undefined;
+    value: unknown;
+};
+type StaticValueOptional$1 = {
+    optional?: true;
+    value: undefined;
+};
+type ReferenceTrackerOptions$1 = {
+    globalObjectNames?: string[];
+    mode?: "legacy" | "strict";
+};
+type TraceMap$1<T = unknown> = {
+    [i: string]: TraceMapObject<T>;
+};
+type TraceMapObject<T> = {
+    [i: string]: TraceMapObject<T>;
+    [CALL]?: T;
+    [CONSTRUCT]?: T;
+    [READ]?: T;
+    [ESM]?: boolean;
+};
+type TrackedReferences$1<T> = {
+    info: T;
+    node: Rule.Node;
+    path: string[];
+    type: typeof CALL | typeof CONSTRUCT | typeof READ;
+};
+type HasSideEffectOptions$1 = {
+    considerGetters?: boolean;
+    considerImplicitTypeConversion?: boolean;
+};
+type PunctuatorToken<Value extends string> = AST.Token & {
+    type: "Punctuator";
+    value: Value;
+};
+type ArrowToken$1 = PunctuatorToken<"=>">;
+type CommaToken$1 = PunctuatorToken<",">;
+type SemicolonToken$1 = PunctuatorToken<";">;
+type ColonToken$1 = PunctuatorToken<":">;
+type OpeningParenToken$1 = PunctuatorToken<"(">;
+type ClosingParenToken$1 = PunctuatorToken<")">;
+type OpeningBracketToken$1 = PunctuatorToken<"[">;
+type ClosingBracketToken$1 = PunctuatorToken<"]">;
+type OpeningBraceToken$1 = PunctuatorToken<"{">;
+type ClosingBraceToken$1 = PunctuatorToken<"}">;
+
+declare function findVariable(initialScope: Scope$1, nameOrNode: string | Identifier): Variable | null;
+type Scope$1 = eslint.Scope.Scope;
+type Variable = eslint.Scope.Variable;
+type Identifier = estree.Identifier;
+
+declare function getFunctionHeadLocation(node: FunctionNode$1, sourceCode: SourceCode$2): SourceLocation | null;
+type SourceCode$2 = eslint.SourceCode;
+type FunctionNode$1 = estree.Function;
+type SourceLocation = estree.SourceLocation;
+
+declare function getFunctionNameWithKind(node: FunctionNode, sourceCode?: eslint.SourceCode | undefined): string;
+type FunctionNode = estree.Function;
+
+declare function getInnermostScope(initialScope: Scope, node: Node$4): Scope;
+type Scope = eslint.Scope.Scope;
+type Node$4 = estree.Node;
+
+declare function getPropertyName(node: MemberExpression | MethodDefinition | Property | PropertyDefinition, initialScope?: eslint.Scope.Scope | undefined): string | null | undefined;
+type MemberExpression = estree.MemberExpression;
+type MethodDefinition = estree.MethodDefinition;
+type Property = estree.Property;
+type PropertyDefinition = estree.PropertyDefinition;
+
+declare function getStaticValue(node: Node$3, initialScope?: eslint.Scope.Scope | null | undefined): StaticValue$1 | null;
+type StaticValue$1 = StaticValue$2;
+type Node$3 = estree.Node;
+
+declare function getStringIfConstant(node: Node$2, initialScope?: eslint.Scope.Scope | null | undefined): string | null;
+type Node$2 = estree.Node;
+
+declare function hasSideEffect(node: Node$1, sourceCode: SourceCode$1, options?: HasSideEffectOptions$1 | undefined): boolean;
+type Node$1 = estree.Node;
+type SourceCode$1 = eslint.SourceCode;
+
+declare function isArrowToken(token: CommentOrToken): token is ArrowToken$1;
+declare function isCommaToken(token: CommentOrToken): token is CommaToken$1;
+declare function isSemicolonToken(token: CommentOrToken): token is SemicolonToken$1;
+declare function isColonToken(token: CommentOrToken): token is ColonToken$1;
+declare function isOpeningParenToken(token: CommentOrToken): token is OpeningParenToken$1;
+declare function isClosingParenToken(token: CommentOrToken): token is ClosingParenToken$1;
+declare function isOpeningBracketToken(token: CommentOrToken): token is OpeningBracketToken$1;
+declare function isClosingBracketToken(token: CommentOrToken): token is ClosingBracketToken$1;
+declare function isOpeningBraceToken(token: CommentOrToken): token is OpeningBraceToken$1;
+declare function isClosingBraceToken(token: CommentOrToken): token is ClosingBraceToken$1;
+declare function isCommentToken(token: CommentOrToken): token is estree.Comment;
+declare function isNotArrowToken(arg0: CommentOrToken): boolean;
+declare function isNotCommaToken(arg0: CommentOrToken): boolean;
+declare function isNotSemicolonToken(arg0: CommentOrToken): boolean;
+declare function isNotColonToken(arg0: CommentOrToken): boolean;
+declare function isNotOpeningParenToken(arg0: CommentOrToken): boolean;
+declare function isNotClosingParenToken(arg0: CommentOrToken): boolean;
+declare function isNotOpeningBracketToken(arg0: CommentOrToken): boolean;
+declare function isNotClosingBracketToken(arg0: CommentOrToken): boolean;
+declare function isNotOpeningBraceToken(arg0: CommentOrToken): boolean;
+declare function isNotClosingBraceToken(arg0: CommentOrToken): boolean;
+declare function isNotCommentToken(arg0: CommentOrToken): boolean;
+type Token = eslint.AST.Token;
+type Comment = estree.Comment;
+type CommentOrToken = Comment | Token;
+
+declare function isParenthesized(timesOrNode: Node | number, nodeOrSourceCode: Node | SourceCode, optionalSourceCode?: eslint.SourceCode | undefined): boolean;
+type Node = estree.Node;
+type SourceCode = eslint.SourceCode;
+
+declare class PatternMatcher {
+    constructor(pattern: RegExp, options?: {
+        escaped?: boolean | undefined;
+    } | undefined);
+    execAll(str: string): IterableIterator<RegExpExecArray>;
+    test(str: string): boolean;
+    [Symbol.replace](str: string, replacer: string | ((...strs: string[]) => string)): string;
+}
+
+declare namespace _default {
+    export { CALL };
+    export { CONSTRUCT };
+    export { ESM };
+    export { findVariable };
+    export { getFunctionHeadLocation };
+    export { getFunctionNameWithKind };
+    export { getInnermostScope };
+    export { getPropertyName };
+    export { getStaticValue };
+    export { getStringIfConstant };
+    export { hasSideEffect };
+    export { isArrowToken };
+    export { isClosingBraceToken };
+    export { isClosingBracketToken };
+    export { isClosingParenToken };
+    export { isColonToken };
+    export { isCommaToken };
+    export { isCommentToken };
+    export { isNotArrowToken };
+    export { isNotClosingBraceToken };
+    export { isNotClosingBracketToken };
+    export { isNotClosingParenToken };
+    export { isNotColonToken };
+    export { isNotCommaToken };
+    export { isNotCommentToken };
+    export { isNotOpeningBraceToken };
+    export { isNotOpeningBracketToken };
+    export { isNotOpeningParenToken };
+    export { isNotSemicolonToken };
+    export { isOpeningBraceToken };
+    export { isOpeningBracketToken };
+    export { isOpeningParenToken };
+    export { isParenthesized };
+    export { isSemicolonToken };
+    export { PatternMatcher };
+    export { READ };
+    export { ReferenceTracker };
+}
+
+type StaticValue = StaticValue$2;
+type StaticValueOptional = StaticValueOptional$1;
+type StaticValueProvided = StaticValueProvided$1;
+type ReferenceTrackerOptions = ReferenceTrackerOptions$1;
+type TraceMap<T> = TraceMap$1<T>;
+type TrackedReferences<T> = TrackedReferences$1<T>;
+type HasSideEffectOptions = HasSideEffectOptions$1;
+type ArrowToken = ArrowToken$1;
+type CommaToken = CommaToken$1;
+type SemicolonToken = SemicolonToken$1;
+type ColonToken = ColonToken$1;
+type OpeningParenToken = OpeningParenToken$1;
+type ClosingParenToken = ClosingParenToken$1;
+type OpeningBracketToken = OpeningBracketToken$1;
+type ClosingBracketToken = ClosingBracketToken$1;
+type OpeningBraceToken = OpeningBraceToken$1;
+type ClosingBraceToken = ClosingBraceToken$1;
+
+export { ArrowToken, CALL, CONSTRUCT, ClosingBraceToken, ClosingBracketToken, ClosingParenToken, ColonToken, CommaToken, ESM, HasSideEffectOptions, OpeningBraceToken, OpeningBracketToken, OpeningParenToken, PatternMatcher, READ, ReferenceTracker, ReferenceTrackerOptions, SemicolonToken, StaticValue, StaticValueOptional, StaticValueProvided, TraceMap, TrackedReferences, _default as default, findVariable, getFunctionHeadLocation, getFunctionNameWithKind, getInnermostScope, getPropertyName, getStaticValue, getStringIfConstant, hasSideEffect, isArrowToken, isClosingBraceToken, isClosingBracketToken, isClosingParenToken, isColonToken, isCommaToken, isCommentToken, isNotArrowToken, isNotClosingBraceToken, isNotClosingBracketToken, isNotClosingParenToken, isNotColonToken, isNotCommaToken, isNotCommentToken, isNotOpeningBraceToken, isNotOpeningBracketToken, isNotOpeningParenToken, isNotSemicolonToken, isOpeningBraceToken, isOpeningBracketToken, isOpeningParenToken, isParenthesized, isSemicolonToken };

node_modules/@eslint-community/eslint-utils/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eslint-community/eslint-utils",
-  "version": "4.4.0",
+  "version": "4.7.0",
   "description": "Utilities for ESLint plugins.",
   "keywords": [
     "eslint"
@@ -30,38 +30,53 @@
   ],
   "scripts": {
     "prebuild": "npm run -s clean",
-    "build": "rollup -c",
-    "clean": "rimraf .nyc_output coverage index.*",
+    "build": "npm run build:dts && npm run build:rollup",
+    "build:dts": "tsc -p tsconfig.build.json",
+    "build:rollup": "rollup -c",
+    "clean": "rimraf .nyc_output coverage index.* dist",
     "coverage": "opener ./coverage/lcov-report/index.html",
     "docs:build": "vitepress build docs",
     "docs:watch": "vitepress dev docs",
     "format": "npm run -s format:prettier -- --write",
     "format:prettier": "prettier .",
     "format:check": "npm run -s format:prettier -- --check",
-    "lint": "eslint .",
-    "test": "c8 mocha --reporter dot \"test/*.mjs\"",
-    "preversion": "npm test && npm run -s build",
+    "lint:eslint": "eslint .",
+    "lint:format": "npm run -s format:check",
+    "lint:installed-check": "installed-check -v -i installed-check -i npm-run-all2 -i knip -i rollup-plugin-dts",
+    "lint:knip": "knip",
+    "lint": "run-p lint:*",
+    "test-coverage": "c8 mocha --reporter dot \"test/*.mjs\"",
+    "test": "mocha --reporter dot \"test/*.mjs\"",
+    "preversion": "npm run test-coverage && npm run -s build",
     "postversion": "git push && git push --tags",
     "prewatch": "npm run -s clean",
     "watch": "warun \"{src,test}/**/*.mjs\" -- npm run -s test:mocha"
   },
   "dependencies": {
-    "eslint-visitor-keys": "^3.3.0"
+    "eslint-visitor-keys": "^3.4.3"
   },
   "devDependencies": {
-    "@eslint-community/eslint-plugin-mysticatea": "^15.2.0",
-    "c8": "^7.12.0",
-    "dot-prop": "^6.0.1",
-    "eslint": "^8.28.0",
+    "@eslint-community/eslint-plugin-mysticatea": "^15.6.1",
+    "@types/eslint": "^9.6.1",
+    "@types/estree": "^1.0.7",
+    "@typescript-eslint/parser": "^5.62.0",
+    "@typescript-eslint/types": "^5.62.0",
+    "c8": "^8.0.1",
+    "dot-prop": "^7.2.0",
+    "eslint": "^8.57.1",
+    "installed-check": "^8.0.1",
+    "knip": "^5.33.3",
     "mocha": "^9.2.2",
-    "npm-run-all": "^4.1.5",
+    "npm-run-all2": "^6.2.3",
     "opener": "^1.5.2",
-    "prettier": "2.8.4",
+    "prettier": "2.8.8",
     "rimraf": "^3.0.2",
-    "rollup": "^2.79.1",
+    "rollup": "^2.79.2",
+    "rollup-plugin-dts": "^4.2.3",
     "rollup-plugin-sourcemaps": "^0.6.3",
-    "semver": "^7.3.8",
-    "vitepress": "^1.0.0-alpha.40",
+    "semver": "^7.6.3",
+    "typescript": "^4.9.5",
+    "vitepress": "^1.4.1",
     "warun": "^1.0.0"
   },
   "peerDependencies": {
@@ -69,5 +84,6 @@
   },
   "engines": {
     "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
-  }
+  },
+  "funding": "https://opencollective.com/eslint"
 }

node_modules/@eslint/js/package.json

@@ -1,7 +1,8 @@
 {
   "name": "@eslint/js",
-  "version": "9.24.0",
+  "version": "9.27.0",
   "description": "ESLint JavaScript language implementation",
+  "funding": "https://eslint.org/donate",
   "main": "./src/index.js",
   "types": "./types/index.d.ts",
   "scripts": {

node_modules/@eslint/js/src/configs/eslint-all.js

@@ -149,6 +149,7 @@ module.exports = Object.freeze({
         "no-ternary": "error",
         "no-this-before-super": "error",
         "no-throw-literal": "error",
+        "no-unassigned-vars": "error",
         "no-undef": "error",
         "no-undef-init": "error",
         "no-undefined": "error",

node_modules/@mswjs/interceptors/README.md

@@ -104,6 +104,21 @@ You can respond to the intercepted HTTP request by constructing a Fetch API Resp
 - Does **not** provide any request matching logic;
 - Does **not** handle requests by default.
 
+## Limitations
+
+- Interceptors will hang indefinitely if you call `req.end()` in the `connect` event listener of the respective `socket`:
+
+```ts
+req.on('socket', (socket) => {
+  socket.on('connect', () => {
+    // ❌ While this is allowed in Node.js, this cannot be handled in Interceptors.
+    req.end()
+  })
+})
+```
+
+> This limitation is intrinsic to the interception algorithm used by the library. In order for it to emit the `connect` event on the socket, the library must know if you've handled the request in any way (e.g. responded with a mocked response or errored it). For that, it emits the `request` event on the interceptor where you can handle the request. Since you can consume the request stream in the `request` event, it waits until the request body stream is complete (i.e. until `req.end()` is called). This creates a catch 22 that causes this limitation.
+
 ## Getting started
 
 ```bash

node_modules/@mswjs/interceptors/lib/browser/chunk-7RPAMWJ6.mjs

@@ -6,11 +6,12 @@ import {
 import {
   RequestController,
   handleRequest
-} from "./chunk-H5O73WD2.mjs";
+} from "./chunk-L37TY7LC.mjs";
 import {
   FetchResponse,
-  IS_PATCHED_MODULE
-} from "./chunk-FK37CTPH.mjs";
+  IS_PATCHED_MODULE,
+  setRawRequest
+} from "./chunk-CNX33NZA.mjs";
 import {
   hasConfigurableGlobal
 } from "./chunk-TX5GBTFY.mjs";
@@ -693,6 +694,7 @@ var XMLHttpRequestController = class {
       }
     });
     define(fetchRequest, "headers", proxyHeaders);
+    setRawRequest(fetchRequest, this.request);
     this.logger.info("converted request to a Fetch API Request!", fetchRequest);
     return fetchRequest;
   }
@@ -841,4 +843,4 @@ XMLHttpRequestInterceptor.interceptorSymbol = Symbol("xhr");
 export {
   XMLHttpRequestInterceptor
 };
-//# sourceMappingURL=chunk-E2WFHJX6.mjs.map
+//# sourceMappingURL=chunk-7RPAMWJ6.mjs.map

node_modules/@mswjs/interceptors/lib/browser/chunk-CNX33NZA.mjs

@@ -97,9 +97,20 @@ var FetchResponse = _FetchResponse;
 FetchResponse.STATUS_CODES_WITHOUT_BODY = [101, 103, 204, 205, 304];
 FetchResponse.STATUS_CODES_WITH_REDIRECT = [301, 302, 303, 307, 308];
 
+// src/getRawRequest.ts
+var kRawRequest = Symbol("kRawRequest");
+function getRawRequest(request) {
+  return Reflect.get(request, kRawRequest);
+}
+function setRawRequest(request, rawRequest) {
+  Reflect.set(request, kRawRequest, rawRequest);
+}
+
 export {
   IS_PATCHED_MODULE,
   canParseUrl,
-  FetchResponse
+  FetchResponse,
+  getRawRequest,
+  setRawRequest
 };
-//# sourceMappingURL=chunk-FK37CTPH.mjs.map
+//# sourceMappingURL=chunk-CNX33NZA.mjs.map