Update changelog for v3.28.21

Merge main into releases/v3

.github/workflows/__rubocop-multi-language.yml

@@ -46,7 +46,7 @@ jobs:
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
       - name: Set up Ruby
-        uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1.229.0
+        uses: ruby/setup-ruby@e5ac7b085f6e63d49c8973eb0c6e04d876b881f1 # v1.230.0
         with:
           ruby-version: 2.6
       - name: Install Code Scanning integration

.github/workflows/codeql.yml

@@ -75,7 +75,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-20.04,ubuntu-22.04,windows-2019,windows-2022,macos-13,macos-14]
+        os: [ubuntu-22.04,ubuntu-24.04,windows-2019,windows-2022,macos-13,macos-14]
         tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
     runs-on: ${{ matrix.os }}
 

.github/workflows/codescanning-config-cli.yml

@@ -3,6 +3,9 @@
 name: Code-Scanning config CLI tests
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  # Diff informed queries add an additional query filter which is not yet
+  # taken into account by these tests.
+  CODEQL_ACTION_DIFF_INFORMED_QUERIES: false
 
 on:
   push:

.github/workflows/post-release-mergeback.yml

@@ -168,7 +168,7 @@ jobs:
             --draft
 
       - name: Generate token
-        uses: actions/create-github-app-token@v2.0.2
+        uses: actions/create-github-app-token@v2.0.6
         id: app-token
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}

.github/workflows/update-release-branch.yml

@@ -124,7 +124,7 @@ jobs:
       pull-requests: write # needed to create pull request
     steps:
     - name: Generate token
-      uses: actions/create-github-app-token@v2.0.2
+      uses: actions/create-github-app-token@v2.0.6
       id: app-token
       with:
         app-id: ${{ vars.AUTOMATION_APP_ID }}

CHANGELOG.md

@@ -2,10 +2,28 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
-## [UNRELEASED]
+## 3.28.21 - 28 July 2025
 
 No user facing changes.
 
+## 3.28.20 - 21 July 2025
+
+- Remove support for combining SARIF files from a single upload for GHES 3.18, see [the changelog post](https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload/). [#2959](https://github.com/github/codeql-action/pull/2959)
+
+## 3.28.18 - 16 May 2025
+
+- Update default CodeQL bundle version to 2.21.3. [#2893](https://github.com/github/codeql-action/pull/2893)
+- Skip validating SARIF produced by CodeQL for improved performance. [#2894](https://github.com/github/codeql-action/pull/2894)
+- The number of threads and amount of RAM used by CodeQL can now be set via the `CODEQL_THREADS` and `CODEQL_RAM` runner environment variables. If set, these environment variables override the `threads` and `ram` inputs respectively. [#2891](https://github.com/github/codeql-action/pull/2891)
+
+## 3.28.17 - 02 May 2025
+
+- Update default CodeQL bundle version to 2.21.2. [#2872](https://github.com/github/codeql-action/pull/2872)
+
+## 3.28.16 - 23 Apr 2025
+
+- Update default CodeQL bundle version to 2.21.1. [#2863](https://github.com/github/codeql-action/pull/2863)
+
 ## 3.28.15 - 07 Apr 2025
 
 - Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. [#2842](https://github.com/github/codeql-action/pull/2842)

README.md

@@ -70,10 +70,11 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n
 
 | Minimum CodeQL Action | Minimum CodeQL Bundle Version | GitHub Environment | Notes |
 |-----------------------|-------------------------------|--------------------|-------|
-| `v3.26.6`  | `2.18.4` | Enterprise Server 3.15 | |
-| `v3.25.11` | `2.17.6` | Enterprise Server 3.14 | |
-| `v3.24.11` | `2.16.6` | Enterprise Server 3.13 | |
-| `v3.22.12` | `2.15.5` | Enterprise Server 3.12 | |
+| `v3.28.12`  | `2.20.7` | Enterprise Server 3.17 | |
+| `v3.28.6`  | `2.20.3` | Enterprise Server 3.16 | |
+| `v3.28.6`  | `2.20.3` | Enterprise Server 3.15 | |
+| `v3.28.6` | `2.20.3` | Enterprise Server 3.14 | |
+| `v3.28.6` | `2.20.3` | Enterprise Server 3.13 | |
 
 See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).
 

lib/analyze.js

@@ -64,7 +64,6 @@ const logging_1 = require("./logging");
 const repository_1 = require("./repository");
 const tools_features_1 = require("./tools-features");
 const tracer_config_1 = require("./tracer-config");
-const upload_lib_1 = require("./upload-lib");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 class CodeQLAnalysisError extends Error {
@@ -343,7 +342,12 @@ function writeDiffRangeDataExtensionPack(logger, ranges) {
         ranges = [{ path: "", startLine: 0, endLine: 0 }];
     }
     const diffRangeDir = path.join(actionsUtil.getTemporaryDirectory(), "pr-diff-range");
-    fs.mkdirSync(diffRangeDir);
+    // We expect the Actions temporary directory to already exist, so are mainly
+    // using `recursive: true` to avoid errors if the directory already exists,
+    // for example if the analyze Action is run multiple times in the same job.
+    // This is not really something that is supported, but we make use of it in
+    // tests.
+    fs.mkdirSync(diffRangeDir, { recursive: true });
     fs.writeFileSync(path.join(diffRangeDir, "qlpack.yml"), `
 name: codeql-action/pr-diff-range
 version: 0.0.0
@@ -424,7 +428,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
             logger.endGroup();
             logger.info(analysisSummary);
             if (await features.getValue(feature_flags_1.Feature.QaTelemetryEnabled)) {
-                const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile, logger);
+                const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile);
                 const perQueryAlertCountEventReport = {
                     event: "codeql database interpret-results",
                     started_at: startTimeInterpretResults.toISOString(),
@@ -452,8 +456,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", sarifRunPropertyFlag, automationDetailsId, config, features);
     }
     /** Get an object with all queries and their counts parsed from a SARIF file path. */
-    function getPerQueryAlertCounts(sarifPath, log) {
-        (0, upload_lib_1.validateSarifFileSchema)(sarifPath, log);
+    function getPerQueryAlertCounts(sarifPath) {
         const sarifObject = JSON.parse(fs.readFileSync(sarifPath, "utf8"));
         // We do not need to compute fingerprints because we are not sending data based off of locations.
         // Generate the query: alert count object

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.17", "minimumVersion": "3.12" }
+{ "maximumVersion": "3.18", "minimumVersion": "3.13" }

lib/codeql.js

@@ -78,15 +78,15 @@ const CODEQL_MINIMUM_VERSION = "2.15.5";
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.
  */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.15.5";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.16.6";
 /**
  * This is the version of GHES that was most recently deprecated.
  */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.11";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.12";
 /**
  * This is the deprecation date for the version of GHES that was most recently deprecated.
  */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-12-19";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2025-04-03";
 /** The CLI verbosity level to use for extraction in debug mode. */
 const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
 /*

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.21.0",
-    "cliVersion": "2.21.0",
-    "priorBundleVersion": "codeql-bundle-v2.20.7",
-    "priorCliVersion": "2.20.7"
+    "bundleVersion": "codeql-bundle-v2.21.3",
+    "cliVersion": "2.21.3",
+    "priorBundleVersion": "codeql-bundle-v2.21.2",
+    "priorCliVersion": "2.21.2"
 }

lib/dependency-caching.js

@@ -57,42 +57,44 @@ function getJavaTempDependencyDir() {
 /**
  * Default caching configurations per language.
  */
-const CODEQL_DEFAULT_CACHE_CONFIG = {
-    java: {
-        paths: [
-            // Maven
-            (0, path_1.join)(os.homedir(), ".m2", "repository"),
-            // Gradle
-            (0, path_1.join)(os.homedir(), ".gradle", "caches"),
-            // CodeQL Java build-mode: none
-            getJavaTempDependencyDir(),
-        ],
-        hash: [
-            // Maven
-            "**/pom.xml",
-            // Gradle
-            "**/*.gradle*",
-            "**/gradle-wrapper.properties",
-            "buildSrc/**/Versions.kt",
-            "buildSrc/**/Dependencies.kt",
-            "gradle/*.versions.toml",
-            "**/versions.properties",
-        ],
-    },
-    csharp: {
-        paths: [(0, path_1.join)(os.homedir(), ".nuget", "packages")],
-        hash: [
-            // NuGet
-            "**/packages.lock.json",
-            // Paket
-            "**/paket.lock",
-        ],
-    },
-    go: {
-        paths: [(0, path_1.join)(os.homedir(), "go", "pkg", "mod")],
-        hash: ["**/go.sum"],
-    },
-};
+function getDefaultCacheConfig() {
+    return {
+        java: {
+            paths: [
+                // Maven
+                (0, path_1.join)(os.homedir(), ".m2", "repository"),
+                // Gradle
+                (0, path_1.join)(os.homedir(), ".gradle", "caches"),
+                // CodeQL Java build-mode: none
+                getJavaTempDependencyDir(),
+            ],
+            hash: [
+                // Maven
+                "**/pom.xml",
+                // Gradle
+                "**/*.gradle*",
+                "**/gradle-wrapper.properties",
+                "buildSrc/**/Versions.kt",
+                "buildSrc/**/Dependencies.kt",
+                "gradle/*.versions.toml",
+                "**/versions.properties",
+            ],
+        },
+        csharp: {
+            paths: [(0, path_1.join)(os.homedir(), ".nuget", "packages")],
+            hash: [
+                // NuGet
+                "**/packages.lock.json",
+                // Paket
+                "**/paket.lock",
+            ],
+        },
+        go: {
+            paths: [(0, path_1.join)(os.homedir(), "go", "pkg", "mod")],
+            hash: ["**/go.sum"],
+        },
+    };
+}
 async function makeGlobber(patterns) {
     return glob.create(patterns.join("\n"));
 }
@@ -106,7 +108,7 @@ async function makeGlobber(patterns) {
 async function downloadDependencyCaches(languages, logger) {
     const restoredCaches = [];
     for (const language of languages) {
-        const cacheConfig = CODEQL_DEFAULT_CACHE_CONFIG[language];
+        const cacheConfig = getDefaultCacheConfig()[language];
         if (cacheConfig === undefined) {
             logger.info(`Skipping download of dependency cache for ${language} as we have no caching configuration for it.`);
             continue;
@@ -140,7 +142,7 @@ async function downloadDependencyCaches(languages, logger) {
  */
 async function uploadDependencyCaches(config, logger) {
     for (const language of config.languages) {
-        const cacheConfig = CODEQL_DEFAULT_CACHE_CONFIG[language];
+        const cacheConfig = getDefaultCacheConfig()[language];
         if (cacheConfig === undefined) {
             logger.info(`Skipping upload of dependency cache for ${language} as we have no caching configuration for it.`);
             continue;

lib/dependency-caching.js.map

@@ -1 +1 @@
-{"version":3,"file":"dependency-caching.js","sourceRoot":"","sources":["../src/dependency-caching.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,4DAEC;AAqDD,4DAmDC;AAQD,wDAiEC;AAvND,uCAAyB;AACzB,+BAA4B;AAE5B,6DAA+C;AAC/C,oDAAsC;AAEtC,iDAAuD;AACvD,mDAAoD;AAEpD,+CAAuC;AAGvC,iCAA6C;AAgB7C,MAAM,8BAA8B,GAAG,qBAAqB,CAAC;AAC7D,MAAM,+BAA+B,GAAG,CAAC,CAAC;AAE1C;;;;GAIG;AACH,SAAgB,wBAAwB;IACtC,OAAO,IAAA,WAAI,EAAC,IAAA,oCAAqB,GAAE,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,MAAM,2BAA2B,GAAwC;IACvE,IAAI,EAAE;QACJ,KAAK,EAAE;YACL,QAAQ;YACR,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC;YACvC,SAAS;YACT,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC;YACvC,+BAA+B;YAC/B,wBAAwB,EAAE;SAC3B;QACD,IAAI,EAAE;YACJ,QAAQ;YACR,YAAY;YACZ,SAAS;YACT,cAAc;YACd,8BAA8B;YAC9B,yBAAyB;YACzB,6BAA6B;YAC7B,wBAAwB;YACxB,wBAAwB;SACzB;KACF;IACD,MAAM,EAAE;QACN,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QACjD,IAAI,EAAE;YACJ,QAAQ;YACR,uBAAuB;YACvB,QAAQ;YACR,eAAe;SAChB;KACF;IACD,EAAE,EAAE;QACF,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QAC/C,IAAI,EAAE,CAAC,WAAW,CAAC;KACpB;CACF,CAAC;AAEF,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,wBAAwB,CAC5C,SAAqB,EACrB,MAAc;IAEd,MAAM,cAAc,GAAe,EAAE,CAAC;IAEtC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,WAAW,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAC;QAE1D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,8CAA8C,CACpG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,mDAAmD,CACzG,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACzD,MAAM,WAAW,GAAa,CAAC,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE5D,MAAM,CAAC,IAAI,CACT,yBAAyB,QAAQ,aAAa,UAAU,qBAAqB,WAAW,CAAC,IAAI,CAC3F,IAAI,CACL,EAAE,CACJ,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,YAAY,CAC5C,WAAW,CAAC,KAAK,EACjB,UAAU,EACV,WAAW,CACZ,CAAC;QAEF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,oBAAoB,MAAM,QAAQ,QAAQ,GAAG,CAAC,CAAC;YAC3D,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,+BAA+B,QAAQ,GAAG,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,sBAAsB,CAAC,MAAc,EAAE,MAAc;IACzE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAC;QAE1D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,8CAA8C,CAClG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,mDAAmD,CACvG,CAAC;YACF,SAAS;QACX,CAAC;QAED,yGAAyG;QACzG,uGAAuG;QACvG,uCAAuC;QACvC,uGAAuG;QACvG,uGAAuG;QACvG,sCAAsC;QACtC,uGAAuG;QACvG,sGAAsG;QACtG,sGAAsG;QACtG,4CAA4C;QAC5C,MAAM,IAAI,GAAG,MAAM,IAAA,iCAAiB,EAAC,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAEtE,iCAAiC;QACjC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,qBAAqB,CACzE,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAElD,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,QAAQ,QAAQ,aAAa,GAAG,KAAK,CACrE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,yFAAyF;YACzF,uFAAuF;YACvF,gCAAgC;YAChC,IAAI,KAAK,YAAY,YAAY,CAAC,iBAAiB,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CACT,2BAA2B,QAAQ,aAAa,GAAG,qBAAqB,CACzE,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,kCAAkC;gBAClC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,QAAQ,CACrB,QAAkB,EAClB,WAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,OAAO,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,CAAC;AACjD,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,WAAW,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,yBAAyB,CAAC,CAAC;IACnE,IAAI,MAAM,GAAG,8BAA8B,CAAC;IAE5C,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,MAAM,IAAI,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,+BAA+B,IAAI,QAAQ,IAAI,QAAQ,GAAG,CAAC;AACjF,CAAC"}
+{"version":3,"file":"dependency-caching.js","sourceRoot":"","sources":["../src/dependency-caching.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,4DAEC;AAuDD,4DAmDC;AAQD,wDAiEC;AAzND,uCAAyB;AACzB,+BAA4B;AAE5B,6DAA+C;AAC/C,oDAAsC;AAEtC,iDAAuD;AACvD,mDAAoD;AAEpD,+CAAuC;AAGvC,iCAA6C;AAgB7C,MAAM,8BAA8B,GAAG,qBAAqB,CAAC;AAC7D,MAAM,+BAA+B,GAAG,CAAC,CAAC;AAE1C;;;;GAIG;AACH,SAAgB,wBAAwB;IACtC,OAAO,IAAA,WAAI,EAAC,IAAA,oCAAqB,GAAE,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB;IAC5B,OAAO;QACL,IAAI,EAAE;YACJ,KAAK,EAAE;gBACL,QAAQ;gBACR,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC;gBACvC,SAAS;gBACT,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC;gBACvC,+BAA+B;gBAC/B,wBAAwB,EAAE;aAC3B;YACD,IAAI,EAAE;gBACJ,QAAQ;gBACR,YAAY;gBACZ,SAAS;gBACT,cAAc;gBACd,8BAA8B;gBAC9B,yBAAyB;gBACzB,6BAA6B;gBAC7B,wBAAwB;gBACxB,wBAAwB;aACzB;SACF;QACD,MAAM,EAAE;YACN,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;YACjD,IAAI,EAAE;gBACJ,QAAQ;gBACR,uBAAuB;gBACvB,QAAQ;gBACR,eAAe;aAChB;SACF;QACD,EAAE,EAAE;YACF,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;YAC/C,IAAI,EAAE,CAAC,WAAW,CAAC;SACpB;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,wBAAwB,CAC5C,SAAqB,EACrB,MAAc;IAEd,MAAM,cAAc,GAAe,EAAE,CAAC;IAEtC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEtD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,8CAA8C,CACpG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,mDAAmD,CACzG,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACzD,MAAM,WAAW,GAAa,CAAC,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE5D,MAAM,CAAC,IAAI,CACT,yBAAyB,QAAQ,aAAa,UAAU,qBAAqB,WAAW,CAAC,IAAI,CAC3F,IAAI,CACL,EAAE,CACJ,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,YAAY,CAC5C,WAAW,CAAC,KAAK,EACjB,UAAU,EACV,WAAW,CACZ,CAAC;QAEF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,oBAAoB,MAAM,QAAQ,QAAQ,GAAG,CAAC,CAAC;YAC3D,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,+BAA+B,QAAQ,GAAG,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,sBAAsB,CAAC,MAAc,EAAE,MAAc;IACzE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEtD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,8CAA8C,CAClG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,mDAAmD,CACvG,CAAC;YACF,SAAS;QACX,CAAC;QAED,yGAAyG;QACzG,uGAAuG;QACvG,uCAAuC;QACvC,uGAAuG;QACvG,uGAAuG;QACvG,sCAAsC;QACtC,uGAAuG;QACvG,sGAAsG;QACtG,sGAAsG;QACtG,4CAA4C;QAC5C,MAAM,IAAI,GAAG,MAAM,IAAA,iCAAiB,EAAC,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAEtE,iCAAiC;QACjC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,qBAAqB,CACzE,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAElD,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,QAAQ,QAAQ,aAAa,GAAG,KAAK,CACrE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,yFAAyF;YACzF,uFAAuF;YACvF,gCAAgC;YAChC,IAAI,KAAK,YAAY,YAAY,CAAC,iBAAiB,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CACT,2BAA2B,QAAQ,aAAa,GAAG,qBAAqB,CACzE,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,kCAAkC;gBAClC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,QAAQ,CACrB,QAAkB,EAClB,WAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,OAAO,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,CAAC;AACjD,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,WAAW,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,yBAAyB,CAAC,CAAC;IACnE,IAAI,MAAM,GAAG,8BAA8B,CAAC;IAE5C,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,MAAM,IAAI,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,+BAA+B,IAAI,QAAQ,IAAI,QAAQ,GAAG,CAAC;AACjF,CAAC"}

lib/feature-flags.js

@@ -61,6 +61,7 @@ var Feature;
     Feature["CppBuildModeNone"] = "cpp_build_mode_none";
     Feature["CppDependencyInstallation"] = "cpp_dependency_installation_enabled";
     Feature["DiffInformedQueries"] = "diff_informed_queries";
+    Feature["DisableCombineSarifFiles"] = "disable_combine_sarif_files";
     Feature["DisableCsharpBuildless"] = "disable_csharp_buildless";
     Feature["DisableJavaBuildlessEnabled"] = "disable_java_buildless_enabled";
     Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
@@ -98,6 +99,11 @@ exports.featureConfig = {
         envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES",
         minimumVersion: "2.21.0",
     },
+    [Feature.DisableCombineSarifFiles]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_DISABLE_COMBINE_SARIF_FILES",
+        minimumVersion: undefined,
+    },
     [Feature.DisableCsharpBuildless]: {
         defaultValue: false,
         envVar: "CODEQL_ACTION_DISABLE_CSHARP_BUILDLESS",

lib/init-action.js

@@ -319,7 +319,8 @@ async function run() {
         // for details.
         core.exportVariable("CODEQL_RAM", process.env["CODEQL_RAM"] ||
             (0, util_1.getMemoryFlagValue)((0, actions_util_1.getOptionalInput)("ram"), logger).toString());
-        core.exportVariable("CODEQL_THREADS", (0, util_1.getThreadsFlagValue)((0, actions_util_1.getOptionalInput)("threads"), logger).toString());
+        core.exportVariable("CODEQL_THREADS", process.env["CODEQL_THREADS"] ||
+            (0, util_1.getThreadsFlagValue)((0, actions_util_1.getOptionalInput)("threads"), logger).toString());
         // Disable Kotlin extractor if feature flag set
         if (await features.getValue(feature_flags_1.Feature.DisableKotlinAnalysisEnabled)) {
             core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");

lib/start-proxy-action.js

@@ -43,8 +43,8 @@ const logging_1 = require("./logging");
 const start_proxy_1 = require("./start-proxy");
 const util = __importStar(require("./util"));
 const UPDATEJOB_PROXY = "update-job-proxy";
-const UPDATEJOB_PROXY_VERSION = "v2.0.20241023203727";
-const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.18.1/";
+const UPDATEJOB_PROXY_VERSION = "v2.0.20250424171100";
+const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.1/";
 const KEY_SIZE = 2048;
 const KEY_EXPIRY_YEARS = 2;
 const CERT_SUBJECT = [

lib/start-proxy.js

@@ -10,10 +10,10 @@ const LANGUAGE_TO_REGISTRY_TYPE = {
     python: "python_index",
     ruby: "rubygems_server",
     rust: "cargo_registry",
+    go: "goproxy_server",
     // We do not have an established proxy type for these languages, thus leaving empty.
     actions: "",
     cpp: "",
-    go: "",
     swift: "",
 };
 // getCredentials returns registry credentials from action inputs.

lib/start-proxy.js.map

@@ -1 +1 @@
-{"version":3,"file":"start-proxy.js","sourceRoot":"","sources":["../src/start-proxy.ts"],"names":[],"mappings":";;AA8BA,wCA2EC;AAzGD,2CAAsD;AAEtD,iCAA4C;AAW5C,MAAM,yBAAyB,GAA6B;IAC1D,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,cAAc;IAC1B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,gBAAgB;IACtB,oFAAoF;IACpF,OAAO,EAAE,EAAE;IACX,GAAG,EAAE,EAAE;IACP,EAAE,EAAE,EAAE;IACN,KAAK,EAAE,EAAE;CACD,CAAC;AAEX,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAgB,cAAc,CAC5B,MAAc,EACd,eAAmC,EACnC,qBAAyC,EACzC,cAAkC;IAElC,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,uBAAuB,GAAG,QAAQ;QACtC,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtD,MAAM,IAAI,yBAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChD,yFAAyF;YACzF,MAAM,IAAI,yBAAkB,CAC1B,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAED,kFAAkF;QAClF,iEAAiE;QACjE,IAAI,uBAAuB,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAuB,EAAW,EAAE;YACvD,OAAO,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjD,CAAC,CAAC;QAEF,IACE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;YACnB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EACrB,CAAC;YACD,MAAM,IAAI,yBAAkB,CAC1B,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"start-proxy.js","sourceRoot":"","sources":["../src/start-proxy.ts"],"names":[],"mappings":";;AA8BA,wCA2EC;AAzGD,2CAAsD;AAEtD,iCAA4C;AAW5C,MAAM,yBAAyB,GAA6B;IAC1D,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,cAAc;IAC1B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,gBAAgB;IACtB,EAAE,EAAE,gBAAgB;IACpB,oFAAoF;IACpF,OAAO,EAAE,EAAE;IACX,GAAG,EAAE,EAAE;IACP,KAAK,EAAE,EAAE;CACD,CAAC;AAEX,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAgB,cAAc,CAC5B,MAAc,EACd,eAAmC,EACnC,qBAAyC,EACzC,cAAkC;IAElC,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,uBAAuB,GAAG,QAAQ;QACtC,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtD,MAAM,IAAI,yBAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChD,yFAAyF;YACzF,MAAM,IAAI,yBAAkB,CAC1B,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAED,kFAAkF;QAClF,iEAAiE;QACjE,IAAI,uBAAuB,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAuB,EAAW,EAAE;YACvD,OAAO,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjD,CAAC,CAAC;QAEF,IACE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;YACnB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EACrB,CAAC;YACD,MAAM,IAAI,yBAAkB,CAC1B,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

lib/status-report.js

@@ -149,10 +149,10 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi
         const runnerOs = (0, util_1.getRequiredEnvParam)("RUNNER_OS");
         const codeQlCliVersion = (0, util_1.getCachedCodeQlVersion)();
         const actionRef = process.env["GITHUB_ACTION_REF"] || "";
-        const testingEnvironment = process.env[environment_1.EnvVar.TESTING_ENVIRONMENT] || "";
+        const testingEnvironment = (0, util_1.getTestingEnvironment)();
         // re-export the testing environment variable so that it is available to subsequent steps,
         // even if it was only set for this step
-        if (testingEnvironment !== "") {
+        if (testingEnvironment) {
             core.exportVariable(environment_1.EnvVar.TESTING_ENVIRONMENT, testingEnvironment);
         }
         const isSteadyStateDefaultSetupRun = process.env["CODE_SCANNING_IS_STEADY_STATE_DEFAULT_SETUP"] === "true";
@@ -173,7 +173,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi
             started_at: workflowStartedAt,
             status,
             steady_state_default_setup: isSteadyStateDefaultSetupRun,
-            testing_environment: testingEnvironment,
+            testing_environment: testingEnvironment || "",
             workflow_name: workflowName,
             workflow_run_attempt: workflowRunAttempt,
             workflow_run_id: workflowRunID,

lib/upload-lib.js

@@ -38,8 +38,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.InvalidSarifUploadError = void 0;
 exports.shouldShowCombineSarifFilesDeprecationWarning = shouldShowCombineSarifFilesDeprecationWarning;
+exports.throwIfCombineSarifFilesDisabled = throwIfCombineSarifFilesDisabled;
 exports.populateRunAutomationDetails = populateRunAutomationDetails;
 exports.findSarifFilesInDir = findSarifFilesInDir;
+exports.readSarifFile = readSarifFile;
 exports.validateSarifFileSchema = validateSarifFileSchema;
 exports.buildPayload = buildPayload;
 exports.uploadFiles = uploadFiles;
@@ -53,7 +55,6 @@ const zlib_1 = __importDefault(require("zlib"));
 const core = __importStar(require("@actions/core"));
 const file_url_1 = __importDefault(require("file-url"));
 const jsonschema = __importStar(require("jsonschema"));
-const semver = __importStar(require("semver"));
 const actionsUtil = __importStar(require("./actions-util"));
 const actions_util_1 = require("./actions-util");
 const api = __importStar(require("./api-client"));
@@ -62,6 +63,7 @@ const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const diff_informed_analysis_utils_1 = require("./diff-informed-analysis-utils");
 const environment_1 = require("./environment");
+const feature_flags_1 = require("./feature-flags");
 const fingerprints = __importStar(require("./fingerprints"));
 const gitUtils = __importStar(require("./git-utils"));
 const init_1 = require("./init");
@@ -135,7 +137,7 @@ function areAllRunsUnique(sarifObjects) {
 async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githubVersion) {
     // Do not show this warning on GHES versions before 3.14.0
     if (githubVersion.type === util_1.GitHubVariant.GHES &&
-        semver.lt(githubVersion.version, "3.14.0")) {
+        (0, util_1.satisfiesGHESVersion)(githubVersion.version, "<3.14", true)) {
         return false;
     }
     // Only give a deprecation warning when not all runs are unique and
@@ -143,6 +145,36 @@ async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githu
     return (!areAllRunsUnique(sarifObjects) &&
         !process.env.CODEQL_MERGE_SARIF_DEPRECATION_WARNING);
 }
+async function throwIfCombineSarifFilesDisabled(sarifObjects, features, githubVersion) {
+    if (!(await shouldDisableCombineSarifFiles(sarifObjects, features, githubVersion))) {
+        return;
+    }
+    // TODO: Update this changelog URL to the correct one when it's published.
+    const deprecationMoreInformationMessage = "For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload";
+    throw new util_1.ConfigurationError(`The CodeQL Action does not support uploading multiple SARIF runs with the same category. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}`);
+}
+// Checks whether combining SARIF files should be disabled.
+async function shouldDisableCombineSarifFiles(sarifObjects, features, githubVersion) {
+    if (githubVersion.type === util_1.GitHubVariant.GHES) {
+        // Never block on GHES versions before 3.18.
+        if ((0, util_1.satisfiesGHESVersion)(githubVersion.version, "<3.18", true)) {
+            return false;
+        }
+    }
+    else {
+        // Never block when the feature flag is disabled.
+        if (!(await features.getValue(feature_flags_1.Feature.DisableCombineSarifFiles))) {
+            return false;
+        }
+    }
+    if (areAllRunsUnique(sarifObjects)) {
+        // If all runs are unique, we can safely combine them.
+        return false;
+    }
+    // Combining SARIF files is not supported and Code Scanning will return an
+    // error if multiple runs with the same category are uploaded.
+    return true;
+}
 // Takes a list of paths to sarif files and combines them together using the
 // CLI `github merge-results` command when all SARIF files are produced by
 // CodeQL. Otherwise, it will fall back to combining the files in the action.
@@ -157,9 +189,10 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
     });
     const deprecationWarningMessage = gitHubVersion.type === util_1.GitHubVariant.GHES
         ? "and will be removed in GitHub Enterprise Server 3.18"
-        : "and will be removed on June 4, 2025";
+        : "and will be removed in July 2025";
     const deprecationMoreInformationMessage = "For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload";
     if (!areAllRunsProducedByCodeQL(sarifObjects)) {
+        await throwIfCombineSarifFilesDisabled(sarifObjects, features, gitHubVersion);
         logger.debug("Not all SARIF files were produced by CodeQL. Merging files in the action.");
         if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, gitHubVersion)) {
             logger.warning(`Uploading multiple SARIF runs with the same category is deprecated ${deprecationWarningMessage}. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}`);
@@ -191,6 +224,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
         codeQL = initCodeQLResult.codeql;
     }
     if (!(await codeQL.supportsFeature(tools_features_1.ToolsFeature.SarifMergeRunsFromEqualCategory))) {
+        await throwIfCombineSarifFilesDisabled(sarifObjects, features, gitHubVersion);
         logger.warning("The CodeQL CLI does not support merging SARIF files. Merging files in the action.");
         if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, gitHubVersion)) {
             logger.warning(`Uploading multiple CodeQL runs with the same category is deprecated ${deprecationWarningMessage} for CodeQL CLI 2.16.6 and earlier. Please update your CodeQL CLI version or update your workflow to set a distinct category for each CodeQL run. ${deprecationMoreInformationMessage}`);
@@ -324,17 +358,24 @@ function countResultsInSarif(sarif) {
     }
     return numResults;
 }
-// Validates that the given file path refers to a valid SARIF file.
-// Throws an error if the file is invalid.
-function validateSarifFileSchema(sarifFilePath, logger) {
-    logger.info(`Validating ${sarifFilePath}`);
-    let sarif;
+function readSarifFile(sarifFilePath) {
     try {
-        sarif = JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
+        return JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
     }
     catch (e) {
         throw new InvalidSarifUploadError(`Invalid SARIF. JSON syntax error: ${(0, util_1.getErrorMessage)(e)}`);
     }
+}
+// Validates the given SARIF object and throws an error if the SARIF object is invalid.
+// The file path is only used in error messages to improve clarity.
+function validateSarifFileSchema(sarif, sarifFilePath, logger) {
+    if (areAllRunsProducedByCodeQL([sarif]) &&
+        // We want to validate CodeQL SARIF in testing environments.
+        !util.getTestingEnvironment()) {
+        logger.debug(`Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.`);
+        return;
+    }
+    logger.info(`Validating ${sarifFilePath}`);
     // eslint-disable-next-line @typescript-eslint/no-require-imports
     const schema = require("../src/sarif-schema-2.1.0.json");
     const result = new jsonschema.Validator().validate(sarif, schema);
@@ -402,27 +443,28 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
     return payloadObj;
 }
 /**
- * Uploads a single SARIF file or a directory of SARIF files depending on what `sarifPath` refers
+ * Uploads a single SARIF file or a directory of SARIF files depending on what `inputSarifPath` refers
  * to.
  */
-async function uploadFiles(sarifPath, checkoutPath, category, features, logger) {
-    const sarifFiles = getSarifFilePaths(sarifPath);
+async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger) {
+    const sarifPaths = getSarifFilePaths(inputSarifPath);
     logger.startGroup("Uploading results");
-    logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);
+    logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
     const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
-    try {
+    let sarif;
+    if (sarifPaths.length > 1) {
         // Validate that the files we were asked to upload are all valid SARIF files
-        for (const file of sarifFiles) {
-            validateSarifFileSchema(file, logger);
+        for (const sarifPath of sarifPaths) {
+            const parsedSarif = readSarifFile(sarifPath);
+            validateSarifFileSchema(parsedSarif, sarifPath, logger);
         }
+        sarif = await combineSarifFilesUsingCLI(sarifPaths, gitHubVersion, features, logger);
     }
-    catch (e) {
-        if (e instanceof SyntaxError) {
-            throw new InvalidSarifUploadError(e.message);
-        }
-        throw e;
+    else {
+        const sarifPath = sarifPaths[0];
+        sarif = readSarifFile(sarifPath);
+        validateSarifFileSchema(sarif, sarifPath, logger);
     }
-    let sarif = await combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger);
     sarif = filterAlertsByDiffRange(logger, sarif);
     sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger);
     const analysisKey = await api.getAnalysisKey();

lib/upload-lib.test.js

@@ -39,6 +39,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
+const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 const uploadLib = __importStar(require("./upload-lib"));
@@ -49,11 +50,11 @@ ava_1.default.beforeEach(() => {
 });
 (0, ava_1.default)("validateSarifFileSchema - valid", (t) => {
     const inputFile = `${__dirname}/../src/testdata/valid-sarif.sarif`;
-    t.notThrows(() => uploadLib.validateSarifFileSchema(inputFile, (0, logging_1.getRunnerLogger)(true)));
+    t.notThrows(() => uploadLib.validateSarifFileSchema(uploadLib.readSarifFile(inputFile), inputFile, (0, logging_1.getRunnerLogger)(true)));
 });
 (0, ava_1.default)("validateSarifFileSchema - invalid", (t) => {
     const inputFile = `${__dirname}/../src/testdata/invalid-sarif.sarif`;
-    t.throws(() => uploadLib.validateSarifFileSchema(inputFile, (0, logging_1.getRunnerLogger)(true)));
+    t.throws(() => uploadLib.validateSarifFileSchema(uploadLib.readSarifFile(inputFile), inputFile, (0, logging_1.getRunnerLogger)(true)));
 });
 (0, ava_1.default)("validate correct payload used for push, PR merge commit, and PR head", async (t) => {
     process.env["GITHUB_EVENT_NAME"] = "push";
@@ -202,7 +203,7 @@ ava_1.default.beforeEach(() => {
         },
     };
     const sarifFile = `${__dirname}/../src/testdata/with-invalid-uri.sarif`;
-    uploadLib.validateSarifFileSchema(sarifFile, mockLogger);
+    uploadLib.validateSarifFileSchema(uploadLib.readSarifFile(sarifFile), sarifFile, mockLogger);
     t.deepEqual(loggedMessages.length, 3);
     t.deepEqual(loggedMessages[1], "Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].tool.driver.rules[0].helpUri'.", "Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].results[0].locations[0].physicalLocation.artifactLocation.uri'.");
 });
@@ -223,6 +224,12 @@ ava_1.default.beforeEach(() => {
         version: "3.14.0",
     }));
 });
+(0, ava_1.default)("shouldShowCombineSarifFilesDeprecationWarning when on GHES 3.16 pre", async (t) => {
+    t.true(await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([createMockSarif("abc", "def"), createMockSarif("abc", "def")], {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.16.0.pre1",
+    }));
+});
 (0, ava_1.default)("shouldShowCombineSarifFilesDeprecationWarning with only 1 run", async (t) => {
     t.false(await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([createMockSarif("abc", "def")], {
         type: util_1.GitHubVariant.DOTCOM,
@@ -244,6 +251,81 @@ ava_1.default.beforeEach(() => {
         type: util_1.GitHubVariant.DOTCOM,
     }));
 });
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on dotcom with feature flag", async (t) => {
+    await t.throwsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }), {
+        message: /The CodeQL Action does not support uploading multiple SARIF runs with the same category/,
+    });
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on dotcom without feature flag", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.13", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.13.2",
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.14", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.14.0",
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.17", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.17.0",
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.18 pre", async (t) => {
+    await t.throwsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.18.0.pre1",
+    }), {
+        message: /The CodeQL Action does not support uploading multiple SARIF runs with the same category/,
+    });
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.18 alpha", async (t) => {
+    await t.throwsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.18.0-alpha.1",
+    }), {
+        message: /The CodeQL Action does not support uploading multiple SARIF runs with the same category/,
+    });
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.18", async (t) => {
+    await t.throwsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.18.0",
+    }), {
+        message: /The CodeQL Action does not support uploading multiple SARIF runs with the same category/,
+    });
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled with an invalid GHES version", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "foobar",
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled with only 1 run", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled with distinct categories", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("def", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled with distinct tools", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "abc"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
 (0, ava_1.default)("shouldConsiderConfigurationError correctly detects configuration errors", (t) => {
     const error1 = [
         "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",

lib/util.js

@@ -62,6 +62,7 @@ exports.bundleDb = bundleDb;
 exports.delay = delay;
 exports.isGoodVersion = isGoodVersion;
 exports.isInTestMode = isInTestMode;
+exports.getTestingEnvironment = getTestingEnvironment;
 exports.doesDirectoryExist = doesDirectoryExist;
 exports.listFolder = listFolder;
 exports.tryGetFolderBytes = tryGetFolderBytes;
@@ -76,6 +77,7 @@ exports.getErrorMessage = getErrorMessage;
 exports.prettyPrintPack = prettyPrintPack;
 exports.checkDiskUsage = checkDiskUsage;
 exports.checkActionVersion = checkActionVersion;
+exports.satisfiesGHESVersion = satisfiesGHESVersion;
 exports.cloneObject = cloneObject;
 exports.checkSipEnablement = checkSipEnablement;
 exports.cleanUpGlob = cleanUpGlob;
@@ -577,15 +579,27 @@ async function delay(milliseconds, opts) {
 function isGoodVersion(versionSpec) {
     return !BROKEN_VERSIONS.includes(versionSpec);
 }
-/*
- * Returns whether we are in test mode.
+/**
+ * Returns whether we are in test mode. This is used by CodeQL Action PR checks.
  *
  * In test mode, we don't upload SARIF results or status reports to the GitHub API.
  */
 function isInTestMode() {
     return process.env[environment_1.EnvVar.TEST_MODE] === "true";
 }
-/*
+/**
+ * Get the testing environment.
+ *
+ * This is set if the CodeQL Action is running in a non-production environment.
+ */
+function getTestingEnvironment() {
+    const testingEnvironment = process.env[environment_1.EnvVar.TESTING_ENVIRONMENT] || "";
+    if (testingEnvironment === "") {
+        return undefined;
+    }
+    return testingEnvironment;
+}
+/**
  * Returns whether the path in the argument represents an existing directory.
  */
 function doesDirectoryExist(dirPath) {
@@ -874,6 +888,24 @@ function checkActionVersion(version, githubVersion) {
         }
     }
 }
+/**
+ * This will check whether the given GitHub version satisfies the given range,
+ * taking into account that a range like >=3.18 will also match the GHES 3.18
+ * pre-release/RC versions.
+ *
+ * When the given `githubVersion` is not a GHES version, or if the version
+ * is invalid, this will return `defaultIfInvalid`.
+ */
+function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) {
+    const semverVersion = semver.coerce(ghesVersion);
+    if (semverVersion === null) {
+        return defaultIfInvalid;
+    }
+    // We always drop the pre-release part of the version, since anything that
+    // applies to GHES 3.18.0 should also apply to GHES 3.18.0.pre1.
+    semverVersion.prerelease = [];
+    return semver.satisfies(semverVersion, range);
+}
 /**
  * Supported build modes.
  *

lib/workflow.js

@@ -51,7 +51,6 @@ const zlib_1 = __importDefault(require("zlib"));
 const core = __importStar(require("@actions/core"));
 const yaml = __importStar(require("js-yaml"));
 const api = __importStar(require("./api-client"));
-const environment_1 = require("./environment");
 const util_1 = require("./util");
 function toCodedErrors(errors) {
     return Object.entries(errors).reduce((acc, [code, message]) => {
@@ -274,8 +273,7 @@ function getInputOrThrow(workflow, jobName, actionName, inputName, matrixVars) {
  * This allows us to test workflow parsing functionality as a CodeQL Action PR check.
  */
 function getAnalyzeActionName() {
-    if ((0, util_1.isInTestMode)() ||
-        process.env[environment_1.EnvVar.TESTING_ENVIRONMENT] === "codeql-action-pr-checks") {
+    if ((0, util_1.isInTestMode)() || (0, util_1.getTestingEnvironment)() === "codeql-action-pr-checks") {
         return "./analyze";
     }
     else {

node_modules/@actions/artifact/node_modules/@octokit/types/LICENSE

@@ -0,0 +1,7 @@
+MIT License Copyright (c) 2019 Octokit contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

node_modules/@actions/artifact/node_modules/@octokit/types/README.md

@@ -0,0 +1,65 @@
+# types.ts
+
+> Shared TypeScript definitions for Octokit projects
+
+[![@latest](https://img.shields.io/npm/v/@octokit/types.svg)](https://www.npmjs.com/package/@octokit/types)
+[![Build Status](https://github.com/octokit/types.ts/workflows/Test/badge.svg)](https://github.com/octokit/types.ts/actions?workflow=Test)
+
+<!-- toc -->
+
+- [Usage](#usage)
+- [Examples](#examples)
+  - [Get parameter and response data types for a REST API endpoint](#get-parameter-and-response-data-types-for-a-rest-api-endpoint)
+  - [Get response types from endpoint methods](#get-response-types-from-endpoint-methods)
+- [Contributing](#contributing)
+- [License](#license)
+
+<!-- tocstop -->
+
+## Usage
+
+See all exported types at https://octokit.github.io/types.ts
+
+## Examples
+
+### Get parameter and response data types for a REST API endpoint
+
+```ts
+import { Endpoints } from "@octokit/types";
+
+type listUserReposParameters =
+  Endpoints["GET /repos/{owner}/{repo}"]["parameters"];
+type listUserReposResponse = Endpoints["GET /repos/{owner}/{repo}"]["response"];
+
+async function listRepos(
+  options: listUserReposParameters,
+): listUserReposResponse["data"] {
+  // ...
+}
+```
+
+### Get response types from endpoint methods
+
+```ts
+import {
+  GetResponseTypeFromEndpointMethod,
+  GetResponseDataTypeFromEndpointMethod,
+} from "@octokit/types";
+import { Octokit } from "@octokit/rest";
+
+const octokit = new Octokit();
+type CreateLabelResponseType = GetResponseTypeFromEndpointMethod<
+  typeof octokit.issues.createLabel
+>;
+type CreateLabelResponseDataType = GetResponseDataTypeFromEndpointMethod<
+  typeof octokit.issues.createLabel
+>;
+```
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md)
+
+## License
+
+[MIT](LICENSE)

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/AuthInterface.d.ts

@@ -0,0 +1,31 @@
+import type { EndpointOptions } from "./EndpointOptions.js";
+import type { OctokitResponse } from "./OctokitResponse.js";
+import type { RequestInterface } from "./RequestInterface.js";
+import type { RequestParameters } from "./RequestParameters.js";
+import type { Route } from "./Route.js";
+/**
+ * Interface to implement complex authentication strategies for Octokit.
+ * An object Implementing the AuthInterface can directly be passed as the
+ * `auth` option in the Octokit constructor.
+ *
+ * For the official implementations of the most common authentication
+ * strategies, see https://github.com/octokit/auth.js
+ */
+export interface AuthInterface<AuthOptions extends any[], Authentication extends any> {
+    (...args: AuthOptions): Promise<Authentication>;
+    hook: {
+        /**
+         * Sends a request using the passed `request` instance
+         *
+         * @param {object} endpoint Must set `method` and `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+         */
+        <T = any>(request: RequestInterface, options: EndpointOptions): Promise<OctokitResponse<T>>;
+        /**
+         * Sends a request using the passed `request` instance
+         *
+         * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
+         * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+         */
+        <T = any>(request: RequestInterface, route: Route, parameters?: RequestParameters): Promise<OctokitResponse<T>>;
+    };
+}

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/EndpointDefaults.d.ts

@@ -0,0 +1,21 @@
+import type { RequestHeaders } from "./RequestHeaders.js";
+import type { RequestMethod } from "./RequestMethod.js";
+import type { RequestParameters } from "./RequestParameters.js";
+import type { Url } from "./Url.js";
+/**
+ * The `.endpoint()` method is guaranteed to set all keys defined by RequestParameters
+ * as well as the method property.
+ */
+export type EndpointDefaults = RequestParameters & {
+    baseUrl: Url;
+    method: RequestMethod;
+    url?: Url;
+    headers: RequestHeaders & {
+        accept: string;
+        "user-agent": string;
+    };
+    mediaType: {
+        format: string;
+        previews?: string[];
+    };
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/EndpointInterface.d.ts

@@ -0,0 +1,65 @@
+import type { EndpointDefaults } from "./EndpointDefaults.js";
+import type { RequestOptions } from "./RequestOptions.js";
+import type { RequestParameters } from "./RequestParameters.js";
+import type { Route } from "./Route.js";
+import type { Endpoints } from "./generated/Endpoints.js";
+export interface EndpointInterface<D extends object = object> {
+    /**
+     * Transforms a GitHub REST API endpoint into generic request options
+     *
+     * @param {object} endpoint Must set `url` unless it's set defaults. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+     */
+    <O extends RequestParameters = RequestParameters>(options: O & {
+        method?: string;
+    } & ("url" extends keyof D ? {
+        url?: string;
+    } : {
+        url: string;
+    })): RequestOptions & Pick<D & O, keyof RequestOptions>;
+    /**
+     * Transforms a GitHub REST API endpoint into generic request options
+     *
+     * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
+     * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+     */
+    <R extends Route, P extends RequestParameters = R extends keyof Endpoints ? Endpoints[R]["parameters"] & RequestParameters : RequestParameters>(route: keyof Endpoints | R, parameters?: P): (R extends keyof Endpoints ? Endpoints[R]["request"] : RequestOptions) & Pick<P, keyof RequestOptions>;
+    /**
+     * Object with current default route and parameters
+     */
+    DEFAULTS: D & EndpointDefaults;
+    /**
+     * Returns a new `endpoint` interface with new defaults
+     */
+    defaults: <O extends RequestParameters = RequestParameters>(newDefaults: O) => EndpointInterface<D & O>;
+    merge: {
+        /**
+         * Merges current endpoint defaults with passed route and parameters,
+         * without transforming them into request options.
+         *
+         * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
+         * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+         *
+         */
+        <R extends Route, P extends RequestParameters = R extends keyof Endpoints ? Endpoints[R]["parameters"] & RequestParameters : RequestParameters>(route: keyof Endpoints | R, parameters?: P): D & (R extends keyof Endpoints ? Endpoints[R]["request"] & Endpoints[R]["parameters"] : EndpointDefaults) & P;
+        /**
+         * Merges current endpoint defaults with passed route and parameters,
+         * without transforming them into request options.
+         *
+         * @param {object} endpoint Must set `method` and `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+         */
+        <P extends RequestParameters = RequestParameters>(options: P): EndpointDefaults & D & P;
+        /**
+         * Returns current default options.
+         *
+         * @deprecated use endpoint.DEFAULTS instead
+         */
+        (): D & EndpointDefaults;
+    };
+    /**
+     * Stateless method to turn endpoint options into request options.
+     * Calling `endpoint(options)` is the same as calling `endpoint.parse(endpoint.merge(options))`.
+     *
+     * @param {object} options `method`, `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+     */
+    parse: <O extends EndpointDefaults = EndpointDefaults>(options: O) => RequestOptions & Pick<O, keyof RequestOptions>;
+}

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/EndpointOptions.d.ts

@@ -0,0 +1,7 @@
+import type { RequestMethod } from "./RequestMethod.js";
+import type { Url } from "./Url.js";
+import type { RequestParameters } from "./RequestParameters.js";
+export type EndpointOptions = RequestParameters & {
+    method: RequestMethod;
+    url: Url;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/Fetch.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Browser's fetch method (or compatible such as fetch-mock)
+ */
+export type Fetch = any;

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/GetResponseTypeFromEndpointMethod.d.ts

@@ -0,0 +1,5 @@
+type Unwrap<T> = T extends Promise<infer U> ? U : T;
+type AnyFunction = (...args: any[]) => any;
+export type GetResponseTypeFromEndpointMethod<T extends AnyFunction> = Unwrap<ReturnType<T>>;
+export type GetResponseDataTypeFromEndpointMethod<T extends AnyFunction> = Unwrap<ReturnType<T>>["data"];
+export {};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/OctokitResponse.d.ts

@@ -0,0 +1,17 @@
+import type { ResponseHeaders } from "./ResponseHeaders.js";
+import type { Url } from "./Url.js";
+export interface OctokitResponse<T, S extends number = number> {
+    headers: ResponseHeaders;
+    /**
+     * http response code
+     */
+    status: S;
+    /**
+     * URL of response after all redirects
+     */
+    url: Url;
+    /**
+     * Response data as documented in the REST API reference documentation at https://docs.github.com/rest/reference
+     */
+    data: T;
+}

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestError.d.ts

@@ -0,0 +1,11 @@
+export type RequestError = {
+    name: string;
+    status: number;
+    documentation_url: string;
+    errors?: Array<{
+        resource: string;
+        code: string;
+        field: string;
+        message?: string;
+    }>;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestHeaders.d.ts

@@ -0,0 +1,15 @@
+export type RequestHeaders = {
+    /**
+     * Avoid setting `headers.accept`, use `mediaType.{format|previews}` option instead.
+     */
+    accept?: string;
+    /**
+     * Use `authorization` to send authenticated request, remember `token ` / `bearer ` prefixes. Example: `token 1234567890abcdef1234567890abcdef12345678`
+     */
+    authorization?: string;
+    /**
+     * `user-agent` is set do a default and can be overwritten as needed.
+     */
+    "user-agent"?: string;
+    [header: string]: string | number | undefined;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestInterface.d.ts

@@ -0,0 +1,34 @@
+import type { EndpointInterface } from "./EndpointInterface.js";
+import type { OctokitResponse } from "./OctokitResponse.js";
+import type { RequestParameters } from "./RequestParameters.js";
+import type { Route } from "./Route.js";
+import type { Endpoints } from "./generated/Endpoints.js";
+export interface RequestInterface<D extends object = object> {
+    /**
+     * Sends a request based on endpoint options
+     *
+     * @param {object} endpoint Must set `method` and `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+     */
+    <T = any, O extends RequestParameters = RequestParameters>(options: O & {
+        method?: string;
+    } & ("url" extends keyof D ? {
+        url?: string;
+    } : {
+        url: string;
+    })): Promise<OctokitResponse<T>>;
+    /**
+     * Sends a request based on endpoint options
+     *
+     * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
+     * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+     */
+    <R extends Route>(route: keyof Endpoints | R, options?: R extends keyof Endpoints ? Endpoints[R]["parameters"] & RequestParameters : RequestParameters): R extends keyof Endpoints ? Promise<Endpoints[R]["response"]> : Promise<OctokitResponse<any>>;
+    /**
+     * Returns a new `request` with updated route and parameters
+     */
+    defaults: <O extends RequestParameters = RequestParameters>(newDefaults: O) => RequestInterface<D & O>;
+    /**
+     * Octokit endpoint API, see {@link https://github.com/octokit/endpoint.js|@octokit/endpoint}
+     */
+    endpoint: EndpointInterface<D>;
+}

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestMethod.d.ts

@@ -0,0 +1,4 @@
+/**
+ * HTTP Verb supported by GitHub's REST API
+ */
+export type RequestMethod = "DELETE" | "GET" | "HEAD" | "PATCH" | "POST" | "PUT";

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestOptions.d.ts

@@ -0,0 +1,14 @@
+import type { RequestHeaders } from "./RequestHeaders.js";
+import type { RequestMethod } from "./RequestMethod.js";
+import type { RequestRequestOptions } from "./RequestRequestOptions.js";
+import type { Url } from "./Url.js";
+/**
+ * Generic request options as they are returned by the `endpoint()` method
+ */
+export type RequestOptions = {
+    method: RequestMethod;
+    url: Url;
+    headers: RequestHeaders;
+    body?: any;
+    request?: RequestRequestOptions;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestParameters.d.ts

@@ -0,0 +1,55 @@
+import type { RequestRequestOptions } from "./RequestRequestOptions.js";
+import type { RequestHeaders } from "./RequestHeaders.js";
+import type { Url } from "./Url.js";
+/**
+ * Parameters that can be passed into `request(route, parameters)` or `endpoint(route, parameters)` methods
+ */
+export type RequestParameters = {
+    /**
+     * Base URL to be used when a relative URL is passed, such as `/orgs/{org}`.
+     * If `baseUrl` is `https://enterprise.acme-inc.com/api/v3`, then the request
+     * will be sent to `https://enterprise.acme-inc.com/api/v3/orgs/{org}`.
+     */
+    baseUrl?: Url;
+    /**
+     * HTTP headers. Use lowercase keys.
+     */
+    headers?: RequestHeaders;
+    /**
+     * Media type options, see {@link https://developer.github.com/v3/media/|GitHub Developer Guide}
+     */
+    mediaType?: {
+        /**
+         * `json` by default. Can be `raw`, `text`, `html`, `full`, `diff`, `patch`, `sha`, `base64`. Depending on endpoint
+         */
+        format?: string;
+        /**
+         * Custom media type names of {@link https://docs.github.com/en/graphql/overview/schema-previews|GraphQL API Previews} without the `-preview` suffix.
+         * Example for single preview: `['squirrel-girl']`.
+         * Example for multiple previews: `['squirrel-girl', 'mister-fantastic']`.
+         */
+        previews?: string[];
+    };
+    /**
+     * The name of the operation to execute.
+     * Required only if multiple operations are present in the query document.
+     */
+    operationName?: string;
+    /**
+     * The GraphQL query string to be sent in the request.
+     * This is required and must contain a valid GraphQL document.
+     */
+    query?: string;
+    /**
+     * Pass custom meta information for the request. The `request` object will be returned as is.
+     */
+    request?: RequestRequestOptions;
+    /**
+     * Any additional parameter will be passed as follows
+     * 1. URL parameter if `':parameter'` or `{parameter}` is part of `url`
+     * 2. Query parameter if `method` is `'GET'` or `'HEAD'`
+     * 3. Request body if `parameter` is `'data'`
+     * 4. JSON in the request body in the form of `body[parameter]` unless `parameter` key is `'data'`
+     */
+    [parameter: string]: unknown;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/RequestRequestOptions.d.ts

@@ -0,0 +1,20 @@
+import type { Fetch } from "./Fetch.js";
+/**
+ * Octokit-specific request options which are ignored for the actual request, but can be used by Octokit or plugins to manipulate how the request is sent or how a response is handled
+ */
+export type RequestRequestOptions = {
+    /**
+     * Custom replacement for built-in fetch method. Useful for testing or request hooks.
+     */
+    fetch?: Fetch;
+    /**
+     * Use an `AbortController` instance to cancel a request. In node you can only cancel streamed requests.
+     */
+    signal?: AbortSignal;
+    /**
+     * If set to `false`, the response body will not be parsed and will be returned as a stream.
+     */
+    parseSuccessResponseBody?: boolean;
+    redirect?: "follow" | "error" | "manual";
+    [option: string]: any;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/ResponseHeaders.d.ts

@@ -0,0 +1,21 @@
+export type ResponseHeaders = {
+    "cache-control"?: string;
+    "content-length"?: number;
+    "content-type"?: string;
+    date?: string;
+    etag?: string;
+    "last-modified"?: string;
+    link?: string;
+    location?: string;
+    server?: string;
+    status?: string;
+    vary?: string;
+    "x-accepted-github-permissions"?: string;
+    "x-github-mediatype"?: string;
+    "x-github-request-id"?: string;
+    "x-oauth-scopes"?: string;
+    "x-ratelimit-limit"?: string;
+    "x-ratelimit-remaining"?: string;
+    "x-ratelimit-reset"?: string;
+    [header: string]: string | number | undefined;
+};

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/Route.d.ts

@@ -0,0 +1,4 @@
+/**
+ * String consisting of an optional HTTP method and relative path or absolute URL. Examples: `'/orgs/{org}'`, `'PUT /orgs/{org}'`, `GET https://example.com/foo/bar`
+ */
+export type Route = string;

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/StrategyInterface.d.ts

@@ -0,0 +1,4 @@
+import type { AuthInterface } from "./AuthInterface.js";
+export interface StrategyInterface<StrategyOptions extends any[], AuthOptions extends any[], Authentication extends object> {
+    (...args: StrategyOptions): AuthInterface<AuthOptions, Authentication>;
+}

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/Url.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Relative or absolute URL. Examples: `'/orgs/{org}'`, `https://example.com/foo/bar`
+ */
+export type Url = string;

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/VERSION.d.ts

@@ -0,0 +1 @@
+export declare const VERSION = "13.10.0";

node_modules/@actions/artifact/node_modules/@octokit/types/dist-types/index.d.ts

@@ -0,0 +1,20 @@
+export * from "./AuthInterface.js";
+export * from "./EndpointDefaults.js";
+export * from "./EndpointInterface.js";
+export * from "./EndpointOptions.js";
+export * from "./Fetch.js";
+export * from "./OctokitResponse.js";
+export * from "./RequestError.js";
+export * from "./RequestHeaders.js";
+export * from "./RequestInterface.js";
+export * from "./RequestMethod.js";
+export * from "./RequestOptions.js";
+export * from "./RequestParameters.js";
+export * from "./RequestRequestOptions.js";
+export * from "./ResponseHeaders.js";
+export * from "./Route.js";
+export * from "./StrategyInterface.js";
+export * from "./Url.js";
+export * from "./VERSION.js";
+export * from "./GetResponseTypeFromEndpointMethod.js";
+export * from "./generated/Endpoints.js";

node_modules/@actions/artifact/node_modules/@octokit/types/node_modules/@octokit/openapi-types/LICENSE

@@ -0,0 +1,7 @@
+Copyright 2020 Gregor Martynus
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

node_modules/@actions/artifact/node_modules/@octokit/types/node_modules/@octokit/openapi-types/README.md

@@ -0,0 +1,17 @@
+# @octokit/openapi-types
+
+> Generated TypeScript definitions based on GitHub's OpenAPI spec
+
+This package is continuously updated based on [GitHub's OpenAPI specification](https://github.com/github/rest-api-description/)
+
+## Usage
+
+```ts
+import { components } from "@octokit/openapi-types";
+
+type Repository = components["schemas"]["full-repository"];
+```
+
+## License
+
+[MIT](LICENSE)

node_modules/@actions/artifact/node_modules/@octokit/types/node_modules/@octokit/openapi-types/package.json

@@ -0,0 +1,21 @@
+{
+  "name": "@octokit/openapi-types",
+  "description": "Generated TypeScript definitions based on GitHub's OpenAPI spec for api.github.com",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/octokit/openapi-types.ts.git",
+    "directory": "packages/openapi-types"
+  },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "version": "24.2.0",
+  "main": "",
+  "types": "types.d.ts",
+  "author": "Gregor Martynus (https://twitter.com/gr2m)",
+  "license": "MIT",
+  "octokit": {
+    "openapi-version": "18.2.0"
+  }
+}

node_modules/@actions/artifact/node_modules/@octokit/types/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "@octokit/types",
+  "version": "13.10.0",
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "description": "Shared TypeScript definitions for Octokit projects",
+  "dependencies": {
+    "@octokit/openapi-types": "^24.2.0"
+  },
+  "repository": "github:octokit/types.ts",
+  "keywords": [
+    "github",
+    "api",
+    "sdk",
+    "toolkit",
+    "typescript"
+  ],
+  "author": "Gregor Martynus (https://twitter.com/gr2m)",
+  "license": "MIT",
+  "devDependencies": {
+    "@octokit/tsconfig": "^4.0.0",
+    "github-openapi-graphql-query": "^4.5.0",
+    "handlebars": "^4.7.6",
+    "npm-run-all2": "^7.0.0",
+    "prettier": "^3.0.0",
+    "semantic-release": "^24.0.0",
+    "semantic-release-plugin-update-version-in-files": "^2.0.0",
+    "sort-keys": "^5.0.0",
+    "typedoc": "^0.26.0",
+    "typescript": "^5.0.0"
+  },
+  "octokit": {
+    "openapi-version": "18.2.0"
+  },
+  "files": [
+    "dist-types/**"
+  ],
+  "types": "dist-types/index.d.ts",
+  "sideEffects": false
+}

node_modules/@asamuzakjp/css-color/dist/cjs/index.cjs

@@ -4688,9 +4688,12 @@ var sortCalcValues = (values = [], finalize = false) => {
         operator = "";
       }
     }
-    resolvedValue = finalizedValues.join(" ");
+    resolvedValue = finalizedValues.join(" ").replace(/\+\s-/g, "- ");
   } else {
-    resolvedValue = sortedValues.join(" ");
+    resolvedValue = sortedValues.join(" ").replace(/\+\s-/g, "- ");
+  }
+  if (resolvedValue.startsWith("(") && resolvedValue.endsWith(")") && resolvedValue.lastIndexOf("(") === 0 && resolvedValue.indexOf(")") === resolvedValue.length - 1) {
+    resolvedValue = resolvedValue.replace(/^\(/, "").replace(/\)$/, "");
   }
   return `${start}${resolvedValue}${end}`;
 };
@@ -4889,6 +4892,9 @@ var cssCalc = (value, opt = {}) => {
       resolvedValue = `calc(${resolvedValue})`;
     }
   }
+  if (format === VAL_SPEC && /\s[-+*/]\s/.test(resolvedValue) && !resolvedValue.includes("NaN")) {
+    resolvedValue = serializeCalc(resolvedValue, opt);
+  }
   setCache(cacheKey, resolvedValue);
   return resolvedValue;
 };

node_modules/@asamuzakjp/css-color/dist/esm/js/css-calc.js

@@ -633,9 +633,12 @@ const sortCalcValues = (values = [], finalize = false) => {
         operator = "";
       }
     }
-    resolvedValue = finalizedValues.join(" ");
+    resolvedValue = finalizedValues.join(" ").replace(/\+\s-/g, "- ");
   } else {
-    resolvedValue = sortedValues.join(" ");
+    resolvedValue = sortedValues.join(" ").replace(/\+\s-/g, "- ");
+  }
+  if (resolvedValue.startsWith("(") && resolvedValue.endsWith(")") && resolvedValue.lastIndexOf("(") === 0 && resolvedValue.indexOf(")") === resolvedValue.length - 1) {
+    resolvedValue = resolvedValue.replace(/^\(/, "").replace(/\)$/, "");
   }
   return `${start}${resolvedValue}${end}`;
 };
@@ -834,6 +837,9 @@ const cssCalc = (value, opt = {}) => {
       resolvedValue = `calc(${resolvedValue})`;
     }
   }
+  if (format === VAL_SPEC && /\s[-+*/]\s/.test(resolvedValue) && !resolvedValue.includes("NaN")) {
+    resolvedValue = serializeCalc(resolvedValue, opt);
+  }
   setCache(cacheKey, resolvedValue);
   return resolvedValue;
 };

node_modules/@asamuzakjp/css-color/package.json

@@ -32,31 +32,30 @@
     },
     "./package.json": "./package.json"
   },
-  "packageManager": "pnpm@10.6.1",
+  "packageManager": "pnpm@10.6.3",
   "dependencies": {
-    "@csstools/css-calc": "^2.1.2",
-    "@csstools/css-color-parser": "^3.0.8",
+    "@csstools/css-calc": "^2.1.3",
+    "@csstools/css-color-parser": "^3.0.9",
     "@csstools/css-parser-algorithms": "^3.0.4",
     "@csstools/css-tokenizer": "^3.0.3",
     "lru-cache": "^10.4.3"
   },
   "devDependencies": {
-    "@tanstack/vite-config": "^0.1.0",
-    "@vitest/coverage-istanbul": "^3.0.8",
-    "esbuild": "^0.25.0",
-    "eslint": "^9.22.0",
-    "eslint-plugin-import-x": "^4.6.1",
+    "@tanstack/vite-config": "^0.2.0",
+    "@vitest/coverage-istanbul": "^3.1.1",
+    "esbuild": "^0.25.2",
+    "eslint": "^9.25.0",
     "eslint-plugin-regexp": "^2.7.0",
     "globals": "^16.0.0",
-    "knip": "^5.45.0",
+    "knip": "^5.50.5",
     "neostandard": "^0.12.1",
     "prettier": "^3.5.3",
-    "publint": "^0.3.8",
+    "publint": "^0.3.12",
     "rimraf": "^6.0.1",
     "tsup": "^8.4.0",
-    "typescript": "^5.8.2",
-    "vite": "^6.2.1",
-    "vitest": "^3.0.8"
+    "typescript": "^5.8.3",
+    "vite": "^6.3.2",
+    "vitest": "^3.1.1"
   },
   "scripts": {
     "build": "pnpm run clean && pnpm run test && pnpm run knip && pnpm run build:prod && pnpm run build:cjs && pnpm run build:browser && pnpm run publint",
@@ -72,5 +71,5 @@
     "test:types": "tsc",
     "test:unit": "vitest"
   },
-  "version": "3.1.1"
+  "version": "3.1.3"
 }

node_modules/@asamuzakjp/css-color/src/js/css-calc.ts

@@ -694,9 +694,17 @@ export const sortCalcValues = (
         operator = '';
       }
     }
-    resolvedValue = finalizedValues.join(' ');
+    resolvedValue = finalizedValues.join(' ').replace(/\+\s-/g, '- ');
   } else {
-    resolvedValue = sortedValues.join(' ');
+    resolvedValue = sortedValues.join(' ').replace(/\+\s-/g, '- ');
+  }
+  if (
+    resolvedValue.startsWith('(') &&
+    resolvedValue.endsWith(')') &&
+    resolvedValue.lastIndexOf('(') === 0 &&
+    resolvedValue.indexOf(')') === resolvedValue.length - 1
+  ) {
+    resolvedValue = resolvedValue.replace(/^\(/, '').replace(/\)$/, '');
   }
   return `${start}${resolvedValue}${end}`;
 };
@@ -943,6 +951,13 @@ export const cssCalc = (value: string, opt: Options = {}): string => {
       resolvedValue = `calc(${resolvedValue})`;
     }
   }
+  if (
+    format === VAL_SPEC &&
+    /\s[-+*/]\s/.test(resolvedValue) &&
+    !resolvedValue.includes('NaN')
+  ) {
+    resolvedValue = serializeCalc(resolvedValue, opt);
+  }
   setCache(cacheKey, resolvedValue);
   return resolvedValue;
 };

node_modules/@csstools/css-calc/CHANGELOG.md

@@ -1,9 +1,10 @@
 # Changes to CSS Calc
 
-### 2.1.2
+### 2.1.3
 
-_February 23, 2025_
+_April 19, 2025_
 
-- Update `random()` to correctly handle extremely large ranges or extremely tiny steps.
+- Update `random()` to better handle floating point errors.
+- Update `random()` to match the latest [specification](https://drafts.csswg.org/css-values-5/#randomness)
 
 [Full CHANGELOG](https://github.com/csstools/postcss-plugins/tree/main/packages/css-calc/CHANGELOG.md)

node_modules/@csstools/css-calc/README.md

@@ -1,7 +1,7 @@
 # CSS Calc <img src="https://cssdb.org/images/css.svg" alt="for CSS" width="90" height="90" align="right">
 
 [<img alt="npm version" src="https://img.shields.io/npm/v/@csstools/css-calc.svg" height="20">][npm-url]
-[<img alt="Build Status" src="https://github.com/csstools/postcss-plugins/workflows/test/badge.svg" height="20">][cli-url]
+[<img alt="Build Status" src="https://github.com/csstools/postcss-plugins/actions/workflows/test.yml/badge.svg?branch=main" height="20">][cli-url]
 [<img alt="Discord" src="https://shields.io/badge/Discord-5865F2?logo=discord&logoColor=white">][discord]
 
 Implemented from : https://drafts.csswg.org/css-values-4/ on 2023-02-17

node_modules/@csstools/css-calc/dist/index.d.ts

@@ -40,9 +40,28 @@ export declare type conversionOptions = {
      */
     rawPercentages?: boolean;
     /**
-     * Seed the pseudo random number generator used in `random()`
+     * The values used to generate random value cache keys.
      */
-    randomSeed?: number;
+    randomCaching?: {
+        /**
+         * The name of the property the random function is used in.
+         */
+        propertyName: string;
+        /**
+         * N is the index of the random function among other random functions in the same property value.
+         */
+        propertyN: number;
+        /**
+         * An element ID identifying the element the style is being applied to.
+         * When omitted any `random()` call will not be computed.
+         */
+        elementID: string;
+        /**
+         * A document ID identifying the Document the styles are from.
+         * When omitted any `random()` call will not be computed.
+         */
+        documentID: string;
+    };
 };
 
 export declare type GlobalsWithStrings = Map<string, TokenDimension | TokenNumber | TokenPercentage | string>;

node_modules/@csstools/css-calc/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@csstools/css-calc",
   "description": "Solve CSS math expressions",
-  "version": "2.1.2",
+  "version": "2.1.3",
   "contributors": [
     {
       "name": "Antonio Laguna",

node_modules/@csstools/css-color-parser/CHANGELOG.md

@@ -1,11 +1,10 @@
 # Changes to CSS Color Parser
 
-### 3.0.8
+### 3.0.9
 
-_February 23, 2025_
+_April 19, 2025_
 
-- Use `Number.isNaN` instead of `NaN` for consistency.
-- Updated [`@csstools/color-helpers`](https://github.com/csstools/postcss-plugins/tree/main/packages/color-helpers) to [`5.0.2`](https://github.com/csstools/postcss-plugins/tree/main/packages/color-helpers/CHANGELOG.md#502) (patch)
-- Updated [`@csstools/css-calc`](https://github.com/csstools/postcss-plugins/tree/main/packages/css-calc) to [`2.1.2`](https://github.com/csstools/postcss-plugins/tree/main/packages/css-calc/CHANGELOG.md#212) (patch)
+- Drop the `max` keyword for `contrast-color( <color> )`
+- Updated [`@csstools/css-calc`](https://github.com/csstools/postcss-plugins/tree/main/packages/css-calc) to [`2.1.3`](https://github.com/csstools/postcss-plugins/tree/main/packages/css-calc/CHANGELOG.md#213) (patch)
 
 [Full CHANGELOG](https://github.com/csstools/postcss-plugins/tree/main/packages/css-color-parser/CHANGELOG.md)

node_modules/@csstools/css-color-parser/README.md

@@ -1,7 +1,7 @@
 # CSS Color Parser <img src="https://cssdb.org/images/css.svg" alt="for CSS" width="90" height="90" align="right">
 
 [<img alt="npm version" src="https://img.shields.io/npm/v/@csstools/css-color-parser.svg" height="20">][npm-url]
-[<img alt="Build Status" src="https://github.com/csstools/postcss-plugins/workflows/test/badge.svg" height="20">][cli-url]
+[<img alt="Build Status" src="https://github.com/csstools/postcss-plugins/actions/workflows/test.yml/badge.svg?branch=main" height="20">][cli-url]
 [<img alt="Discord" src="https://shields.io/badge/Discord-5865F2?logo=discord&logoColor=white">][discord]
 
 ## Usage

node_modules/@csstools/css-color-parser/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@csstools/css-color-parser",
   "description": "Parse CSS color values",
-  "version": "3.0.8",
+  "version": "3.0.9",
   "contributors": [
     {
       "name": "Antonio Laguna",
@@ -49,7 +49,7 @@
   ],
   "dependencies": {
     "@csstools/color-helpers": "^5.0.2",
-    "@csstools/css-calc": "^2.1.2"
+    "@csstools/css-calc": "^2.1.3"
   },
   "peerDependencies": {
     "@csstools/css-parser-algorithms": "^3.0.4",

node_modules/@eslint-community/eslint-utils/README.md

@@ -30,8 +30,8 @@ Please use GitHub's Issues/PRs.
 
 ### Development Tools
 
--   `npm test` runs tests and measures coverage.
--   `npm run clean` removes the coverage result of `npm test` command.
--   `npm run coverage` shows the coverage result of the last `npm test` command.
+-   `npm run test-coverage` runs tests and measures coverage.
+-   `npm run clean` removes the coverage result of `npm run test-coverage` command.
+-   `npm run coverage` shows the coverage result of the last `npm run test-coverage` command.
 -   `npm run lint` runs ESLint.
 -   `npm run watch` runs tests on each file change.

node_modules/@eslint-community/eslint-utils/index.d.mts

@@ -0,0 +1,217 @@
+import * as eslint from 'eslint';
+import { Rule, AST } from 'eslint';
+import * as estree from 'estree';
+
+declare const READ: unique symbol;
+declare const CALL: unique symbol;
+declare const CONSTRUCT: unique symbol;
+declare const ESM: unique symbol;
+declare class ReferenceTracker {
+    constructor(globalScope: Scope$2, options?: {
+        mode?: "legacy" | "strict" | undefined;
+        globalObjectNames?: string[] | undefined;
+    } | undefined);
+    private variableStack;
+    private globalScope;
+    private mode;
+    private globalObjectNames;
+    iterateGlobalReferences<T>(traceMap: TraceMap$2<T>): IterableIterator<TrackedReferences$2<T>>;
+    iterateCjsReferences<T_1>(traceMap: TraceMap$2<T_1>): IterableIterator<TrackedReferences$2<T_1>>;
+    iterateEsmReferences<T_2>(traceMap: TraceMap$2<T_2>): IterableIterator<TrackedReferences$2<T_2>>;
+    iteratePropertyReferences<T_3>(node: Expression, traceMap: TraceMap$2<T_3>): IterableIterator<TrackedReferences$2<T_3>>;
+    private _iterateVariableReferences;
+    private _iteratePropertyReferences;
+    private _iterateLhsReferences;
+    private _iterateImportReferences;
+}
+declare namespace ReferenceTracker {
+    export { READ };
+    export { CALL };
+    export { CONSTRUCT };
+    export { ESM };
+}
+type Scope$2 = eslint.Scope.Scope;
+type Expression = estree.Expression;
+type TraceMap$2<T> = TraceMap$1<T>;
+type TrackedReferences$2<T> = TrackedReferences$1<T>;
+
+type StaticValue$2 = StaticValueProvided$1 | StaticValueOptional$1;
+type StaticValueProvided$1 = {
+    optional?: undefined;
+    value: unknown;
+};
+type StaticValueOptional$1 = {
+    optional?: true;
+    value: undefined;
+};
+type ReferenceTrackerOptions$1 = {
+    globalObjectNames?: string[];
+    mode?: "legacy" | "strict";
+};
+type TraceMap$1<T = unknown> = {
+    [i: string]: TraceMapObject<T>;
+};
+type TraceMapObject<T> = {
+    [i: string]: TraceMapObject<T>;
+    [CALL]?: T;
+    [CONSTRUCT]?: T;
+    [READ]?: T;
+    [ESM]?: boolean;
+};
+type TrackedReferences$1<T> = {
+    info: T;
+    node: Rule.Node;
+    path: string[];
+    type: typeof CALL | typeof CONSTRUCT | typeof READ;
+};
+type HasSideEffectOptions$1 = {
+    considerGetters?: boolean;
+    considerImplicitTypeConversion?: boolean;
+};
+type PunctuatorToken<Value extends string> = AST.Token & {
+    type: "Punctuator";
+    value: Value;
+};
+type ArrowToken$1 = PunctuatorToken<"=>">;
+type CommaToken$1 = PunctuatorToken<",">;
+type SemicolonToken$1 = PunctuatorToken<";">;
+type ColonToken$1 = PunctuatorToken<":">;
+type OpeningParenToken$1 = PunctuatorToken<"(">;
+type ClosingParenToken$1 = PunctuatorToken<")">;
+type OpeningBracketToken$1 = PunctuatorToken<"[">;
+type ClosingBracketToken$1 = PunctuatorToken<"]">;
+type OpeningBraceToken$1 = PunctuatorToken<"{">;
+type ClosingBraceToken$1 = PunctuatorToken<"}">;
+
+declare function findVariable(initialScope: Scope$1, nameOrNode: string | Identifier): Variable | null;
+type Scope$1 = eslint.Scope.Scope;
+type Variable = eslint.Scope.Variable;
+type Identifier = estree.Identifier;
+
+declare function getFunctionHeadLocation(node: FunctionNode$1, sourceCode: SourceCode$2): SourceLocation | null;
+type SourceCode$2 = eslint.SourceCode;
+type FunctionNode$1 = estree.Function;
+type SourceLocation = estree.SourceLocation;
+
+declare function getFunctionNameWithKind(node: FunctionNode, sourceCode?: eslint.SourceCode | undefined): string;
+type FunctionNode = estree.Function;
+
+declare function getInnermostScope(initialScope: Scope, node: Node$4): Scope;
+type Scope = eslint.Scope.Scope;
+type Node$4 = estree.Node;
+
+declare function getPropertyName(node: MemberExpression | MethodDefinition | Property | PropertyDefinition, initialScope?: eslint.Scope.Scope | undefined): string | null | undefined;
+type MemberExpression = estree.MemberExpression;
+type MethodDefinition = estree.MethodDefinition;
+type Property = estree.Property;
+type PropertyDefinition = estree.PropertyDefinition;
+
+declare function getStaticValue(node: Node$3, initialScope?: eslint.Scope.Scope | null | undefined): StaticValue$1 | null;
+type StaticValue$1 = StaticValue$2;
+type Node$3 = estree.Node;
+
+declare function getStringIfConstant(node: Node$2, initialScope?: eslint.Scope.Scope | null | undefined): string | null;
+type Node$2 = estree.Node;
+
+declare function hasSideEffect(node: Node$1, sourceCode: SourceCode$1, options?: HasSideEffectOptions$1 | undefined): boolean;
+type Node$1 = estree.Node;
+type SourceCode$1 = eslint.SourceCode;
+
+declare function isArrowToken(token: CommentOrToken): token is ArrowToken$1;
+declare function isCommaToken(token: CommentOrToken): token is CommaToken$1;
+declare function isSemicolonToken(token: CommentOrToken): token is SemicolonToken$1;
+declare function isColonToken(token: CommentOrToken): token is ColonToken$1;
+declare function isOpeningParenToken(token: CommentOrToken): token is OpeningParenToken$1;
+declare function isClosingParenToken(token: CommentOrToken): token is ClosingParenToken$1;
+declare function isOpeningBracketToken(token: CommentOrToken): token is OpeningBracketToken$1;
+declare function isClosingBracketToken(token: CommentOrToken): token is ClosingBracketToken$1;
+declare function isOpeningBraceToken(token: CommentOrToken): token is OpeningBraceToken$1;
+declare function isClosingBraceToken(token: CommentOrToken): token is ClosingBraceToken$1;
+declare function isCommentToken(token: CommentOrToken): token is estree.Comment;
+declare function isNotArrowToken(arg0: CommentOrToken): boolean;
+declare function isNotCommaToken(arg0: CommentOrToken): boolean;
+declare function isNotSemicolonToken(arg0: CommentOrToken): boolean;
+declare function isNotColonToken(arg0: CommentOrToken): boolean;
+declare function isNotOpeningParenToken(arg0: CommentOrToken): boolean;
+declare function isNotClosingParenToken(arg0: CommentOrToken): boolean;
+declare function isNotOpeningBracketToken(arg0: CommentOrToken): boolean;
+declare function isNotClosingBracketToken(arg0: CommentOrToken): boolean;
+declare function isNotOpeningBraceToken(arg0: CommentOrToken): boolean;
+declare function isNotClosingBraceToken(arg0: CommentOrToken): boolean;
+declare function isNotCommentToken(arg0: CommentOrToken): boolean;
+type Token = eslint.AST.Token;
+type Comment = estree.Comment;
+type CommentOrToken = Comment | Token;
+
+declare function isParenthesized(timesOrNode: Node | number, nodeOrSourceCode: Node | SourceCode, optionalSourceCode?: eslint.SourceCode | undefined): boolean;
+type Node = estree.Node;
+type SourceCode = eslint.SourceCode;
+
+declare class PatternMatcher {
+    constructor(pattern: RegExp, options?: {
+        escaped?: boolean | undefined;
+    } | undefined);
+    execAll(str: string): IterableIterator<RegExpExecArray>;
+    test(str: string): boolean;
+    [Symbol.replace](str: string, replacer: string | ((...strs: string[]) => string)): string;
+}
+
+declare namespace _default {
+    export { CALL };
+    export { CONSTRUCT };
+    export { ESM };
+    export { findVariable };
+    export { getFunctionHeadLocation };
+    export { getFunctionNameWithKind };
+    export { getInnermostScope };
+    export { getPropertyName };
+    export { getStaticValue };
+    export { getStringIfConstant };
+    export { hasSideEffect };
+    export { isArrowToken };
+    export { isClosingBraceToken };
+    export { isClosingBracketToken };
+    export { isClosingParenToken };
+    export { isColonToken };
+    export { isCommaToken };
+    export { isCommentToken };
+    export { isNotArrowToken };
+    export { isNotClosingBraceToken };
+    export { isNotClosingBracketToken };
+    export { isNotClosingParenToken };
+    export { isNotColonToken };
+    export { isNotCommaToken };
+    export { isNotCommentToken };
+    export { isNotOpeningBraceToken };
+    export { isNotOpeningBracketToken };
+    export { isNotOpeningParenToken };
+    export { isNotSemicolonToken };
+    export { isOpeningBraceToken };
+    export { isOpeningBracketToken };
+    export { isOpeningParenToken };
+    export { isParenthesized };
+    export { isSemicolonToken };
+    export { PatternMatcher };
+    export { READ };
+    export { ReferenceTracker };
+}
+
+type StaticValue = StaticValue$2;
+type StaticValueOptional = StaticValueOptional$1;
+type StaticValueProvided = StaticValueProvided$1;
+type ReferenceTrackerOptions = ReferenceTrackerOptions$1;
+type TraceMap<T> = TraceMap$1<T>;
+type TrackedReferences<T> = TrackedReferences$1<T>;
+type HasSideEffectOptions = HasSideEffectOptions$1;
+type ArrowToken = ArrowToken$1;
+type CommaToken = CommaToken$1;
+type SemicolonToken = SemicolonToken$1;
+type ColonToken = ColonToken$1;
+type OpeningParenToken = OpeningParenToken$1;
+type ClosingParenToken = ClosingParenToken$1;
+type OpeningBracketToken = OpeningBracketToken$1;
+type ClosingBracketToken = ClosingBracketToken$1;
+type OpeningBraceToken = OpeningBraceToken$1;
+type ClosingBraceToken = ClosingBraceToken$1;
+
+export { ArrowToken, CALL, CONSTRUCT, ClosingBraceToken, ClosingBracketToken, ClosingParenToken, ColonToken, CommaToken, ESM, HasSideEffectOptions, OpeningBraceToken, OpeningBracketToken, OpeningParenToken, PatternMatcher, READ, ReferenceTracker, ReferenceTrackerOptions, SemicolonToken, StaticValue, StaticValueOptional, StaticValueProvided, TraceMap, TrackedReferences, _default as default, findVariable, getFunctionHeadLocation, getFunctionNameWithKind, getInnermostScope, getPropertyName, getStaticValue, getStringIfConstant, hasSideEffect, isArrowToken, isClosingBraceToken, isClosingBracketToken, isClosingParenToken, isColonToken, isCommaToken, isCommentToken, isNotArrowToken, isNotClosingBraceToken, isNotClosingBracketToken, isNotClosingParenToken, isNotColonToken, isNotCommaToken, isNotCommentToken, isNotOpeningBraceToken, isNotOpeningBracketToken, isNotOpeningParenToken, isNotSemicolonToken, isOpeningBraceToken, isOpeningBracketToken, isOpeningParenToken, isParenthesized, isSemicolonToken };

node_modules/@eslint-community/eslint-utils/index.d.ts

@@ -0,0 +1,217 @@
+import * as eslint from 'eslint';
+import { Rule, AST } from 'eslint';
+import * as estree from 'estree';
+
+declare const READ: unique symbol;
+declare const CALL: unique symbol;
+declare const CONSTRUCT: unique symbol;
+declare const ESM: unique symbol;
+declare class ReferenceTracker {
+    constructor(globalScope: Scope$2, options?: {
+        mode?: "legacy" | "strict" | undefined;
+        globalObjectNames?: string[] | undefined;
+    } | undefined);
+    private variableStack;
+    private globalScope;
+    private mode;
+    private globalObjectNames;
+    iterateGlobalReferences<T>(traceMap: TraceMap$2<T>): IterableIterator<TrackedReferences$2<T>>;
+    iterateCjsReferences<T_1>(traceMap: TraceMap$2<T_1>): IterableIterator<TrackedReferences$2<T_1>>;
+    iterateEsmReferences<T_2>(traceMap: TraceMap$2<T_2>): IterableIterator<TrackedReferences$2<T_2>>;
+    iteratePropertyReferences<T_3>(node: Expression, traceMap: TraceMap$2<T_3>): IterableIterator<TrackedReferences$2<T_3>>;
+    private _iterateVariableReferences;
+    private _iteratePropertyReferences;
+    private _iterateLhsReferences;
+    private _iterateImportReferences;
+}
+declare namespace ReferenceTracker {
+    export { READ };
+    export { CALL };
+    export { CONSTRUCT };
+    export { ESM };
+}
+type Scope$2 = eslint.Scope.Scope;
+type Expression = estree.Expression;
+type TraceMap$2<T> = TraceMap$1<T>;
+type TrackedReferences$2<T> = TrackedReferences$1<T>;
+
+type StaticValue$2 = StaticValueProvided$1 | StaticValueOptional$1;
+type StaticValueProvided$1 = {
+    optional?: undefined;
+    value: unknown;
+};
+type StaticValueOptional$1 = {
+    optional?: true;
+    value: undefined;
+};
+type ReferenceTrackerOptions$1 = {
+    globalObjectNames?: string[];
+    mode?: "legacy" | "strict";
+};
+type TraceMap$1<T = unknown> = {
+    [i: string]: TraceMapObject<T>;
+};
+type TraceMapObject<T> = {
+    [i: string]: TraceMapObject<T>;
+    [CALL]?: T;
+    [CONSTRUCT]?: T;
+    [READ]?: T;
+    [ESM]?: boolean;
+};
+type TrackedReferences$1<T> = {
+    info: T;
+    node: Rule.Node;
+    path: string[];
+    type: typeof CALL | typeof CONSTRUCT | typeof READ;
+};
+type HasSideEffectOptions$1 = {
+    considerGetters?: boolean;
+    considerImplicitTypeConversion?: boolean;
+};
+type PunctuatorToken<Value extends string> = AST.Token & {
+    type: "Punctuator";
+    value: Value;
+};
+type ArrowToken$1 = PunctuatorToken<"=>">;
+type CommaToken$1 = PunctuatorToken<",">;
+type SemicolonToken$1 = PunctuatorToken<";">;
+type ColonToken$1 = PunctuatorToken<":">;
+type OpeningParenToken$1 = PunctuatorToken<"(">;
+type ClosingParenToken$1 = PunctuatorToken<")">;
+type OpeningBracketToken$1 = PunctuatorToken<"[">;
+type ClosingBracketToken$1 = PunctuatorToken<"]">;
+type OpeningBraceToken$1 = PunctuatorToken<"{">;
+type ClosingBraceToken$1 = PunctuatorToken<"}">;
+
+declare function findVariable(initialScope: Scope$1, nameOrNode: string | Identifier): Variable | null;
+type Scope$1 = eslint.Scope.Scope;
+type Variable = eslint.Scope.Variable;
+type Identifier = estree.Identifier;
+
+declare function getFunctionHeadLocation(node: FunctionNode$1, sourceCode: SourceCode$2): SourceLocation | null;
+type SourceCode$2 = eslint.SourceCode;
+type FunctionNode$1 = estree.Function;
+type SourceLocation = estree.SourceLocation;
+
+declare function getFunctionNameWithKind(node: FunctionNode, sourceCode?: eslint.SourceCode | undefined): string;
+type FunctionNode = estree.Function;
+
+declare function getInnermostScope(initialScope: Scope, node: Node$4): Scope;
+type Scope = eslint.Scope.Scope;
+type Node$4 = estree.Node;
+
+declare function getPropertyName(node: MemberExpression | MethodDefinition | Property | PropertyDefinition, initialScope?: eslint.Scope.Scope | undefined): string | null | undefined;
+type MemberExpression = estree.MemberExpression;
+type MethodDefinition = estree.MethodDefinition;
+type Property = estree.Property;
+type PropertyDefinition = estree.PropertyDefinition;
+
+declare function getStaticValue(node: Node$3, initialScope?: eslint.Scope.Scope | null | undefined): StaticValue$1 | null;
+type StaticValue$1 = StaticValue$2;
+type Node$3 = estree.Node;
+
+declare function getStringIfConstant(node: Node$2, initialScope?: eslint.Scope.Scope | null | undefined): string | null;
+type Node$2 = estree.Node;
+
+declare function hasSideEffect(node: Node$1, sourceCode: SourceCode$1, options?: HasSideEffectOptions$1 | undefined): boolean;
+type Node$1 = estree.Node;
+type SourceCode$1 = eslint.SourceCode;
+
+declare function isArrowToken(token: CommentOrToken): token is ArrowToken$1;
+declare function isCommaToken(token: CommentOrToken): token is CommaToken$1;
+declare function isSemicolonToken(token: CommentOrToken): token is SemicolonToken$1;
+declare function isColonToken(token: CommentOrToken): token is ColonToken$1;
+declare function isOpeningParenToken(token: CommentOrToken): token is OpeningParenToken$1;
+declare function isClosingParenToken(token: CommentOrToken): token is ClosingParenToken$1;
+declare function isOpeningBracketToken(token: CommentOrToken): token is OpeningBracketToken$1;
+declare function isClosingBracketToken(token: CommentOrToken): token is ClosingBracketToken$1;
+declare function isOpeningBraceToken(token: CommentOrToken): token is OpeningBraceToken$1;
+declare function isClosingBraceToken(token: CommentOrToken): token is ClosingBraceToken$1;
+declare function isCommentToken(token: CommentOrToken): token is estree.Comment;
+declare function isNotArrowToken(arg0: CommentOrToken): boolean;
+declare function isNotCommaToken(arg0: CommentOrToken): boolean;
+declare function isNotSemicolonToken(arg0: CommentOrToken): boolean;
+declare function isNotColonToken(arg0: CommentOrToken): boolean;
+declare function isNotOpeningParenToken(arg0: CommentOrToken): boolean;
+declare function isNotClosingParenToken(arg0: CommentOrToken): boolean;
+declare function isNotOpeningBracketToken(arg0: CommentOrToken): boolean;
+declare function isNotClosingBracketToken(arg0: CommentOrToken): boolean;
+declare function isNotOpeningBraceToken(arg0: CommentOrToken): boolean;
+declare function isNotClosingBraceToken(arg0: CommentOrToken): boolean;
+declare function isNotCommentToken(arg0: CommentOrToken): boolean;
+type Token = eslint.AST.Token;
+type Comment = estree.Comment;
+type CommentOrToken = Comment | Token;
+
+declare function isParenthesized(timesOrNode: Node | number, nodeOrSourceCode: Node | SourceCode, optionalSourceCode?: eslint.SourceCode | undefined): boolean;
+type Node = estree.Node;
+type SourceCode = eslint.SourceCode;
+
+declare class PatternMatcher {
+    constructor(pattern: RegExp, options?: {
+        escaped?: boolean | undefined;
+    } | undefined);
+    execAll(str: string): IterableIterator<RegExpExecArray>;
+    test(str: string): boolean;
+    [Symbol.replace](str: string, replacer: string | ((...strs: string[]) => string)): string;
+}
+
+declare namespace _default {
+    export { CALL };
+    export { CONSTRUCT };
+    export { ESM };
+    export { findVariable };
+    export { getFunctionHeadLocation };
+    export { getFunctionNameWithKind };
+    export { getInnermostScope };
+    export { getPropertyName };
+    export { getStaticValue };
+    export { getStringIfConstant };
+    export { hasSideEffect };
+    export { isArrowToken };
+    export { isClosingBraceToken };
+    export { isClosingBracketToken };
+    export { isClosingParenToken };
+    export { isColonToken };
+    export { isCommaToken };
+    export { isCommentToken };
+    export { isNotArrowToken };
+    export { isNotClosingBraceToken };
+    export { isNotClosingBracketToken };
+    export { isNotClosingParenToken };
+    export { isNotColonToken };
+    export { isNotCommaToken };
+    export { isNotCommentToken };
+    export { isNotOpeningBraceToken };
+    export { isNotOpeningBracketToken };
+    export { isNotOpeningParenToken };
+    export { isNotSemicolonToken };
+    export { isOpeningBraceToken };
+    export { isOpeningBracketToken };
+    export { isOpeningParenToken };
+    export { isParenthesized };
+    export { isSemicolonToken };
+    export { PatternMatcher };
+    export { READ };
+    export { ReferenceTracker };
+}
+
+type StaticValue = StaticValue$2;
+type StaticValueOptional = StaticValueOptional$1;
+type StaticValueProvided = StaticValueProvided$1;
+type ReferenceTrackerOptions = ReferenceTrackerOptions$1;
+type TraceMap<T> = TraceMap$1<T>;
+type TrackedReferences<T> = TrackedReferences$1<T>;
+type HasSideEffectOptions = HasSideEffectOptions$1;
+type ArrowToken = ArrowToken$1;
+type CommaToken = CommaToken$1;
+type SemicolonToken = SemicolonToken$1;
+type ColonToken = ColonToken$1;
+type OpeningParenToken = OpeningParenToken$1;
+type ClosingParenToken = ClosingParenToken$1;
+type OpeningBracketToken = OpeningBracketToken$1;
+type ClosingBracketToken = ClosingBracketToken$1;
+type OpeningBraceToken = OpeningBraceToken$1;
+type ClosingBraceToken = ClosingBraceToken$1;
+
+export { ArrowToken, CALL, CONSTRUCT, ClosingBraceToken, ClosingBracketToken, ClosingParenToken, ColonToken, CommaToken, ESM, HasSideEffectOptions, OpeningBraceToken, OpeningBracketToken, OpeningParenToken, PatternMatcher, READ, ReferenceTracker, ReferenceTrackerOptions, SemicolonToken, StaticValue, StaticValueOptional, StaticValueProvided, TraceMap, TrackedReferences, _default as default, findVariable, getFunctionHeadLocation, getFunctionNameWithKind, getInnermostScope, getPropertyName, getStaticValue, getStringIfConstant, hasSideEffect, isArrowToken, isClosingBraceToken, isClosingBracketToken, isClosingParenToken, isColonToken, isCommaToken, isCommentToken, isNotArrowToken, isNotClosingBraceToken, isNotClosingBracketToken, isNotClosingParenToken, isNotColonToken, isNotCommaToken, isNotCommentToken, isNotOpeningBraceToken, isNotOpeningBracketToken, isNotOpeningParenToken, isNotSemicolonToken, isOpeningBraceToken, isOpeningBracketToken, isOpeningParenToken, isParenthesized, isSemicolonToken };

node_modules/@eslint-community/eslint-utils/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eslint-community/eslint-utils",
-  "version": "4.4.0",
+  "version": "4.7.0",
   "description": "Utilities for ESLint plugins.",
   "keywords": [
     "eslint"
@@ -30,38 +30,53 @@
   ],
   "scripts": {
     "prebuild": "npm run -s clean",
-    "build": "rollup -c",
-    "clean": "rimraf .nyc_output coverage index.*",
+    "build": "npm run build:dts && npm run build:rollup",
+    "build:dts": "tsc -p tsconfig.build.json",
+    "build:rollup": "rollup -c",
+    "clean": "rimraf .nyc_output coverage index.* dist",
     "coverage": "opener ./coverage/lcov-report/index.html",
     "docs:build": "vitepress build docs",
     "docs:watch": "vitepress dev docs",
     "format": "npm run -s format:prettier -- --write",
     "format:prettier": "prettier .",
     "format:check": "npm run -s format:prettier -- --check",
-    "lint": "eslint .",
-    "test": "c8 mocha --reporter dot \"test/*.mjs\"",
-    "preversion": "npm test && npm run -s build",
+    "lint:eslint": "eslint .",
+    "lint:format": "npm run -s format:check",
+    "lint:installed-check": "installed-check -v -i installed-check -i npm-run-all2 -i knip -i rollup-plugin-dts",
+    "lint:knip": "knip",
+    "lint": "run-p lint:*",
+    "test-coverage": "c8 mocha --reporter dot \"test/*.mjs\"",
+    "test": "mocha --reporter dot \"test/*.mjs\"",
+    "preversion": "npm run test-coverage && npm run -s build",
     "postversion": "git push && git push --tags",
     "prewatch": "npm run -s clean",
     "watch": "warun \"{src,test}/**/*.mjs\" -- npm run -s test:mocha"
   },
   "dependencies": {
-    "eslint-visitor-keys": "^3.3.0"
+    "eslint-visitor-keys": "^3.4.3"
   },
   "devDependencies": {
-    "@eslint-community/eslint-plugin-mysticatea": "^15.2.0",
-    "c8": "^7.12.0",
-    "dot-prop": "^6.0.1",
-    "eslint": "^8.28.0",
+    "@eslint-community/eslint-plugin-mysticatea": "^15.6.1",
+    "@types/eslint": "^9.6.1",
+    "@types/estree": "^1.0.7",
+    "@typescript-eslint/parser": "^5.62.0",
+    "@typescript-eslint/types": "^5.62.0",
+    "c8": "^8.0.1",
+    "dot-prop": "^7.2.0",
+    "eslint": "^8.57.1",
+    "installed-check": "^8.0.1",
+    "knip": "^5.33.3",
     "mocha": "^9.2.2",
-    "npm-run-all": "^4.1.5",
+    "npm-run-all2": "^6.2.3",
     "opener": "^1.5.2",
-    "prettier": "2.8.4",
+    "prettier": "2.8.8",
     "rimraf": "^3.0.2",
-    "rollup": "^2.79.1",
+    "rollup": "^2.79.2",
+    "rollup-plugin-dts": "^4.2.3",
     "rollup-plugin-sourcemaps": "^0.6.3",
-    "semver": "^7.3.8",
-    "vitepress": "^1.0.0-alpha.40",
+    "semver": "^7.6.3",
+    "typescript": "^4.9.5",
+    "vitepress": "^1.4.1",
     "warun": "^1.0.0"
   },
   "peerDependencies": {
@@ -69,5 +84,6 @@
   },
   "engines": {
     "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
-  }
+  },
+  "funding": "https://opencollective.com/eslint"
 }

node_modules/@eslint/js/README.md

@@ -8,8 +8,8 @@ The beginnings of separating out JavaScript-specific functionality from ESLint.
 
 Right now, this plugin contains two configurations:
 
--   `recommended` - enables the rules recommended by the ESLint team (the replacement for `"eslint:recommended"`)
--   `all` - enables all ESLint rules (the replacement for `"eslint:all"`)
+- `recommended` - enables the rules recommended by the ESLint team (the replacement for `"eslint:recommended"`)
+- `all` - enables all ESLint rules (the replacement for `"eslint:all"`)
 
 ## Installation
 

node_modules/@eslint/js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eslint/js",
-  "version": "9.24.0",
+  "version": "9.26.0",
   "description": "ESLint JavaScript language implementation",
   "main": "./src/index.js",
   "types": "./types/index.d.ts",

node_modules/@mswjs/interceptors/README.md

@@ -104,6 +104,21 @@ You can respond to the intercepted HTTP request by constructing a Fetch API Resp
 - Does **not** provide any request matching logic;
 - Does **not** handle requests by default.
 
+## Limitations
+
+- Interceptors will hang indefinitely if you call `req.end()` in the `connect` event listener of the respective `socket`:
+
+```ts
+req.on('socket', (socket) => {
+  socket.on('connect', () => {
+    // ❌ While this is allowed in Node.js, this cannot be handled in Interceptors.
+    req.end()
+  })
+})
+```
+
+> This limitation is intrinsic to the interception algorithm used by the library. In order for it to emit the `connect` event on the socket, the library must know if you've handled the request in any way (e.g. responded with a mocked response or errored it). For that, it emits the `request` event on the interceptor where you can handle the request. Since you can consume the request stream in the `request` event, it waits until the request body stream is complete (i.e. until `req.end()` is called). This creates a catch 22 that causes this limitation.
+
 ## Getting started
 
 ```bash

node_modules/@mswjs/interceptors/lib/browser/chunk-7RPAMWJ6.mjs

@@ -6,11 +6,12 @@ import {
 import {
   RequestController,
   handleRequest
-} from "./chunk-H5O73WD2.mjs";
+} from "./chunk-L37TY7LC.mjs";
 import {
   FetchResponse,
-  IS_PATCHED_MODULE
-} from "./chunk-FK37CTPH.mjs";
+  IS_PATCHED_MODULE,
+  setRawRequest
+} from "./chunk-CNX33NZA.mjs";
 import {
   hasConfigurableGlobal
 } from "./chunk-TX5GBTFY.mjs";
@@ -693,6 +694,7 @@ var XMLHttpRequestController = class {
       }
     });
     define(fetchRequest, "headers", proxyHeaders);
+    setRawRequest(fetchRequest, this.request);
     this.logger.info("converted request to a Fetch API Request!", fetchRequest);
     return fetchRequest;
   }
@@ -841,4 +843,4 @@ XMLHttpRequestInterceptor.interceptorSymbol = Symbol("xhr");
 export {
   XMLHttpRequestInterceptor
 };
-//# sourceMappingURL=chunk-E2WFHJX6.mjs.map
+//# sourceMappingURL=chunk-7RPAMWJ6.mjs.map

node_modules/@mswjs/interceptors/lib/browser/chunk-CNX33NZA.mjs

@@ -97,9 +97,20 @@ var FetchResponse = _FetchResponse;
 FetchResponse.STATUS_CODES_WITHOUT_BODY = [101, 103, 204, 205, 304];
 FetchResponse.STATUS_CODES_WITH_REDIRECT = [301, 302, 303, 307, 308];
 
+// src/getRawRequest.ts
+var kRawRequest = Symbol("kRawRequest");
+function getRawRequest(request) {
+  return Reflect.get(request, kRawRequest);
+}
+function setRawRequest(request, rawRequest) {
+  Reflect.set(request, kRawRequest, rawRequest);
+}
+
 export {
   IS_PATCHED_MODULE,
   canParseUrl,
-  FetchResponse
+  FetchResponse,
+  getRawRequest,
+  setRawRequest
 };
-//# sourceMappingURL=chunk-FK37CTPH.mjs.map
+//# sourceMappingURL=chunk-CNX33NZA.mjs.map

node_modules/@mswjs/interceptors/lib/browser/chunk-GTJ35JP4.js

@@ -39,12 +39,14 @@ var RequestController = class {
     this[kResponsePromise].resolve(response);
   }
   /**
-   * Error this request with the given error.
+   * Error this request with the given reason.
+   *
    * @example
    * controller.errorWith()
    * controller.errorWith(new Error('Oops!'))
+   * controller.errorWith({ message: 'Oops!'})
    */
-  errorWith(error) {
+  errorWith(reason) {
     _outvariant.invariant.as(
       InterceptorError,
       !this[kRequestHandled],
@@ -53,7 +55,7 @@ var RequestController = class {
       this.request.url
     );
     this[kRequestHandled] = true;
-    this[kResponsePromise].resolve(error);
+    this[kResponsePromise].resolve(reason);
   }
 };
 kResponsePromise, kRequestHandled;
@@ -73,6 +75,11 @@ async function emitAsync(emitter, eventName, ...data) {
 
 var _until = require('@open-draft/until');
 
+// src/utils/isObject.ts
+function isObject(value, loose = false) {
+  return loose ? Object.prototype.toString.call(value).startsWith("[object ") : Object.prototype.toString.call(value) === "[object Object]";
+}
+
 // src/utils/isPropertyAccessible.ts
 function isPropertyAccessible(obj, key) {
   try {
@@ -103,7 +110,10 @@ function createServerErrorResponse(body) {
   );
 }
 function isResponseError(response) {
-  return isPropertyAccessible(response, "type") && response.type === "error";
+  return response != null && response instanceof Response && isPropertyAccessible(response, "type") && response.type === "error";
+}
+function isResponseLike(value) {
+  return isObject(value, true) && isPropertyAccessible(value, "status") && isPropertyAccessible(value, "statusText") && isPropertyAccessible(value, "bodyUsed");
 }
 
 // src/utils/isNodeLikeError.ts
@@ -122,12 +132,21 @@ async function handleRequest(options) {
   const handleResponse = async (response) => {
     if (response instanceof Error) {
       options.onError(response);
-    } else if (isResponseError(response)) {
-      options.onRequestError(response);
-    } else {
-      await options.onResponse(response);
+      return true;
     }
-    return true;
+    if (isResponseError(response)) {
+      options.onRequestError(response);
+      return true;
+    }
+    if (isResponseLike(response)) {
+      await options.onResponse(response);
+      return true;
+    }
+    if (isObject(response)) {
+      options.onError(response);
+      return true;
+    }
+    return false;
   };
   const handleResponseError = async (error) => {
     if (error instanceof InterceptorError) {
@@ -165,7 +184,7 @@ async function handleRequest(options) {
     }
   }
   const result = await _until.until.call(void 0, async () => {
-    const requestListtenersPromise = emitAsync(options.emitter, "request", {
+    const requestListenersPromise = emitAsync(options.emitter, "request", {
       requestId: options.requestId,
       request: options.request,
       controller: options.controller
@@ -173,11 +192,10 @@ async function handleRequest(options) {
     await Promise.race([
       // Short-circuit the request handling promise if the request gets aborted.
       requestAbortPromise,
-      requestListtenersPromise,
+      requestListenersPromise,
       options.controller[kResponsePromise]
     ]);
-    const mockedResponse = await options.controller[kResponsePromise];
-    return mockedResponse;
+    return await options.controller[kResponsePromise];
   });
   if (requestAbortPromise.state === "rejected") {
     options.onError(requestAbortPromise.rejectionReason);
@@ -225,4 +243,4 @@ async function handleRequest(options) {
 
 
 exports.RequestController = RequestController; exports.emitAsync = emitAsync; exports.handleRequest = handleRequest;
-//# sourceMappingURL=chunk-FGSEOIC4.js.map
+//# sourceMappingURL=chunk-GTJ35JP4.js.map