Merge pull request #1436 from github/update-v2.1.37-d58039a1

Merge main into releases/v2

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CodeQL Action Changelog
 
+## 2.1.37 - 14 Dec 2022
+
+- Update default CodeQL bundle version to 2.11.6. [#1433](https://github.com/github/codeql-action/pull/1433)
+
 ## 2.1.36 - 08 Dec 2022
 
 - Update default CodeQL bundle version to 2.11.5. [#1412](https://github.com/github/codeql-action/pull/1412)

lib/actions-util.test.js

@@ -94,6 +94,30 @@ const util_1 = require("./util");
         getAdditionalInputStub.restore();
     });
 });
+(0, ava_1.default)("getRef() returns CODE_SCANNING_REF as a fallback for GITHUB_REF", async (t) => {
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const expectedRef = "refs/pull/1/HEAD";
+        const currentSha = "a".repeat(40);
+        process.env["CODE_SCANNING_REF"] = expectedRef;
+        process.env["GITHUB_REF"] = "";
+        process.env["GITHUB_SHA"] = currentSha;
+        const actualRef = await actionsutil.getRef();
+        t.deepEqual(actualRef, expectedRef);
+    });
+});
+(0, ava_1.default)("getRef() returns GITHUB_REF over CODE_SCANNING_REF if both are provided", async (t) => {
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const expectedRef = "refs/pull/1/merge";
+        const currentSha = "a".repeat(40);
+        process.env["CODE_SCANNING_REF"] = "refs/pull/1/HEAD";
+        process.env["GITHUB_REF"] = expectedRef;
+        process.env["GITHUB_SHA"] = currentSha;
+        const actualRef = await actionsutil.getRef();
+        t.deepEqual(actualRef, expectedRef);
+    });
+});
 (0, ava_1.default)("getRef() throws an error if only `ref` is provided as an input", async (t) => {
     await (0, util_1.withTmpDir)(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);

lib/codeql.js

@@ -29,7 +29,6 @@ const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const toolcache = __importStar(require("@actions/tool-cache"));
 const fast_deep_equal_1 = __importDefault(require("fast-deep-equal"));
 const yaml = __importStar(require("js-yaml"));
-const query_string_1 = __importDefault(require("query-string"));
 const semver = __importStar(require("semver"));
 const uuid_1 = require("uuid");
 const actions_util_1 = require("./actions-util");
@@ -262,7 +261,7 @@ async function setupCodeQL(codeqlURL, apiDetails, tempDir, variant, bypassToolca
                     codeqlURL = await getCodeQLBundleDownloadURL(apiDetails, variant, logger);
                 }
                 const parsedCodeQLURL = new URL(codeqlURL);
-                const parsedQueryString = query_string_1.default.parse(parsedCodeQLURL.search);
+                const searchParams = new URLSearchParams(parsedCodeQLURL.search);
                 const headers = {
                     accept: "application/octet-stream",
                 };
@@ -271,7 +270,7 @@ async function setupCodeQL(codeqlURL, apiDetails, tempDir, variant, bypassToolca
                 // This avoids leaking Enterprise tokens to dotcom.
                 // We also don't want to send an authorization header if there's already a token provided in the URL.
                 if (codeqlURL.startsWith(`${apiDetails.url}/`) &&
-                    parsedQueryString["token"] === undefined) {
+                    !searchParams.has("token")) {
                     logger.debug("Downloading CodeQL bundle with token.");
                     headers.authorization = `token ${apiDetails.auth}`;
                 }

lib/defaults.json

@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20221202"
+    "bundleVersion": "codeql-bundle-20221211"
 }

lib/init-action-post-helper.js

@@ -19,7 +19,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.run = exports.uploadFailedSarif = void 0;
+exports.run = exports.uploadSarifIfRunFailed = exports.uploadFailedSarif = void 0;
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
 const codeql_1 = require("./codeql");
@@ -29,15 +29,22 @@ const shared_environment_1 = require("./shared-environment");
 const uploadLib = __importStar(require("./upload-lib"));
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
+function createFailedUploadFailedSarifResult(error) {
+    return {
+        upload_failed_run_error: error instanceof Error ? error.message : String(error),
+        upload_failed_run_stack_trace: error instanceof Error ? error.stack : undefined,
+    };
+}
 async function uploadFailedSarif(config, repositoryNwo, featureEnablement, logger) {
+    var _a;
     if (!config.codeQLCmd) {
         logger.warning("CodeQL command not found. Unable to upload failed SARIF file.");
-        return;
+        return { upload_failed_run_skipped_because: "CodeQL command not found" };
     }
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     if (!(await featureEnablement.getValue(feature_flags_1.Feature.UploadFailedSarifEnabled, codeql))) {
         logger.debug("Uploading failed SARIF is disabled.");
-        return;
+        return { upload_failed_run_skipped_because: "Feature disabled" };
     }
     const workflow = await (0, workflow_1.getWorkflow)();
     const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
@@ -45,7 +52,7 @@ async function uploadFailedSarif(config, repositoryNwo, featureEnablement, logge
     if ((0, workflow_1.getUploadInputOrThrow)(workflow, jobName, matrix) !== "true" ||
         (0, util_1.isInTestMode)()) {
         logger.debug("Won't upload a failed SARIF file since SARIF upload is disabled.");
-        return;
+        return { upload_failed_run_skipped_because: "SARIF upload is disabled" };
     }
     const category = (0, workflow_1.getCategoryInputOrThrow)(workflow, jobName, matrix);
     const checkoutPath = (0, workflow_1.getCheckoutPathInputOrThrow)(workflow, jobName, matrix);
@@ -54,19 +61,15 @@ async function uploadFailedSarif(config, repositoryNwo, featureEnablement, logge
     core.info(`Uploading failed SARIF file ${sarifFile}`);
     const uploadResult = await uploadLib.uploadFromActions(sarifFile, checkoutPath, category, logger);
     await uploadLib.waitForProcessing(repositoryNwo, uploadResult.sarifID, logger, { isUnsuccessfulExecution: true });
+    return (_a = uploadResult === null || uploadResult === void 0 ? void 0 : uploadResult.statusReport) !== null && _a !== void 0 ? _a : {};
 }
 exports.uploadFailedSarif = uploadFailedSarif;
-async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, printDebugLogs, repositoryNwo, featureEnablement, logger) {
-    const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
-    if (config === undefined) {
-        logger.warning("Debugging artifacts are unavailable since the 'init' Action failed before it could produce any.");
-        return;
-    }
+async function uploadSarifIfRunFailed(config, repositoryNwo, featureEnablement, logger) {
     // Environment variable used to integration test uploading a SARIF file for failed runs
     const expectFailedSarifUpload = process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true";
     if (process.env[shared_environment_1.CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF] !== "true") {
         try {
-            await uploadFailedSarif(config, repositoryNwo, featureEnablement, logger);
+            return await uploadFailedSarif(config, repositoryNwo, featureEnablement, logger);
         }
         catch (e) {
             if (expectFailedSarifUpload) {
@@ -74,11 +77,26 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
                     `the following error: ${e}`);
             }
             logger.info(`Failed to upload a SARIF file for the failed run. Error: ${e}`);
+            return createFailedUploadFailedSarifResult(e);
         }
     }
     else if (expectFailedSarifUpload) {
         throw new Error("Expected to upload a SARIF file for the failed run, but didn't.");
     }
+    else {
+        return {
+            upload_failed_run_skipped_because: "SARIF file already uploaded",
+        };
+    }
+}
+exports.uploadSarifIfRunFailed = uploadSarifIfRunFailed;
+async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, printDebugLogs, repositoryNwo, featureEnablement, logger) {
+    const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
+    if (config === undefined) {
+        logger.warning("Debugging artifacts are unavailable since the 'init' Action failed before it could produce any.");
+        return;
+    }
+    const uploadFailedSarifResult = await uploadSarifIfRunFailed(config, repositoryNwo, featureEnablement, logger);
     // Upload appropriate Actions artifacts for debugging
     if (config.debugMode) {
         core.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
@@ -86,6 +104,7 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
         await uploadLogsDebugArtifact(config);
         await printDebugLogs(config);
     }
+    return uploadFailedSarifResult;
 }
 exports.run = run;
 //# sourceMappingURL=init-action-post-helper.js.map

lib/init-action-post-helper.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAA8E;AAC9E,wDAA0C;AAC1C,iCAA6E;AAC7E,yCAKoB;AAEb,KAAK,UAAU,iBAAiB,CACrC,MAAc,EACd,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,MAAM,CAAC,OAAO,CACZ,+DAA+D,CAChE,CAAC;QACF,OAAO;KACR;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IACE,CAAC,CAAC,MAAM,iBAAiB,CAAC,QAAQ,CAChC,uBAAO,CAAC,wBAAwB,EAChC,MAAM,CACP,CAAC,EACF;QACA,MAAM,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACpD,OAAO;KACR;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,IACE,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,MAAM;QAC3D,IAAA,mBAAY,GAAE,EACd;QACA,MAAM,CAAC,KAAK,CACV,kEAAkE,CACnE,CAAC;QACF,OAAO;KACR;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAE5E,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAC/C,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEpD,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;AACJ,CAAC;AArDD,8CAqDC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,uFAAuF;IACvF,MAAM,uBAAuB,GAC3B,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM,CAAC;IAErE,IAAI,OAAO,CAAC,GAAG,CAAC,2DAAsC,CAAC,KAAK,MAAM,EAAE;QAClE,IAAI;YACF,MAAM,iBAAiB,CAAC,MAAM,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;SAC3E;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,uBAAuB,EAAE;gBAC3B,MAAM,IAAI,KAAK,CACb,sEAAsE;oBACpE,wBAAwB,CAAC,EAAE,CAC9B,CAAC;aACH;YACD,MAAM,CAAC,IAAI,CACT,4DAA4D,CAAC,EAAE,CAChE,CAAC;SACH;KACF;SAAM,IAAI,uBAAuB,EAAE;QAClC,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;AACH,CAAC;AAlDD,kBAkDC"}
+{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAA8E;AAC9E,wDAA0C;AAC1C,iCAA6E;AAC7E,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,OAAO;QACL,uBAAuB,EACrB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,6BAA6B,EAC3B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACnD,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,MAAc,EACd,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,MAAM,CAAC,OAAO,CACZ,+DAA+D,CAChE,CAAC;QACF,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IACE,CAAC,CAAC,MAAM,iBAAiB,CAAC,QAAQ,CAChC,uBAAO,CAAC,wBAAwB,EAChC,MAAM,CACP,CAAC,EACF;QACA,MAAM,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACpD,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,IACE,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,MAAM;QAC3D,IAAA,mBAAY,GAAE,EACd;QACA,MAAM,CAAC,KAAK,CACV,kEAAkE,CACnE,CAAC;QACF,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAE5E,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAC/C,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEpD,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,YAAY,mCAAI,EAAE,CAAC;AAC1C,CAAC;AAtDD,8CAsDC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,MAAc,EACd,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,uFAAuF;IACvF,MAAM,uBAAuB,GAC3B,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM,CAAC;IAErE,IAAI,OAAO,CAAC,GAAG,CAAC,2DAAsC,CAAC,KAAK,MAAM,EAAE;QAClE,IAAI;YACF,OAAO,MAAM,iBAAiB,CAC5B,MAAM,EACN,aAAa,EACb,iBAAiB,EACjB,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,uBAAuB,EAAE;gBAC3B,MAAM,IAAI,KAAK,CACb,sEAAsE;oBACpE,wBAAwB,CAAC,EAAE,CAC9B,CAAC;aACH;YACD,MAAM,CAAC,IAAI,CACT,4DAA4D,CAAC,EAAE,CAChE,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM,IAAI,uBAAuB,EAAE;QAClC,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;KACH;SAAM;QACL,OAAO;YACL,iCAAiC,EAAE,6BAA6B;SACjE,CAAC;KACH;AACH,CAAC;AAvCD,wDAuCC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,sBAAsB,CAC1D,MAAM,EACN,aAAa,EACb,iBAAiB,EACjB,MAAM,CACP,CAAC;IAEF,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AAnCD,kBAmCC"}

lib/init-action-post-helper.test.js

@@ -103,6 +103,38 @@ const workflow = __importStar(require("./workflow"));
     ]);
     await testFailedSarifUpload(t, actionsWorkflow, { category: "my-category" });
 });
+(0, ava_1.default)("doesn't upload failed SARIF for workflow with upload: false", async (t) => {
+    const actionsWorkflow = createTestWorkflow([
+        {
+            name: "Checkout repository",
+            uses: "actions/checkout@v3",
+        },
+        {
+            name: "Initialize CodeQL",
+            uses: "github/codeql-action/init@v2",
+            with: {
+                languages: "javascript",
+            },
+        },
+        {
+            name: "Perform CodeQL Analysis",
+            uses: "github/codeql-action/analyze@v2",
+            with: {
+                category: "my-category",
+                upload: false,
+            },
+        },
+    ]);
+    await testFailedSarifUpload(t, actionsWorkflow, {
+        expectedLogs: [
+            {
+                message: "Won't upload a failed SARIF file since SARIF upload is disabled.",
+                type: "debug",
+            },
+        ],
+        expectUpload: false,
+    });
+});
 (0, ava_1.default)("uploading failed SARIF run fails when workflow does not reference github/codeql-action", async (t) => {
     const actionsWorkflow = createTestWorkflow([
         {
@@ -132,7 +164,7 @@ function createTestWorkflow(steps) {
         },
     };
 }
-async function testFailedSarifUpload(t, actionsWorkflow, { category } = {}) {
+async function testFailedSarifUpload(t, actionsWorkflow, { category, expectedLogs = [], expectUpload = true, } = {}) {
     const config = {
         codeQLCmd: "codeql",
         debugMode: true,
@@ -153,11 +185,18 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category } = {}) {
     uploadFromActions.resolves({ sarifID: "42" });
     const waitForProcessing = sinon.stub(uploadLib, "waitForProcessing");
     await initActionPostHelper.uploadFailedSarif(config, (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.UploadFailedSarifEnabled]), (0, testing_utils_1.getRecordingLogger)(messages));
-    t.deepEqual(messages, []);
-    t.true(diagnosticsExportStub.calledOnceWith(sinon.match.string, category), `Actual args were: ${diagnosticsExportStub.args}`);
-    t.true(uploadFromActions.calledOnceWith(sinon.match.string, sinon.match.string, category, sinon.match.any), `Actual args were: ${uploadFromActions.args}`);
-    t.true(waitForProcessing.calledOnceWith(sinon.match.any, "42", sinon.match.any, {
-        isUnsuccessfulExecution: true,
-    }));
+    t.deepEqual(messages, expectedLogs);
+    if (expectUpload) {
+        t.true(diagnosticsExportStub.calledOnceWith(sinon.match.string, category), `Actual args were: ${diagnosticsExportStub.args}`);
+        t.true(uploadFromActions.calledOnceWith(sinon.match.string, sinon.match.string, category, sinon.match.any), `Actual args were: ${uploadFromActions.args}`);
+        t.true(waitForProcessing.calledOnceWith(sinon.match.any, "42", sinon.match.any, {
+            isUnsuccessfulExecution: true,
+        }));
+    }
+    else {
+        t.true(diagnosticsExportStub.notCalled);
+        t.true(uploadFromActions.notCalled);
+        t.true(waitForProcessing.notCalled);
+    }
 }
 //# sourceMappingURL=init-action-post-helper.test.js.map

lib/init-action-post.js

@@ -25,7 +25,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-const actionsUtil = __importStar(require("./actions-util"));
+const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const debugArtifacts = __importStar(require("./debug-artifacts"));
 const feature_flags_1 = require("./feature-flags");
@@ -34,18 +34,28 @@ const logging_1 = require("./logging");
 const repository_1 = require("./repository");
 const util_1 = require("./util");
 async function runWrapper() {
+    const startedAt = new Date();
+    let uploadFailedSarifResult;
     try {
         const logger = (0, logging_1.getActionsLogger)();
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
         (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
         const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
-        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
-        await initActionPostHelper.run(debugArtifacts.uploadDatabaseBundleDebugArtifact, debugArtifacts.uploadLogsDebugArtifact, actionsUtil.printDebugLogs, repositoryNwo, features, logger);
+        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
+        uploadFailedSarifResult = await initActionPostHelper.run(debugArtifacts.uploadDatabaseBundleDebugArtifact, debugArtifacts.uploadLogsDebugArtifact, actions_util_1.printDebugLogs, repositoryNwo, features, logger);
     }
-    catch (error) {
-        core.setFailed(`init post-action step failed: ${error}`);
-        console.log(error);
+    catch (e) {
+        core.setFailed(e instanceof Error ? e.message : String(e));
+        console.log(e);
+        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init-post", (0, actions_util_1.getActionsStatus)(e), startedAt, String(e), e instanceof Error ? e.stack : undefined));
+        return;
     }
+    const statusReportBase = await (0, actions_util_1.createStatusReportBase)("init-post", "success", startedAt);
+    const statusReport = {
+        ...statusReportBase,
+        ...uploadFailedSarifResult,
+    };
+    await (0, actions_util_1.sendStatusReport)(statusReport);
 }
 void runWrapper();
 //# sourceMappingURL=init-action-post.js.map

lib/init-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAAgD;AAChD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,iCAAwE;AAExE,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,WAAW,CAAC,qBAAqB,EAAE,EACnC,MAAM,CACP,CAAC;QAEF,MAAM,oBAAoB,CAAC,GAAG,CAC5B,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,WAAW,CAAC,cAAc,EAC1B,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;KACH;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,iCAAiC,KAAK,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAOwB;AACxB,6CAAgD;AAChD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,iCAAwE;AAMxE,KAAK,UAAU,UAAU;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,uBAES,CAAC;IACd,IAAI;QACF,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,SAAS,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAE3D,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,MAAM,IAAA,+BAAgB,EACpB,MAAM,IAAA,qCAAsB,EAC1B,WAAW,EACX,IAAA,+BAAgB,EAAC,CAAC,CAAC,EACnB,SAAS,EACT,MAAM,CAAC,CAAC,CAAC,EACT,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CACzC,CACF,CAAC;QACF,OAAO;KACR;IACD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAAyB;QACzC,GAAG,gBAAgB;QACnB,GAAG,uBAAuB;KAC3B,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/workflow.js

@@ -264,7 +264,7 @@ function getStepsCallingAction(job, actionName) {
  * determine that no such input is passed to the Action.
  */
 function getInputOrThrow(workflow, jobName, actionName, inputName, matrixVars) {
-    var _a;
+    var _a, _b;
     const preamble = `Could not get ${inputName} input to ${actionName} since`;
     if (!workflow.jobs) {
         throw new Error(`${preamble} the workflow has no jobs.`);
@@ -279,11 +279,11 @@ function getInputOrThrow(workflow, jobName, actionName, inputName, matrixVars) {
     else if (stepsCallingAction.length > 1) {
         throw new Error(`${preamble} the ${jobName} job calls ${actionName} multiple times.`);
     }
-    let input = (_a = stepsCallingAction[0].with) === null || _a === void 0 ? void 0 : _a[inputName];
+    let input = (_b = (_a = stepsCallingAction[0].with) === null || _a === void 0 ? void 0 : _a[inputName]) === null || _b === void 0 ? void 0 : _b.toString();
     if (input !== undefined && matrixVars !== undefined) {
-        // Make a basic attempt to substitute matrix variables
-        // First normalize by removing whitespace
+        // Normalize by removing whitespace
         input = input.replace(/\${{\s+/, "${{").replace(/\s+}}/, "}}");
+        // Make a basic attempt to substitute matrix variables
         for (const [key, value] of Object.entries(matrixVars)) {
             input = input.replace(`\${{matrix.${key}}}`, value);
         }

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.36",
+  "version": "2.1.37",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
@@ -1924,13 +1924,6 @@
         }
       }
     },
-    "node_modules/decode-uri-component": {
-      "version": "0.2.0",
-      "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=",
-      "engines": {
-        "node": ">=0.10"
-      }
-    },
     "node_modules/deep-is": {
       "version": "0.1.3",
       "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=",
@@ -3046,13 +3039,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/filter-obj": {
-      "version": "1.1.0",
-      "integrity": "sha1-mzERErxsYSehbgFsbF1/GeCAXFs=",
-      "engines": {
-        "node": ">=0.10.0"
-      }
-    },
     "node_modules/find-up": {
       "version": "6.2.0",
       "resolved": "https://registry.npmjs.org/find-up/-/find-up-6.2.0.tgz",
@@ -4559,23 +4545,6 @@
         "node": ">=6"
       }
     },
-    "node_modules/query-string": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/query-string/-/query-string-7.0.1.tgz",
-      "integrity": "sha512-uIw3iRvHnk9to1blJCG3BTc+Ro56CBowJXKmNNAm3RulvPBzWLRqKSiiDk+IplJhsydwtuNMHi8UGQFcCLVfkA==",
-      "dependencies": {
-        "decode-uri-component": "^0.2.0",
-        "filter-obj": "^1.1.0",
-        "split-on-first": "^1.0.0",
-        "strict-uri-encode": "^2.0.0"
-      },
-      "engines": {
-        "node": ">=6"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/read-pkg-up": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-3.0.0.tgz",
@@ -5041,13 +5010,6 @@
       "integrity": "sha512-J+FWzZoynJEXGphVIS+XEh3kFSjZX/1i9gFBaWQcB+/tmpe2qUsSBABpcxqxnAxFdiUFEgAX1bjYGQvIZmoz9Q==",
       "dev": true
     },
-    "node_modules/split-on-first": {
-      "version": "1.1.0",
-      "integrity": "sha512-43ZssAJaMusuKWL8sKUBQXHWOpq8d6CfN/u1p4gUzfJkM05C8rxTmYrkIPTXapZpORA6LkkzcUulJ8FqA7Uudw==",
-      "engines": {
-        "node": ">=6"
-      }
-    },
     "node_modules/sprintf-js": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@@ -5075,13 +5037,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/strict-uri-encode": {
-      "version": "2.0.0",
-      "integrity": "sha1-ucczDHBChi9rFC3CdLvMWGbONUY=",
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/string-width": {
       "version": "4.2.3",
       "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",

node_modules/decode-uri-component/index.js

@@ -1,94 +0,0 @@
-'use strict';
-var token = '%[a-f0-9]{2}';
-var singleMatcher = new RegExp(token, 'gi');
-var multiMatcher = new RegExp('(' + token + ')+', 'gi');
-
-function decodeComponents(components, split) {
-	try {
-		// Try to decode the entire string first
-		return decodeURIComponent(components.join(''));
-	} catch (err) {
-		// Do nothing
-	}
-
-	if (components.length === 1) {
-		return components;
-	}
-
-	split = split || 1;
-
-	// Split the array in 2 parts
-	var left = components.slice(0, split);
-	var right = components.slice(split);
-
-	return Array.prototype.concat.call([], decodeComponents(left), decodeComponents(right));
-}
-
-function decode(input) {
-	try {
-		return decodeURIComponent(input);
-	} catch (err) {
-		var tokens = input.match(singleMatcher);
-
-		for (var i = 1; i < tokens.length; i++) {
-			input = decodeComponents(tokens, i).join('');
-
-			tokens = input.match(singleMatcher);
-		}
-
-		return input;
-	}
-}
-
-function customDecodeURIComponent(input) {
-	// Keep track of all the replacements and prefill the map with the `BOM`
-	var replaceMap = {
-		'%FE%FF': '\uFFFD\uFFFD',
-		'%FF%FE': '\uFFFD\uFFFD'
-	};
-
-	var match = multiMatcher.exec(input);
-	while (match) {
-		try {
-			// Decode as big chunks as possible
-			replaceMap[match[0]] = decodeURIComponent(match[0]);
-		} catch (err) {
-			var result = decode(match[0]);
-
-			if (result !== match[0]) {
-				replaceMap[match[0]] = result;
-			}
-		}
-
-		match = multiMatcher.exec(input);
-	}
-
-	// Add `%C2` at the end of the map to make sure it does not replace the combinator before everything else
-	replaceMap['%C2'] = '\uFFFD';
-
-	var entries = Object.keys(replaceMap);
-
-	for (var i = 0; i < entries.length; i++) {
-		// Replace all decoded components
-		var key = entries[i];
-		input = input.replace(new RegExp(key, 'g'), replaceMap[key]);
-	}
-
-	return input;
-}
-
-module.exports = function (encodedURI) {
-	if (typeof encodedURI !== 'string') {
-		throw new TypeError('Expected `encodedURI` to be of type `string`, got `' + typeof encodedURI + '`');
-	}
-
-	try {
-		encodedURI = encodedURI.replace(/\+/g, ' ');
-
-		// Try the built in decoder first
-		return decodeURIComponent(encodedURI);
-	} catch (err) {
-		// Fallback to a more advanced decoder
-		return customDecodeURIComponent(encodedURI);
-	}
-};

node_modules/decode-uri-component/license

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) Sam Verschueren <sam.verschueren@gmail.com> (github.com/SamVerschueren)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.

node_modules/decode-uri-component/package.json

@@ -1,37 +0,0 @@
-{
-  "name": "decode-uri-component",
-  "version": "0.2.0",
-  "description": "A better decodeURIComponent",
-  "license": "MIT",
-  "repository": "SamVerschueren/decode-uri-component",
-  "author": {
-    "name": "Sam Verschueren",
-    "email": "sam.verschueren@gmail.com",
-    "url": "github.com/SamVerschueren"
-  },
-  "engines": {
-    "node": ">=0.10"
-  },
-  "scripts": {
-    "test": "xo && nyc ava",
-    "coveralls": "nyc report --reporter=text-lcov | coveralls"
-  },
-  "files": [
-    "index.js"
-  ],
-  "keywords": [
-    "decode",
-    "uri",
-    "component",
-    "decodeuricomponent",
-    "components",
-    "decoder",
-    "url"
-  ],
-  "devDependencies": {
-    "ava": "^0.17.0",
-    "coveralls": "^2.13.1",
-    "nyc": "^10.3.2",
-    "xo": "^0.16.0"
-  }
-}

node_modules/decode-uri-component/readme.md

@@ -1,70 +0,0 @@
-# decode-uri-component
-
-[![Build Status](https://travis-ci.org/SamVerschueren/decode-uri-component.svg?branch=master)](https://travis-ci.org/SamVerschueren/decode-uri-component) [![Coverage Status](https://coveralls.io/repos/SamVerschueren/decode-uri-component/badge.svg?branch=master&service=github)](https://coveralls.io/github/SamVerschueren/decode-uri-component?branch=master)
-
-> A better [decodeURIComponent](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent)
-
-
-## Why?
-
-- Decodes `+` to a space.
-- Converts the [BOM](https://en.wikipedia.org/wiki/Byte_order_mark) to a [replacement character](https://en.wikipedia.org/wiki/Specials_(Unicode_block)#Replacement_character) `<60>`.
-- Does not throw with invalid encoded input.
-- Decodes as much of the string as possible.
-
-
-## Install
-
-```
-$ npm install --save decode-uri-component
-```
-
-
-## Usage
-
-```js
-const decodeUriComponent = require('decode-uri-component');
-
-decodeUriComponent('%25');
-//=> '%'
-
-decodeUriComponent('%');
-//=> '%'
-
-decodeUriComponent('st%C3%A5le');
-//=> 'ståle'
-
-decodeUriComponent('%st%C3%A5le%');
-//=> '%ståle%'
-
-decodeUriComponent('%%7Bst%C3%A5le%7D%');
-//=> '%{ståle}%'
-
-decodeUriComponent('%7B%ab%%7C%de%%7D');
-//=> '{%ab%|%de%}'
-
-decodeUriComponent('%FE%FF');
-//=> '\uFFFD\uFFFD'
-
-decodeUriComponent('%C2');
-//=> '\uFFFD'
-
-decodeUriComponent('%C2%B5');
-//=> 'µ'
-```
-
-
-## API
-
-### decodeUriComponent(encodedURI)
-
-#### encodedURI
-
-Type: `string`
-
-An encoded component of a Uniform Resource Identifier.
-
-
-## License
-
-MIT © [Sam Verschueren](https://github.com/SamVerschueren)

node_modules/filter-obj/index.js

@@ -1,17 +0,0 @@
-'use strict';
-module.exports = function (obj, predicate) {
-	var ret = {};
-	var keys = Object.keys(obj);
-	var isArr = Array.isArray(predicate);
-
-	for (var i = 0; i < keys.length; i++) {
-		var key = keys[i];
-		var val = obj[key];
-
-		if (isArr ? predicate.indexOf(key) !== -1 : predicate(key, val, obj)) {
-			ret[key] = val;
-		}
-	}
-
-	return ret;
-};

node_modules/filter-obj/license

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.

node_modules/filter-obj/package.json

@@ -1,37 +0,0 @@
-{
-  "name": "filter-obj",
-  "version": "1.1.0",
-  "description": "Filter object keys and values into a new object",
-  "license": "MIT",
-  "repository": "sindresorhus/filter-obj",
-  "author": {
-    "name": "Sindre Sorhus",
-    "email": "sindresorhus@gmail.com",
-    "url": "sindresorhus.com"
-  },
-  "engines": {
-    "node": ">=0.10.0"
-  },
-  "scripts": {
-    "test": "xo && node test.js"
-  },
-  "files": [
-    "index.js"
-  ],
-  "keywords": [
-    "filter",
-    "obj",
-    "object",
-    "key",
-    "keys",
-    "value",
-    "values",
-    "val",
-    "iterate",
-    "iterator"
-  ],
-  "devDependencies": {
-    "ava": "0.0.4",
-    "xo": "*"
-  }
-}

node_modules/filter-obj/readme.md

@@ -1,41 +0,0 @@
-# filter-obj [![Build Status](https://travis-ci.org/sindresorhus/filter-obj.svg?branch=master)](https://travis-ci.org/sindresorhus/filter-obj)
-
-> Filter object keys and values into a new object
-
-
-## Install
-
-```
-$ npm install --save filter-obj
-```
-
-
-## Usage
-
-```js
-var filterObj = require('filter-obj');
-
-var obj = {
-	foo: true,
-	bar: false
-};
-
-var newObject = filterObj(obj, function (key, value, object) {
-	return value === true;
-});
-//=> {foo: true}
-
-var newObject2 = filterObj(obj, ['bar']);
-//=> {bar: true}
-```
-
-
-## Related
-
-- [map-obj](https://github.com/sindresorhus/map-obj) - Map object keys and values into a new object
-- [object-assign](https://github.com/sindresorhus/object-assign) - Copy enumerable own properties from one or more source objects to a target object
-
-
-## License
-
-MIT © [Sindre Sorhus](http://sindresorhus.com)

node_modules/query-string/index.d.ts

@@ -1,545 +0,0 @@
-export interface ParseOptions {
-	/**
-	Decode the keys and values. URI components are decoded with [`decode-uri-component`](https://github.com/SamVerschueren/decode-uri-component).
-
-	@default true
-	*/
-	readonly decode?: boolean;
-
-	/**
-	@default 'none'
-
-	- `bracket`: Parse arrays with bracket representation:
-
-		```
-		import queryString = require('query-string');
-
-		queryString.parse('foo[]=1&foo[]=2&foo[]=3', {arrayFormat: 'bracket'});
-		//=> {foo: ['1', '2', '3']}
-		```
-
-	- `index`: Parse arrays with index representation:
-
-		```
-		import queryString = require('query-string');
-
-		queryString.parse('foo[0]=1&foo[1]=2&foo[3]=3', {arrayFormat: 'index'});
-		//=> {foo: ['1', '2', '3']}
-		```
-
-	- `comma`: Parse arrays with elements separated by comma:
-
-		```
-		import queryString = require('query-string');
-
-		queryString.parse('foo=1,2,3', {arrayFormat: 'comma'});
-		//=> {foo: ['1', '2', '3']}
-		```
-
-	- `separator`: Parse arrays with elements separated by a custom character:
-
-		```
-		import queryString = require('query-string');
-
-		queryString.parse('foo=1|2|3', {arrayFormat: 'separator', arrayFormatSeparator: '|'});
-		//=> {foo: ['1', '2', '3']}
-		```
-
-	- `bracket-separator`: Parse arrays (that are explicitly marked with brackets) with elements separated by a custom character:
-
-		```
-		import queryString = require('query-string');
-
-		queryString.parse('foo[]', {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-		//=> {foo: []}
-
-		queryString.parse('foo[]=', {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-		//=> {foo: ['']}
-
-		queryString.parse('foo[]=1', {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-	 	//=> {foo: ['1']}
-
-		queryString.parse('foo[]=1|2|3', {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-		//=> {foo: ['1', '2', '3']}
-
-		queryString.parse('foo[]=1||3|||6', {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-		//=> {foo: ['1', '', 3, '', '', '6']}
-
-		queryString.parse('foo[]=1|2|3&bar=fluffy&baz[]=4', {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-		//=> {foo: ['1', '2', '3'], bar: 'fluffy', baz:['4']}
-		```
-
-	- `none`: Parse arrays with elements using duplicate keys:
-
-		```
-		import queryString = require('query-string');
-
-		queryString.parse('foo=1&foo=2&foo=3');
-		//=> {foo: ['1', '2', '3']}
-		```
-	*/
-	readonly arrayFormat?: 'bracket' | 'index' | 'comma' | 'separator' | 'bracket-separator' | 'none';
-
-	/**
-	The character used to separate array elements when using `{arrayFormat: 'separator'}`.
-
-	@default ,
-	*/
-	readonly arrayFormatSeparator?: string;
-
-	/**
-	Supports both `Function` as a custom sorting function or `false` to disable sorting.
-
-	If omitted, keys are sorted using `Array#sort`, which means, converting them to strings and comparing strings in Unicode code point order.
-
-	@default true
-
-	@example
-	```
-	import queryString = require('query-string');
-
-	const order = ['c', 'a', 'b'];
-
-	queryString.parse('?a=one&b=two&c=three', {
-		sort: (itemLeft, itemRight) => order.indexOf(itemLeft) - order.indexOf(itemRight)
-	});
-	//=> {c: 'three', a: 'one', b: 'two'}
-	```
-
-	@example
-	```
-	import queryString = require('query-string');
-
-	queryString.parse('?a=one&c=three&b=two', {sort: false});
-	//=> {a: 'one', c: 'three', b: 'two'}
-	```
-	*/
-	readonly sort?: ((itemLeft: string, itemRight: string) => number) | false;
-
-	/**
-	Parse the value as a number type instead of string type if it's a number.
-
-	@default false
-
-	@example
-	```
-	import queryString = require('query-string');
-
-	queryString.parse('foo=1', {parseNumbers: true});
-	//=> {foo: 1}
-	```
-	*/
-	readonly parseNumbers?: boolean;
-
-	/**
-	Parse the value as a boolean type instead of string type if it's a boolean.
-
-	@default false
-
-	@example
-	```
-	import queryString = require('query-string');
-
-	queryString.parse('foo=true', {parseBooleans: true});
-	//=> {foo: true}
-	```
-	*/
-	readonly parseBooleans?: boolean;
-
-	/**
-	Parse the fragment identifier from the URL and add it to result object.
-
-	@default false
-
-	@example
-	```
-	import queryString = require('query-string');
-
-	queryString.parseUrl('https://foo.bar?foo=bar#xyz', {parseFragmentIdentifier: true});
-	//=> {url: 'https://foo.bar', query: {foo: 'bar'}, fragmentIdentifier: 'xyz'}
-	```
-	*/
-	readonly parseFragmentIdentifier?: boolean;
-}
-
-export interface ParsedQuery<T = string> {
-	[key: string]: T | T[] | null;
-}
-
-/**
-Parse a query string into an object. Leading `?` or `#` are ignored, so you can pass `location.search` or `location.hash` directly.
-
-The returned object is created with [`Object.create(null)`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/create) and thus does not have a `prototype`.
-
-@param query - The query string to parse.
-*/
-export function parse(query: string, options: {parseBooleans: true, parseNumbers: true} & ParseOptions): ParsedQuery<string | boolean | number>;
-export function parse(query: string, options: {parseBooleans: true} & ParseOptions): ParsedQuery<string | boolean>;
-export function parse(query: string, options: {parseNumbers: true} & ParseOptions): ParsedQuery<string | number>;
-export function parse(query: string, options?: ParseOptions): ParsedQuery;
-
-export interface ParsedUrl {
-	readonly url: string;
-	readonly query: ParsedQuery;
-
-	/**
-	The fragment identifier of the URL.
-
-	Present when the `parseFragmentIdentifier` option is `true`.
-	*/
-	readonly fragmentIdentifier?: string;
-}
-
-/**
-Extract the URL and the query string as an object.
-
-If the `parseFragmentIdentifier` option is `true`, the object will also contain a `fragmentIdentifier` property.
-
-@param url - The URL to parse.
-
-@example
-```
-import queryString = require('query-string');
-
-queryString.parseUrl('https://foo.bar?foo=bar');
-//=> {url: 'https://foo.bar', query: {foo: 'bar'}}
-
-queryString.parseUrl('https://foo.bar?foo=bar#xyz', {parseFragmentIdentifier: true});
-//=> {url: 'https://foo.bar', query: {foo: 'bar'}, fragmentIdentifier: 'xyz'}
-```
-*/
-export function parseUrl(url: string, options?: ParseOptions): ParsedUrl;
-
-export interface StringifyOptions {
-	/**
-	Strictly encode URI components with [`strict-uri-encode`](https://github.com/kevva/strict-uri-encode). It uses [`encodeURIComponent`](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent) if set to `false`. You probably [don't care](https://github.com/sindresorhus/query-string/issues/42) about this option.
-
-	@default true
-	*/
-	readonly strict?: boolean;
-
-	/**
-	[URL encode](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent) the keys and values.
-
-	@default true
-	*/
-	readonly encode?: boolean;
-
-	/**
-	@default 'none'
-
-	- `bracket`: Serialize arrays using bracket representation:
-
-		```
-		import queryString = require('query-string');
-
-		queryString.stringify({foo: [1, 2, 3]}, {arrayFormat: 'bracket'});
-		//=> 'foo[]=1&foo[]=2&foo[]=3'
-		```
-
-	- `index`: Serialize arrays using index representation:
-
-		```
-		import queryString = require('query-string');
-
-		queryString.stringify({foo: [1, 2, 3]}, {arrayFormat: 'index'});
-		//=> 'foo[0]=1&foo[1]=2&foo[2]=3'
-		```
-
-	- `comma`: Serialize arrays by separating elements with comma:
-
-		```
-		import queryString = require('query-string');
-
-		queryString.stringify({foo: [1, 2, 3]}, {arrayFormat: 'comma'});
-		//=> 'foo=1,2,3'
-
-		queryString.stringify({foo: [1, null, '']}, {arrayFormat: 'comma'});
-		//=> 'foo=1,,'
-		// Note that typing information for null values is lost
-		// and `.parse('foo=1,,')` would return `{foo: [1, '', '']}`.
-		```
-
-	- `separator`: Serialize arrays by separating elements with character:
-
-		```
-		import queryString = require('query-string');
-
-		queryString.stringify({foo: [1, 2, 3]}, {arrayFormat: 'separator', arrayFormatSeparator: '|'});
-		//=> 'foo=1|2|3'
-		```
-
-	- `bracket-separator`: Serialize arrays by explicitly post-fixing array names with brackets and separating elements with a custom character:
-
-		```
-		import queryString = require('query-string');
-
-		queryString.stringify({foo: []}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-		//=> 'foo[]'
-
-		queryString.stringify({foo: ['']}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-		//=> 'foo[]='
-
-		queryString.stringify({foo: [1]}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-		//=> 'foo[]=1'
-
-		queryString.stringify({foo: [1, 2, 3]}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-		//=> 'foo[]=1|2|3'
-
-		queryString.stringify({foo: [1, '', 3, null, null, 6]}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-		//=> 'foo[]=1||3|||6'
-
-		queryString.stringify({foo: [1, '', 3, null, null, 6]}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|', skipNull: true});
-		//=> 'foo[]=1||3|6'
-
-		queryString.stringify({foo: [1, 2, 3], bar: 'fluffy', baz: [4]}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-		//=> 'foo[]=1|2|3&bar=fluffy&baz[]=4'
-		```
-
-	- `none`: Serialize arrays by using duplicate keys:
-
-		```
-		import queryString = require('query-string');
-
-		queryString.stringify({foo: [1, 2, 3]});
-		//=> 'foo=1&foo=2&foo=3'
-		```
-	*/
-	readonly arrayFormat?: 'bracket' | 'index' | 'comma' | 'separator' | 'bracket-separator' | 'none';
-
-	/**
-	The character used to separate array elements when using `{arrayFormat: 'separator'}`.
-
-	@default ,
-	*/
-	readonly arrayFormatSeparator?: string;
-
-	/**
-	Supports both `Function` as a custom sorting function or `false` to disable sorting.
-
-	If omitted, keys are sorted using `Array#sort`, which means, converting them to strings and comparing strings in Unicode code point order.
-
-	@default true
-
-	@example
-	```
-	import queryString = require('query-string');
-
-	const order = ['c', 'a', 'b'];
-
-	queryString.stringify({a: 1, b: 2, c: 3}, {
-		sort: (itemLeft, itemRight) => order.indexOf(itemLeft) - order.indexOf(itemRight)
-	});
-	//=> 'c=3&a=1&b=2'
-	```
-
-	@example
-	```
-	import queryString = require('query-string');
-
-	queryString.stringify({b: 1, c: 2, a: 3}, {sort: false});
-	//=> 'b=1&c=2&a=3'
-	```
-	*/
-	readonly sort?: ((itemLeft: string, itemRight: string) => number) | false;
-
-	/**
-	Skip keys with `null` as the value.
-
-	Note that keys with `undefined` as the value are always skipped.
-
-	@default false
-
-	@example
-	```
-	import queryString = require('query-string');
-
-	queryString.stringify({a: 1, b: undefined, c: null, d: 4}, {
-		skipNull: true
-	});
-	//=> 'a=1&d=4'
-
-	queryString.stringify({a: undefined, b: null}, {
-		skipNull: true
-	});
-	//=> ''
-	```
-	*/
-	readonly skipNull?: boolean;
-
-	/**
-	Skip keys with an empty string as the value.
-
-	@default false
-
-	@example
-	```
-	import queryString = require('query-string');
-
-	queryString.stringify({a: 1, b: '', c: '', d: 4}, {
-		skipEmptyString: true
-	});
-	//=> 'a=1&d=4'
-	```
-
-	@example
-	```
-	import queryString = require('query-string');
-
-	queryString.stringify({a: '', b: ''}, {
-		skipEmptyString: true
-	});
-	//=> ''
-	```
-	*/
-	readonly skipEmptyString?: boolean;
-}
-
-export type Stringifiable = string | boolean | number | null | undefined;
-
-export type StringifiableRecord = Record<
-	string,
-	Stringifiable | readonly Stringifiable[]
->;
-
-/**
-Stringify an object into a query string and sort the keys.
-*/
-export function stringify(
-	// TODO: Use the below instead when the following TS issues are fixed:
-	// - https://github.com/microsoft/TypeScript/issues/15300
-	// - https://github.com/microsoft/TypeScript/issues/42021
-	// Context: https://github.com/sindresorhus/query-string/issues/298
-	// object: StringifiableRecord,
-	object: Record<string, any>,
-	options?: StringifyOptions
-): string;
-
-/**
-Extract a query string from a URL that can be passed into `.parse()`.
-
-Note: This behaviour can be changed with the `skipNull` option.
-*/
-export function extract(url: string): string;
-
-export interface UrlObject {
-	readonly url: string;
-
-	/**
-	Overrides queries in the `url` property.
-	*/
-	readonly query?: StringifiableRecord;
-
-	/**
-	Overrides the fragment identifier in the `url` property.
-	*/
-	readonly fragmentIdentifier?: string;
-}
-
-/**
-Stringify an object into a URL with a query string and sorting the keys. The inverse of [`.parseUrl()`](https://github.com/sindresorhus/query-string#parseurlstring-options)
-
-Query items in the `query` property overrides queries in the `url` property.
-
-The `fragmentIdentifier` property overrides the fragment identifier in the `url` property.
-
-@example
-```
-queryString.stringifyUrl({url: 'https://foo.bar', query: {foo: 'bar'}});
-//=> 'https://foo.bar?foo=bar'
-
-queryString.stringifyUrl({url: 'https://foo.bar?foo=baz', query: {foo: 'bar'}});
-//=> 'https://foo.bar?foo=bar'
-
-queryString.stringifyUrl({
-	url: 'https://foo.bar',
-	query: {
-		top: 'foo'
-	},
-	fragmentIdentifier: 'bar'
-});
-//=> 'https://foo.bar?top=foo#bar'
-```
-*/
-export function stringifyUrl(
-	object: UrlObject,
-	options?: StringifyOptions
-): string;
-
-/**
-Pick query parameters from a URL.
-
-@param url - The URL containing the query parameters to pick.
-@param keys - The names of the query parameters to keep. All other query parameters will be removed from the URL.
-@param filter - A filter predicate that will be provided the name of each query parameter and its value. The `parseNumbers` and `parseBooleans` options also affect `value`.
-
-@returns The URL with the picked query parameters.
-
-@example
-```
-queryString.pick('https://foo.bar?foo=1&bar=2#hello', ['foo']);
-//=> 'https://foo.bar?foo=1#hello'
-
-queryString.pick('https://foo.bar?foo=1&bar=2#hello', (name, value) => value === 2, {parseNumbers: true});
-//=> 'https://foo.bar?bar=2#hello'
-```
-*/
-export function pick(
-	url: string,
-	keys: readonly string[],
-	options?: ParseOptions & StringifyOptions
-): string
-export function pick(
-	url: string,
-	filter: (key: string, value: string | boolean | number) => boolean,
-	options?: {parseBooleans: true, parseNumbers: true} & ParseOptions & StringifyOptions
-): string
-export function pick(
-	url: string,
-	filter: (key: string, value: string | boolean) => boolean,
-	options?: {parseBooleans: true} & ParseOptions & StringifyOptions
-): string
-export function pick(
-	url: string,
-	filter: (key: string, value: string | number) => boolean,
-	options?: {parseNumbers: true} & ParseOptions & StringifyOptions
-): string
-
-/**
-Exclude query parameters from a URL. Like `.pick()` but reversed.
-
-@param url - The URL containing the query parameters to exclude.
-@param keys - The names of the query parameters to remove. All other query parameters will remain in the URL.
-@param filter - A filter predicate that will be provided the name of each query parameter and its value. The `parseNumbers` and `parseBooleans` options also affect `value`.
-
-@returns The URL without the excluded the query parameters.
-
-@example
-```
-queryString.exclude('https://foo.bar?foo=1&bar=2#hello', ['foo']);
-//=> 'https://foo.bar?bar=2#hello'
-
-queryString.exclude('https://foo.bar?foo=1&bar=2#hello', (name, value) => value === 2, {parseNumbers: true});
-//=> 'https://foo.bar?foo=1#hello'
-```
-*/
-export function exclude(
-	url: string,
-	keys: readonly string[],
-	options?: ParseOptions & StringifyOptions
-): string
-export function exclude(
-	url: string,
-	filter: (key: string, value: string | boolean | number) => boolean,
-	options?: {parseBooleans: true, parseNumbers: true} & ParseOptions & StringifyOptions
-): string
-export function exclude(
-	url: string,
-	filter: (key: string, value: string | boolean) => boolean,
-	options?: {parseBooleans: true} & ParseOptions & StringifyOptions
-): string
-export function exclude(
-	url: string,
-	filter: (key: string, value: string | number) => boolean,
-	options?: {parseNumbers: true} & ParseOptions & StringifyOptions
-): string

node_modules/query-string/index.js

@@ -1,447 +0,0 @@
-'use strict';
-const strictUriEncode = require('strict-uri-encode');
-const decodeComponent = require('decode-uri-component');
-const splitOnFirst = require('split-on-first');
-const filterObject = require('filter-obj');
-
-const isNullOrUndefined = value => value === null || value === undefined;
-
-const encodeFragmentIdentifier = Symbol('encodeFragmentIdentifier');
-
-function encoderForArrayFormat(options) {
-	switch (options.arrayFormat) {
-		case 'index':
-			return key => (result, value) => {
-				const index = result.length;
-
-				if (
-					value === undefined ||
-					(options.skipNull && value === null) ||
-					(options.skipEmptyString && value === '')
-				) {
-					return result;
-				}
-
-				if (value === null) {
-					return [...result, [encode(key, options), '[', index, ']'].join('')];
-				}
-
-				return [
-					...result,
-					[encode(key, options), '[', encode(index, options), ']=', encode(value, options)].join('')
-				];
-			};
-
-		case 'bracket':
-			return key => (result, value) => {
-				if (
-					value === undefined ||
-					(options.skipNull && value === null) ||
-					(options.skipEmptyString && value === '')
-				) {
-					return result;
-				}
-
-				if (value === null) {
-					return [...result, [encode(key, options), '[]'].join('')];
-				}
-
-				return [...result, [encode(key, options), '[]=', encode(value, options)].join('')];
-			};
-
-		case 'comma':
-		case 'separator':
-		case 'bracket-separator': {
-			const keyValueSep = options.arrayFormat === 'bracket-separator' ?
-				'[]=' :
-				'=';
-
-			return key => (result, value) => {
-				if (
-					value === undefined ||
-					(options.skipNull && value === null) ||
-					(options.skipEmptyString && value === '')
-				) {
-					return result;
-				}
-
-				// Translate null to an empty string so that it doesn't serialize as 'null'
-				value = value === null ? '' : value;
-
-				if (result.length === 0) {
-					return [[encode(key, options), keyValueSep, encode(value, options)].join('')];
-				}
-
-				return [[result, encode(value, options)].join(options.arrayFormatSeparator)];
-			};
-		}
-
-		default:
-			return key => (result, value) => {
-				if (
-					value === undefined ||
-					(options.skipNull && value === null) ||
-					(options.skipEmptyString && value === '')
-				) {
-					return result;
-				}
-
-				if (value === null) {
-					return [...result, encode(key, options)];
-				}
-
-				return [...result, [encode(key, options), '=', encode(value, options)].join('')];
-			};
-	}
-}
-
-function parserForArrayFormat(options) {
-	let result;
-
-	switch (options.arrayFormat) {
-		case 'index':
-			return (key, value, accumulator) => {
-				result = /\[(\d*)\]$/.exec(key);
-
-				key = key.replace(/\[\d*\]$/, '');
-
-				if (!result) {
-					accumulator[key] = value;
-					return;
-				}
-
-				if (accumulator[key] === undefined) {
-					accumulator[key] = {};
-				}
-
-				accumulator[key][result[1]] = value;
-			};
-
-		case 'bracket':
-			return (key, value, accumulator) => {
-				result = /(\[\])$/.exec(key);
-				key = key.replace(/\[\]$/, '');
-
-				if (!result) {
-					accumulator[key] = value;
-					return;
-				}
-
-				if (accumulator[key] === undefined) {
-					accumulator[key] = [value];
-					return;
-				}
-
-				accumulator[key] = [].concat(accumulator[key], value);
-			};
-
-		case 'comma':
-		case 'separator':
-			return (key, value, accumulator) => {
-				const isArray = typeof value === 'string' && value.includes(options.arrayFormatSeparator);
-				const isEncodedArray = (typeof value === 'string' && !isArray && decode(value, options).includes(options.arrayFormatSeparator));
-				value = isEncodedArray ? decode(value, options) : value;
-				const newValue = isArray || isEncodedArray ? value.split(options.arrayFormatSeparator).map(item => decode(item, options)) : value === null ? value : decode(value, options);
-				accumulator[key] = newValue;
-			};
-
-		case 'bracket-separator':
-			return (key, value, accumulator) => {
-				const isArray = /(\[\])$/.test(key);
-				key = key.replace(/\[\]$/, '');
-
-				if (!isArray) {
-					accumulator[key] = value ? decode(value, options) : value;
-					return;
-				}
-
-				const arrayValue = value === null ?
-					[] :
-					value.split(options.arrayFormatSeparator).map(item => decode(item, options));
-
-				if (accumulator[key] === undefined) {
-					accumulator[key] = arrayValue;
-					return;
-				}
-
-				accumulator[key] = [].concat(accumulator[key], arrayValue);
-			};
-
-		default:
-			return (key, value, accumulator) => {
-				if (accumulator[key] === undefined) {
-					accumulator[key] = value;
-					return;
-				}
-
-				accumulator[key] = [].concat(accumulator[key], value);
-			};
-	}
-}
-
-function validateArrayFormatSeparator(value) {
-	if (typeof value !== 'string' || value.length !== 1) {
-		throw new TypeError('arrayFormatSeparator must be single character string');
-	}
-}
-
-function encode(value, options) {
-	if (options.encode) {
-		return options.strict ? strictUriEncode(value) : encodeURIComponent(value);
-	}
-
-	return value;
-}
-
-function decode(value, options) {
-	if (options.decode) {
-		return decodeComponent(value);
-	}
-
-	return value;
-}
-
-function keysSorter(input) {
-	if (Array.isArray(input)) {
-		return input.sort();
-	}
-
-	if (typeof input === 'object') {
-		return keysSorter(Object.keys(input))
-			.sort((a, b) => Number(a) - Number(b))
-			.map(key => input[key]);
-	}
-
-	return input;
-}
-
-function removeHash(input) {
-	const hashStart = input.indexOf('#');
-	if (hashStart !== -1) {
-		input = input.slice(0, hashStart);
-	}
-
-	return input;
-}
-
-function getHash(url) {
-	let hash = '';
-	const hashStart = url.indexOf('#');
-	if (hashStart !== -1) {
-		hash = url.slice(hashStart);
-	}
-
-	return hash;
-}
-
-function extract(input) {
-	input = removeHash(input);
-	const queryStart = input.indexOf('?');
-	if (queryStart === -1) {
-		return '';
-	}
-
-	return input.slice(queryStart + 1);
-}
-
-function parseValue(value, options) {
-	if (options.parseNumbers && !Number.isNaN(Number(value)) && (typeof value === 'string' && value.trim() !== '')) {
-		value = Number(value);
-	} else if (options.parseBooleans && value !== null && (value.toLowerCase() === 'true' || value.toLowerCase() === 'false')) {
-		value = value.toLowerCase() === 'true';
-	}
-
-	return value;
-}
-
-function parse(query, options) {
-	options = Object.assign({
-		decode: true,
-		sort: true,
-		arrayFormat: 'none',
-		arrayFormatSeparator: ',',
-		parseNumbers: false,
-		parseBooleans: false
-	}, options);
-
-	validateArrayFormatSeparator(options.arrayFormatSeparator);
-
-	const formatter = parserForArrayFormat(options);
-
-	// Create an object with no prototype
-	const ret = Object.create(null);
-
-	if (typeof query !== 'string') {
-		return ret;
-	}
-
-	query = query.trim().replace(/^[?#&]/, '');
-
-	if (!query) {
-		return ret;
-	}
-
-	for (const param of query.split('&')) {
-		if (param === '') {
-			continue;
-		}
-
-		let [key, value] = splitOnFirst(options.decode ? param.replace(/\+/g, ' ') : param, '=');
-
-		// Missing `=` should be `null`:
-		// http://w3.org/TR/2012/WD-url-20120524/#collect-url-parameters
-		value = value === undefined ? null : ['comma', 'separator', 'bracket-separator'].includes(options.arrayFormat) ? value : decode(value, options);
-		formatter(decode(key, options), value, ret);
-	}
-
-	for (const key of Object.keys(ret)) {
-		const value = ret[key];
-		if (typeof value === 'object' && value !== null) {
-			for (const k of Object.keys(value)) {
-				value[k] = parseValue(value[k], options);
-			}
-		} else {
-			ret[key] = parseValue(value, options);
-		}
-	}
-
-	if (options.sort === false) {
-		return ret;
-	}
-
-	return (options.sort === true ? Object.keys(ret).sort() : Object.keys(ret).sort(options.sort)).reduce((result, key) => {
-		const value = ret[key];
-		if (Boolean(value) && typeof value === 'object' && !Array.isArray(value)) {
-			// Sort object keys, not values
-			result[key] = keysSorter(value);
-		} else {
-			result[key] = value;
-		}
-
-		return result;
-	}, Object.create(null));
-}
-
-exports.extract = extract;
-exports.parse = parse;
-
-exports.stringify = (object, options) => {
-	if (!object) {
-		return '';
-	}
-
-	options = Object.assign({
-		encode: true,
-		strict: true,
-		arrayFormat: 'none',
-		arrayFormatSeparator: ','
-	}, options);
-
-	validateArrayFormatSeparator(options.arrayFormatSeparator);
-
-	const shouldFilter = key => (
-		(options.skipNull && isNullOrUndefined(object[key])) ||
-		(options.skipEmptyString && object[key] === '')
-	);
-
-	const formatter = encoderForArrayFormat(options);
-
-	const objectCopy = {};
-
-	for (const key of Object.keys(object)) {
-		if (!shouldFilter(key)) {
-			objectCopy[key] = object[key];
-		}
-	}
-
-	const keys = Object.keys(objectCopy);
-
-	if (options.sort !== false) {
-		keys.sort(options.sort);
-	}
-
-	return keys.map(key => {
-		const value = object[key];
-
-		if (value === undefined) {
-			return '';
-		}
-
-		if (value === null) {
-			return encode(key, options);
-		}
-
-		if (Array.isArray(value)) {
-			if (value.length === 0 && options.arrayFormat === 'bracket-separator') {
-				return encode(key, options) + '[]';
-			}
-
-			return value
-				.reduce(formatter(key), [])
-				.join('&');
-		}
-
-		return encode(key, options) + '=' + encode(value, options);
-	}).filter(x => x.length > 0).join('&');
-};
-
-exports.parseUrl = (url, options) => {
-	options = Object.assign({
-		decode: true
-	}, options);
-
-	const [url_, hash] = splitOnFirst(url, '#');
-
-	return Object.assign(
-		{
-			url: url_.split('?')[0] || '',
-			query: parse(extract(url), options)
-		},
-		options && options.parseFragmentIdentifier && hash ? {fragmentIdentifier: decode(hash, options)} : {}
-	);
-};
-
-exports.stringifyUrl = (object, options) => {
-	options = Object.assign({
-		encode: true,
-		strict: true,
-		[encodeFragmentIdentifier]: true
-	}, options);
-
-	const url = removeHash(object.url).split('?')[0] || '';
-	const queryFromUrl = exports.extract(object.url);
-	const parsedQueryFromUrl = exports.parse(queryFromUrl, {sort: false});
-
-	const query = Object.assign(parsedQueryFromUrl, object.query);
-	let queryString = exports.stringify(query, options);
-	if (queryString) {
-		queryString = `?${queryString}`;
-	}
-
-	let hash = getHash(object.url);
-	if (object.fragmentIdentifier) {
-		hash = `#${options[encodeFragmentIdentifier] ? encode(object.fragmentIdentifier, options) : object.fragmentIdentifier}`;
-	}
-
-	return `${url}${queryString}${hash}`;
-};
-
-exports.pick = (input, filter, options) => {
-	options = Object.assign({
-		parseFragmentIdentifier: true,
-		[encodeFragmentIdentifier]: false
-	}, options);
-
-	const {url, query, fragmentIdentifier} = exports.parseUrl(input, options);
-	return exports.stringifyUrl({
-		url,
-		query: filterObject(query, filter),
-		fragmentIdentifier
-	}, options);
-};
-
-exports.exclude = (input, filter, options) => {
-	const exclusionFilter = Array.isArray(filter) ? key => !filter.includes(key) : (key, value) => !filter(key, value);
-
-	return exports.pick(input, exclusionFilter, options);
-};

node_modules/query-string/license

@@ -1,9 +0,0 @@
-MIT License
-
-Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (http://sindresorhus.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

node_modules/query-string/package.json

@@ -1,54 +0,0 @@
-{
-  "name": "query-string",
-  "version": "7.0.1",
-  "description": "Parse and stringify URL query strings",
-  "license": "MIT",
-  "repository": "sindresorhus/query-string",
-  "funding": "https://github.com/sponsors/sindresorhus",
-  "author": {
-    "name": "Sindre Sorhus",
-    "email": "sindresorhus@gmail.com",
-    "url": "https://sindresorhus.com"
-  },
-  "engines": {
-    "node": ">=6"
-  },
-  "scripts": {
-    "benchmark": "node benchmark.js",
-    "test": "xo && ava && tsd"
-  },
-  "files": [
-    "index.js",
-    "index.d.ts"
-  ],
-  "keywords": [
-    "browser",
-    "querystring",
-    "query",
-    "string",
-    "qs",
-    "param",
-    "parameter",
-    "url",
-    "parse",
-    "stringify",
-    "encode",
-    "decode",
-    "searchparams",
-    "filter"
-  ],
-  "dependencies": {
-    "decode-uri-component": "^0.2.0",
-    "filter-obj": "^1.1.0",
-    "split-on-first": "^1.0.0",
-    "strict-uri-encode": "^2.0.0"
-  },
-  "devDependencies": {
-    "ava": "^1.4.1",
-    "benchmark": "^2.1.4",
-    "deep-equal": "^1.0.1",
-    "fast-check": "^1.5.0",
-    "tsd": "^0.7.3",
-    "xo": "^0.24.0"
-  }
-}

node_modules/query-string/readme.md

@@ -1,633 +0,0 @@
-# query-string
-
-> Parse and stringify URL [query strings](https://en.wikipedia.org/wiki/Query_string)
-
-<br>
-
----
-
-<div align="center">
-	<p>
-		<p>
-			<sup>
-				<a href="https://github.com/sponsors/sindresorhus">My open source work is supported by the community</a>
-			</sup>
-		</p>
-		<sup>Special thanks to:</sup>
-		<br>
-		<br>
-		<a href="https://standardresume.co/tech">
-			<img src="https://sindresorhus.com/assets/thanks/standard-resume-logo.svg" width="180"/>
-		</a>
-		<br>
-		<br>
-		<br>
-		<a href="https://doppler.com/?utm_campaign=github_repo&utm_medium=referral&utm_content=query-string&utm_source=github">
-			<div>
-				<img src="https://dashboard.doppler.com/imgs/logo-long.svg" width="240" alt="Doppler">
-			</div>
-			<b>All your environment variables, in one place</b>
-			<div>
-				<span>Stop struggling with scattered API keys, hacking together home-brewed tools,</span>
-				<br>
-				<span>and avoiding access controls. Keep your team and servers in sync with Doppler.</span>
-			</div>
-		</a>
-		<br>
-		<a href="https://strapi.io/?ref=sindresorhus">
-			<div>
-				<img src="https://sindresorhus.com/assets/thanks/strapi-logo-white-bg.png" width="200" alt="Strapi">
-			</div>
-			<b>Strapi is the leading open-source headless CMS.</b>
-			<div>
-				<sup>It’s 100% JavaScript, fully customizable, and developer-first.</sup>
-			</div>
-		</a>
-		<br>
-		<a href="https://oss.capital">
-			<div>
-				<img src="https://sindresorhus.com/assets/thanks/oss-capital-logo-white-bg.svg" width="300" alt="OSS Capital">
-			</div>
-			<div>
-				<sup><b>Founded in 2018, OSS Capital is the first and only venture capital platform focused<br>exclusively on supporting early-stage COSS (commercial open source) startup founders.</b></sup>
-			</div>
-		</a>
-	</p>
-</div>
-
----
-
-<br>
-
-## Install
-
-```
-$ npm install query-string
-```
-
-**Not `npm install querystring`!!!!!**
-
-This module targets Node.js 6 or later and the latest version of Chrome, Firefox, and Safari.
-
-## Usage
-
-```js
-const queryString = require('query-string');
-
-console.log(location.search);
-//=> '?foo=bar'
-
-const parsed = queryString.parse(location.search);
-console.log(parsed);
-//=> {foo: 'bar'}
-
-console.log(location.hash);
-//=> '#token=bada55cafe'
-
-const parsedHash = queryString.parse(location.hash);
-console.log(parsedHash);
-//=> {token: 'bada55cafe'}
-
-parsed.foo = 'unicorn';
-parsed.ilike = 'pizza';
-
-const stringified = queryString.stringify(parsed);
-//=> 'foo=unicorn&ilike=pizza'
-
-location.search = stringified;
-// note that `location.search` automatically prepends a question mark
-console.log(location.search);
-//=> '?foo=unicorn&ilike=pizza'
-```
-
-## API
-
-### .parse(string, options?)
-
-Parse a query string into an object. Leading `?` or `#` are ignored, so you can pass `location.search` or `location.hash` directly.
-
-The returned object is created with [`Object.create(null)`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/create) and thus does not have a `prototype`.
-
-#### options
-
-Type: `object`
-
-##### decode
-
-Type: `boolean`\
-Default: `true`
-
-Decode the keys and values. URL components are decoded with [`decode-uri-component`](https://github.com/SamVerschueren/decode-uri-component).
-
-##### arrayFormat
-
-Type: `string`\
-Default: `'none'`
-
-- `'bracket'`: Parse arrays with bracket representation:
-
-```js
-const queryString = require('query-string');
-
-queryString.parse('foo[]=1&foo[]=2&foo[]=3', {arrayFormat: 'bracket'});
-//=> {foo: ['1', '2', '3']}
-```
-
-- `'index'`: Parse arrays with index representation:
-
-```js
-const queryString = require('query-string');
-
-queryString.parse('foo[0]=1&foo[1]=2&foo[3]=3', {arrayFormat: 'index'});
-//=> {foo: ['1', '2', '3']}
-```
-
-- `'comma'`: Parse arrays with elements separated by comma:
-
-```js
-const queryString = require('query-string');
-
-queryString.parse('foo=1,2,3', {arrayFormat: 'comma'});
-//=> {foo: ['1', '2', '3']}
-```
-
-- `'separator'`: Parse arrays with elements separated by a custom character:
-
-```js
-const queryString = require('query-string');
-
-queryString.parse('foo=1|2|3', {arrayFormat: 'separator', arrayFormatSeparator: '|'});
-//=> {foo: ['1', '2', '3']}
-```
-
-- `'bracket-separator'`: Parse arrays (that are explicitly marked with brackets) with elements separated by a custom character:
-
-```js
-const queryString = require('query-string');
-
-queryString.parse('foo[]', {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-//=> {foo: []}
-
-queryString.parse('foo[]=', {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-//=> {foo: ['']}
-
-queryString.parse('foo[]=1', {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-//=> {foo: ['1']}
-
-queryString.parse('foo[]=1|2|3', {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-//=> {foo: ['1', '2', '3']}
-
-queryString.parse('foo[]=1||3|||6', {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-//=> {foo: ['1', '', 3, '', '', '6']}
-
-queryString.parse('foo[]=1|2|3&bar=fluffy&baz[]=4', {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-//=> {foo: ['1', '2', '3'], bar: 'fluffy', baz:['4']}
-```
-
-- `'none'`: Parse arrays with elements using duplicate keys:
-
-```js
-const queryString = require('query-string');
-
-queryString.parse('foo=1&foo=2&foo=3');
-//=> {foo: ['1', '2', '3']}
-```
-
-##### arrayFormatSeparator
-
-Type: `string`\
-Default: `','`
-
-The character used to separate array elements when using `{arrayFormat: 'separator'}`.
-
-##### sort
-
-Type: `Function | boolean`\
-Default: `true`
-
-Supports both `Function` as a custom sorting function or `false` to disable sorting.
-
-##### parseNumbers
-
-Type: `boolean`\
-Default: `false`
-
-```js
-const queryString = require('query-string');
-
-queryString.parse('foo=1', {parseNumbers: true});
-//=> {foo: 1}
-```
-
-Parse the value as a number type instead of string type if it's a number.
-
-##### parseBooleans
-
-Type: `boolean`\
-Default: `false`
-
-```js
-const queryString = require('query-string');
-
-queryString.parse('foo=true', {parseBooleans: true});
-//=> {foo: true}
-```
-
-Parse the value as a boolean type instead of string type if it's a boolean.
-
-### .stringify(object, options?)
-
-Stringify an object into a query string and sorting the keys.
-
-#### options
-
-Type: `object`
-
-##### strict
-
-Type: `boolean`\
-Default: `true`
-
-Strictly encode URI components with [strict-uri-encode](https://github.com/kevva/strict-uri-encode). It uses [encodeURIComponent](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent) if set to false. You probably [don't care](https://github.com/sindresorhus/query-string/issues/42) about this option.
-
-##### encode
-
-Type: `boolean`\
-Default: `true`
-
-[URL encode](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent) the keys and values.
-
-##### arrayFormat
-
-Type: `string`\
-Default: `'none'`
-
-- `'bracket'`: Serialize arrays using bracket representation:
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({foo: [1, 2, 3]}, {arrayFormat: 'bracket'});
-//=> 'foo[]=1&foo[]=2&foo[]=3'
-```
-
-- `'index'`: Serialize arrays using index representation:
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({foo: [1, 2, 3]}, {arrayFormat: 'index'});
-//=> 'foo[0]=1&foo[1]=2&foo[2]=3'
-```
-
-- `'comma'`: Serialize arrays by separating elements with comma:
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({foo: [1, 2, 3]}, {arrayFormat: 'comma'});
-//=> 'foo=1,2,3'
-
-queryString.stringify({foo: [1, null, '']}, {arrayFormat: 'comma'});
-//=> 'foo=1,,'
-// Note that typing information for null values is lost
-// and `.parse('foo=1,,')` would return `{foo: [1, '', '']}`.
-```
-
-- `'separator'`: Serialize arrays by separating elements with a custom character:
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({foo: [1, 2, 3]}, {arrayFormat: 'separator', arrayFormatSeparator: '|'});
-//=> 'foo=1|2|3'
-```
-
-- `'bracket-separator'`: Serialize arrays by explicitly post-fixing array names with brackets and separating elements with a custom character:
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({foo: []}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-//=> 'foo[]'
-
-queryString.stringify({foo: ['']}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-//=> 'foo[]='
-
-queryString.stringify({foo: [1]}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-//=> 'foo[]=1'
-
-queryString.stringify({foo: [1, 2, 3]}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-//=> 'foo[]=1|2|3'
-
-queryString.stringify({foo: [1, '', 3, null, null, 6]}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-//=> 'foo[]=1||3|||6'
-
-queryString.stringify({foo: [1, '', 3, null, null, 6]}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|', skipNull: true});
-//=> 'foo[]=1||3|6'
-
-queryString.stringify({foo: [1, 2, 3], bar: 'fluffy', baz: [4]}, {arrayFormat: 'bracket-separator', arrayFormatSeparator: '|'});
-//=> 'foo[]=1|2|3&bar=fluffy&baz[]=4'
-```
-
-- `'none'`: Serialize arrays by using duplicate keys:
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({foo: [1, 2, 3]});
-//=> 'foo=1&foo=2&foo=3'
-```
-
-##### arrayFormatSeparator
-
-Type: `string`\
-Default: `','`
-
-The character used to separate array elements when using `{arrayFormat: 'separator'}`.
-
-##### sort
-
-Type: `Function | boolean`
-
-Supports both `Function` as a custom sorting function or `false` to disable sorting.
-
-```js
-const queryString = require('query-string');
-
-const order = ['c', 'a', 'b'];
-
-queryString.stringify({a: 1, b: 2, c: 3}, {
-	sort: (a, b) => order.indexOf(a) - order.indexOf(b)
-});
-//=> 'c=3&a=1&b=2'
-```
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({b: 1, c: 2, a: 3}, {sort: false});
-//=> 'b=1&c=2&a=3'
-```
-
-If omitted, keys are sorted using `Array#sort()`, which means, converting them to strings and comparing strings in Unicode code point order.
-
-##### skipNull
-
-Skip keys with `null` as the value.
-
-Note that keys with `undefined` as the value are always skipped.
-
-Type: `boolean`\
-Default: `false`
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({a: 1, b: undefined, c: null, d: 4}, {
-	skipNull: true
-});
-//=> 'a=1&d=4'
-```
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({a: undefined, b: null}, {
-	skipNull: true
-});
-//=> ''
-```
-
-##### skipEmptyString
-
-Skip keys with an empty string as the value.
-
-Type: `boolean`\
-Default: `false`
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({a: 1, b: '', c: '', d: 4}, {
-	skipEmptyString: true
-});
-//=> 'a=1&d=4'
-```
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({a: '', b: ''}, {
-	skipEmptyString: true
-});
-//=> ''
-```
-
-### .extract(string)
-
-Extract a query string from a URL that can be passed into `.parse()`.
-
-Note: This behaviour can be changed with the `skipNull` option.
-
-### .parseUrl(string, options?)
-
-Extract the URL and the query string as an object.
-
-Returns an object with a `url` and `query` property.
-
-If the `parseFragmentIdentifier` option is `true`, the object will also contain a `fragmentIdentifier` property.
-
-```js
-const queryString = require('query-string');
-
-queryString.parseUrl('https://foo.bar?foo=bar');
-//=> {url: 'https://foo.bar', query: {foo: 'bar'}}
-
-queryString.parseUrl('https://foo.bar?foo=bar#xyz', {parseFragmentIdentifier: true});
-//=> {url: 'https://foo.bar', query: {foo: 'bar'}, fragmentIdentifier: 'xyz'}
-```
-
-#### options
-
-Type: `object`
-
-The options are the same as for `.parse()`.
-
-Extra options are as below.
-
-##### parseFragmentIdentifier
-
-Parse the fragment identifier from the URL.
-
-Type: `boolean`\
-Default: `false`
-
-```js
-const queryString = require('query-string');
-
-queryString.parseUrl('https://foo.bar?foo=bar#xyz', {parseFragmentIdentifier: true});
-//=> {url: 'https://foo.bar', query: {foo: 'bar'}, fragmentIdentifier: 'xyz'}
-```
-
-### .stringifyUrl(object, options?)
-
-Stringify an object into a URL with a query string and sorting the keys. The inverse of [`.parseUrl()`](https://github.com/sindresorhus/query-string#parseurlstring-options)
-
-The `options` are the same as for `.stringify()`.
-
-Returns a string with the URL and a query string.
-
-Query items in the `query` property overrides queries in the `url` property.
-
-The `fragmentIdentifier` property overrides the fragment identifier in the `url` property.
-
-```js
-queryString.stringifyUrl({url: 'https://foo.bar', query: {foo: 'bar'}});
-//=> 'https://foo.bar?foo=bar'
-
-queryString.stringifyUrl({url: 'https://foo.bar?foo=baz', query: {foo: 'bar'}});
-//=> 'https://foo.bar?foo=bar'
-
-queryString.stringifyUrl({
-	url: 'https://foo.bar',
-	query: {
-		top: 'foo'
-	},
-	fragmentIdentifier: 'bar'
-});
-//=> 'https://foo.bar?top=foo#bar'
-```
-
-#### object
-
-Type: `object`
-
-##### url
-
-Type: `string`
-
-The URL to stringify.
-
-##### query
-
-Type: `object`
-
-Query items to add to the URL.
-
-### .pick(url, keys, options?)
-### .pick(url, filter, options?)
-
-Pick query parameters from a URL.
-
-Returns a string with the new URL.
-
-```js
-const queryString = require('query-string');
-
-queryString.pick('https://foo.bar?foo=1&bar=2#hello', ['foo']);
-//=> 'https://foo.bar?foo=1#hello'
-
-queryString.pick('https://foo.bar?foo=1&bar=2#hello', (name, value) => value === 2, {parseNumbers: true});
-//=> 'https://foo.bar?bar=2#hello'
-```
-
-### .exclude(url, keys, options?)
-### .exclude(url, filter, options?)
-
-Exclude query parameters from a URL.
-
-Returns a string with the new URL.
-
-```js
-const queryString = require('query-string');
-
-queryString.exclude('https://foo.bar?foo=1&bar=2#hello', ['foo']);
-//=> 'https://foo.bar?bar=2#hello'
-
-queryString.exclude('https://foo.bar?foo=1&bar=2#hello', (name, value) => value === 2, {parseNumbers: true});
-//=> 'https://foo.bar?foo=1#hello'
-```
-
-#### url
-
-Type: `string`
-
-The URL containing the query parameters to filter.
-
-#### keys
-
-Type: `string[]`
-
-The names of the query parameters to filter based on the function used.
-
-#### filter
-
-Type: `(key, value) => boolean`
-
-A filter predicate that will be provided the name of each query parameter and its value. The `parseNumbers` and `parseBooleans` options also affect `value`.
-
-#### options
-
-Type: `object`
-
-[Parse options](#options) and [stringify options](#options-1).
-
-## Nesting
-
-This module intentionally doesn't support nesting as it's not spec'd and varies between implementations, which causes a lot of [edge cases](https://github.com/visionmedia/node-querystring/issues).
-
-You're much better off just converting the object to a JSON string:
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({
-	foo: 'bar',
-	nested: JSON.stringify({
-		unicorn: 'cake'
-	})
-});
-//=> 'foo=bar&nested=%7B%22unicorn%22%3A%22cake%22%7D'
-```
-
-However, there is support for multiple instances of the same key:
-
-```js
-const queryString = require('query-string');
-
-queryString.parse('likes=cake&name=bob&likes=icecream');
-//=> {likes: ['cake', 'icecream'], name: 'bob'}
-
-queryString.stringify({color: ['taupe', 'chartreuse'], id: '515'});
-//=> 'color=taupe&color=chartreuse&id=515'
-```
-
-## Falsy values
-
-Sometimes you want to unset a key, or maybe just make it present without assigning a value to it. Here is how falsy values are stringified:
-
-```js
-const queryString = require('query-string');
-
-queryString.stringify({foo: false});
-//=> 'foo=false'
-
-queryString.stringify({foo: null});
-//=> 'foo'
-
-queryString.stringify({foo: undefined});
-//=> ''
-```
-
-## FAQ
-
-### Why is it parsing `+` as a space?
-
-See [this answer](https://github.com/sindresorhus/query-string/issues/305).
-
-## query-string for enterprise
-
-Available as part of the Tidelift Subscription.
-
-The maintainers of query-string and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. [Learn more.](https://tidelift.com/subscription/pkg/npm-query-string?utm_source=npm-query-string&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)

node_modules/split-on-first/index.d.ts

@@ -1,29 +0,0 @@
-/**
-Split a string on the first occurrence of a given separator.
-
-@param string - The string to split.
-@param separator - The separator to split on.
-
-@example
-```
-import splitOnFirst = require('split-on-first');
-
-splitOnFirst('a-b-c', '-');
-//=> ['a', 'b-c']
-
-splitOnFirst('key:value:value2', ':');
-//=> ['key', 'value:value2']
-
-splitOnFirst('a---b---c', '---');
-//=> ['a', 'b---c']
-
-splitOnFirst('a-b-c', '+');
-//=> ['a-b-c']
-```
-*/
-declare function splitOnFirst(
-	string: string,
-	separator: string
-): [string, string?];
-
-export = splitOnFirst;

node_modules/split-on-first/index.js

@@ -1,22 +0,0 @@
-'use strict';
-
-module.exports = (string, separator) => {
-	if (!(typeof string === 'string' && typeof separator === 'string')) {
-		throw new TypeError('Expected the arguments to be of type `string`');
-	}
-
-	if (separator === '') {
-		return [string];
-	}
-
-	const separatorIndex = string.indexOf(separator);
-
-	if (separatorIndex === -1) {
-		return [string];
-	}
-
-	return [
-		string.slice(0, separatorIndex),
-		string.slice(separatorIndex + separator.length)
-	];
-};

node_modules/split-on-first/license

@@ -1,9 +0,0 @@
-MIT License
-
-Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

node_modules/split-on-first/package.json

@@ -1,36 +0,0 @@
-{
-  "name": "split-on-first",
-  "version": "1.1.0",
-  "description": "Split a string on the first occurance of a given separator",
-  "license": "MIT",
-  "repository": "sindresorhus/split-on-first",
-  "author": {
-    "name": "Sindre Sorhus",
-    "email": "sindresorhus@gmail.com",
-    "url": "sindresorhus.com"
-  },
-  "engines": {
-    "node": ">=6"
-  },
-  "scripts": {
-    "test": "xo && ava && tsd"
-  },
-  "files": [
-    "index.js",
-    "index.d.ts"
-  ],
-  "keywords": [
-    "split",
-    "string",
-    "first",
-    "occurrence",
-    "separator",
-    "delimiter",
-    "text"
-  ],
-  "devDependencies": {
-    "ava": "^1.4.1",
-    "tsd": "^0.7.2",
-    "xo": "^0.24.0"
-  }
-}

node_modules/split-on-first/readme.md

@@ -1,58 +0,0 @@
-# split-on-first [![Build Status](https://travis-ci.com/sindresorhus/split-on-first.svg?branch=master)](https://travis-ci.com/sindresorhus/split-on-first)
-
-> Split a string on the first occurrence of a given separator
-
-This is similar to [`String#split()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/split), but that one splits on all the occurrences, not just the first one.
-
-
-## Install
-
-```
-$ npm install split-on-first
-```
-
-
-## Usage
-
-```js
-const splitOnFirst = require('split-on-first');
-
-splitOnFirst('a-b-c', '-');
-//=> ['a', 'b-c']
-
-splitOnFirst('key:value:value2', ':');
-//=> ['key', 'value:value2']
-
-splitOnFirst('a---b---c', '---');
-//=> ['a', 'b---c']
-
-splitOnFirst('a-b-c', '+');
-//=> ['a-b-c']
-```
-
-
-## API
-
-### splitOnFirst(string, separator)
-
-#### string
-
-Type: `string`
-
-The string to split.
-
-#### separator
-
-Type: `string`
-
-The separator to split on.
-
-
-## Related
-
-- [split-at](https://github.com/sindresorhus/split-at) - Split a string at one or more indices
-
-
-## License
-
-MIT © [Sindre Sorhus](https://sindresorhus.com)

node_modules/strict-uri-encode/index.js

@@ -1,2 +0,0 @@
-'use strict';
-module.exports = str => encodeURIComponent(str).replace(/[!'()*]/g, x => `%${x.charCodeAt(0).toString(16).toUpperCase()}`);

node_modules/strict-uri-encode/license

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) Kevin Martensson <kevinmartensson@gmail.com> (github.com/kevva)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.

node_modules/strict-uri-encode/package.json

@@ -1,31 +0,0 @@
-{
-  "name": "strict-uri-encode",
-  "version": "2.0.0",
-  "description": "A stricter URI encode adhering to RFC 3986",
-  "license": "MIT",
-  "repository": "kevva/strict-uri-encode",
-  "author": {
-    "name": "Kevin Mårtensson",
-    "email": "kevinmartensson@gmail.com",
-    "url": "github.com/kevva"
-  },
-  "engines": {
-    "node": ">=4"
-  },
-  "scripts": {
-    "test": "xo && ava"
-  },
-  "files": [
-    "index.js"
-  ],
-  "keywords": [
-    "component",
-    "encode",
-    "RFC3986",
-    "uri"
-  ],
-  "devDependencies": {
-    "ava": "*",
-    "xo": "*"
-  }
-}

node_modules/strict-uri-encode/readme.md

@@ -1,39 +0,0 @@
-# strict-uri-encode [![Build Status](https://travis-ci.org/kevva/strict-uri-encode.svg?branch=master)](https://travis-ci.org/kevva/strict-uri-encode)
-
-> A stricter URI encode adhering to [RFC 3986](http://tools.ietf.org/html/rfc3986)
-
-
-## Install
-
-```
-$ npm install --save strict-uri-encode
-```
-
-
-## Usage
-
-```js
-const strictUriEncode = require('strict-uri-encode');
-
-strictUriEncode('unicorn!foobar');
-//=> 'unicorn%21foobar'
-
-strictUriEncode('unicorn*foobar');
-//=> 'unicorn%2Afoobar'
-```
-
-
-## API
-
-### strictUriEncode(string)
-
-#### string
-
-Type: `string`, `number`
-
-String to URI encode.
-
-
-## License
-
-MIT © [Kevin Mårtensson](http://github.com/kevva)

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "2.1.36",
+  "version": "2.1.37",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "2.1.36",
+      "version": "2.1.37",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^1.1.0",
@@ -33,7 +33,6 @@
         "long": "^5.2.0",
         "md5": "^2.3.0",
         "path": "^0.12.7",
-        "query-string": "^7.0.1",
         "semver": "^7.3.2",
         "uuid": "^9.0.0",
         "zlib": "^1.0.5"
@@ -1980,13 +1979,6 @@
         }
       }
     },
-    "node_modules/decode-uri-component": {
-      "version": "0.2.0",
-      "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=",
-      "engines": {
-        "node": ">=0.10"
-      }
-    },
     "node_modules/deep-is": {
       "version": "0.1.3",
       "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=",
@@ -3102,13 +3094,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/filter-obj": {
-      "version": "1.1.0",
-      "integrity": "sha1-mzERErxsYSehbgFsbF1/GeCAXFs=",
-      "engines": {
-        "node": ">=0.10.0"
-      }
-    },
     "node_modules/find-up": {
       "version": "6.2.0",
       "resolved": "https://registry.npmjs.org/find-up/-/find-up-6.2.0.tgz",
@@ -4615,23 +4600,6 @@
         "node": ">=6"
       }
     },
-    "node_modules/query-string": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/query-string/-/query-string-7.0.1.tgz",
-      "integrity": "sha512-uIw3iRvHnk9to1blJCG3BTc+Ro56CBowJXKmNNAm3RulvPBzWLRqKSiiDk+IplJhsydwtuNMHi8UGQFcCLVfkA==",
-      "dependencies": {
-        "decode-uri-component": "^0.2.0",
-        "filter-obj": "^1.1.0",
-        "split-on-first": "^1.0.0",
-        "strict-uri-encode": "^2.0.0"
-      },
-      "engines": {
-        "node": ">=6"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/read-pkg-up": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-3.0.0.tgz",
@@ -5097,13 +5065,6 @@
       "integrity": "sha512-J+FWzZoynJEXGphVIS+XEh3kFSjZX/1i9gFBaWQcB+/tmpe2qUsSBABpcxqxnAxFdiUFEgAX1bjYGQvIZmoz9Q==",
       "dev": true
     },
-    "node_modules/split-on-first": {
-      "version": "1.1.0",
-      "integrity": "sha512-43ZssAJaMusuKWL8sKUBQXHWOpq8d6CfN/u1p4gUzfJkM05C8rxTmYrkIPTXapZpORA6LkkzcUulJ8FqA7Uudw==",
-      "engines": {
-        "node": ">=6"
-      }
-    },
     "node_modules/sprintf-js": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@@ -5131,13 +5092,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/strict-uri-encode": {
-      "version": "2.0.0",
-      "integrity": "sha1-ucczDHBChi9rFC3CdLvMWGbONUY=",
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/string-width": {
       "version": "4.2.3",
       "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.36",
+  "version": "2.1.37",
   "private": true,
   "description": "CodeQL action",
   "scripts": {
@@ -45,7 +45,6 @@
     "long": "^5.2.0",
     "md5": "^2.3.0",
     "path": "^0.12.7",
-    "query-string": "^7.0.1",
     "semver": "^7.3.2",
     "uuid": "^9.0.0",
     "zlib": "^1.0.5"

python-setup/tests/poetry/python-3.8/poetry.lock

@@ -1,10 +1,10 @@
 [[package]]
 name = "certifi"
-version = "2021.10.8"
+version = "2022.12.7"
 description = "Python package for providing Mozilla's CA Bundle."
 category = "main"
 optional = false
-python-versions = "*"
+python-versions = ">=3.6"
 
 [[package]]
 name = "charset-normalizer"
@@ -15,7 +15,7 @@ optional = false
 python-versions = ">=3.5.0"
 
 [package.extras]
-unicode_backport = ["unicodedata2"]
+unicode-backport = ["unicodedata2"]
 
 [[package]]
 name = "idna"
@@ -41,7 +41,7 @@ urllib3 = ">=1.21.1,<1.27"
 
 [package.extras]
 socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"]
-use_chardet_on_py3 = ["chardet (>=3.0.2,<5)"]
+use-chardet-on-py3 = ["chardet (>=3.0.2,<5)"]
 
 [[package]]
 name = "urllib3"
@@ -53,18 +53,18 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
 
 [package.extras]
 brotli = ["brotlipy (>=0.6.0)"]
-secure = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "certifi", "ipaddress"]
+secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "ipaddress", "pyOpenSSL (>=0.14)"]
 socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
 
 [metadata]
 lock-version = "1.1"
 python-versions = "^3.8"
-content-hash = "1c921c3aff11a5d59460cdcbe97f0a9c2379e746771452a2bdfe7c530bb5dad0"
+content-hash = "fabc9cabf9f18437e7b9ea3dbd1895a5a118239c17b3d097c465a290707e6bfd"
 
 [metadata.files]
 certifi = [
-    {file = "certifi-2021.10.8-py2.py3-none-any.whl", hash = "sha256:d62a0163eb4c2344ac042ab2bdf75399a71a2d8c7d47eac2e2ee91b9d6339569"},
-    {file = "certifi-2021.10.8.tar.gz", hash = "sha256:78884e7c1d4b00ce3cea67b44566851c4343c120abd683433ce934a68ea58872"},
+    {file = "certifi-2022.12.7-py3-none-any.whl", hash = "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"},
+    {file = "certifi-2022.12.7.tar.gz", hash = "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3"},
 ]
 charset-normalizer = [
     {file = "charset-normalizer-2.0.7.tar.gz", hash = "sha256:e019de665e2bcf9c2b64e2e5aa025fa991da8720daa3c1138cadd2fd1856aed0"},

src/actions-util.test.ts

@@ -88,6 +88,34 @@ test("getRef() returns ref provided as an input and ignores current HEAD", async
   });
 });
 
+test("getRef() returns CODE_SCANNING_REF as a fallback for GITHUB_REF", async (t) => {
+  await withTmpDir(async (tmpDir: string) => {
+    setupActionsVars(tmpDir, tmpDir);
+    const expectedRef = "refs/pull/1/HEAD";
+    const currentSha = "a".repeat(40);
+    process.env["CODE_SCANNING_REF"] = expectedRef;
+    process.env["GITHUB_REF"] = "";
+    process.env["GITHUB_SHA"] = currentSha;
+
+    const actualRef = await actionsutil.getRef();
+    t.deepEqual(actualRef, expectedRef);
+  });
+});
+
+test("getRef() returns GITHUB_REF over CODE_SCANNING_REF if both are provided", async (t) => {
+  await withTmpDir(async (tmpDir: string) => {
+    setupActionsVars(tmpDir, tmpDir);
+    const expectedRef = "refs/pull/1/merge";
+    const currentSha = "a".repeat(40);
+    process.env["CODE_SCANNING_REF"] = "refs/pull/1/HEAD";
+    process.env["GITHUB_REF"] = expectedRef;
+    process.env["GITHUB_SHA"] = currentSha;
+
+    const actualRef = await actionsutil.getRef();
+    t.deepEqual(actualRef, expectedRef);
+  });
+});
+
 test("getRef() throws an error if only `ref` is provided as an input", async (t) => {
   await withTmpDir(async (tmpDir: string) => {
     setupActionsVars(tmpDir, tmpDir);

src/actions-util.ts

@@ -295,7 +295,12 @@ function getRefFromEnv(): string {
   return refEnv;
 }
 
-type ActionName = "init" | "autobuild" | "finish" | "upload-sarif";
+type ActionName =
+  | "init"
+  | "autobuild"
+  | "finish"
+  | "upload-sarif"
+  | "init-post";
 type ActionStatus =
   | "starting"
   | "aborted"

src/codeql.ts

@@ -6,7 +6,6 @@ import * as toolrunner from "@actions/exec/lib/toolrunner";
 import * as toolcache from "@actions/tool-cache";
 import { default as deepEqual } from "fast-deep-equal";
 import * as yaml from "js-yaml";
-import { default as queryString } from "query-string";
 import * as semver from "semver";
 import { v4 as uuidV4 } from "uuid";
 
@@ -489,7 +488,7 @@ export async function setupCodeQL(
         }
 
         const parsedCodeQLURL = new URL(codeqlURL);
-        const parsedQueryString = queryString.parse(parsedCodeQLURL.search);
+        const searchParams = new URLSearchParams(parsedCodeQLURL.search);
         const headers: OutgoingHttpHeaders = {
           accept: "application/octet-stream",
         };
@@ -499,7 +498,7 @@ export async function setupCodeQL(
         // We also don't want to send an authorization header if there's already a token provided in the URL.
         if (
           codeqlURL.startsWith(`${apiDetails.url}/`) &&
-          parsedQueryString["token"] === undefined
+          !searchParams.has("token")
         ) {
           logger.debug("Downloading CodeQL bundle with token.");
           headers.authorization = `token ${apiDetails.auth}`;

src/defaults.json

@@ -1,3 +1,3 @@
 {
-  "bundleVersion": "codeql-bundle-20221202"
+  "bundleVersion": "codeql-bundle-20221211"
 }

src/init-action-post-helper.test.ts

@@ -11,6 +11,7 @@ import { parseRepositoryNwo } from "./repository";
 import {
   createFeatures,
   getRecordingLogger,
+  LoggedMessage,
   setupTests,
 } from "./testing-utils";
 import * as uploadLib from "./upload-lib";
@@ -111,6 +112,40 @@ test("uploads failed SARIF run for typical workflow", async (t) => {
   await testFailedSarifUpload(t, actionsWorkflow, { category: "my-category" });
 });
 
+test("doesn't upload failed SARIF for workflow with upload: false", async (t) => {
+  const actionsWorkflow = createTestWorkflow([
+    {
+      name: "Checkout repository",
+      uses: "actions/checkout@v3",
+    },
+    {
+      name: "Initialize CodeQL",
+      uses: "github/codeql-action/init@v2",
+      with: {
+        languages: "javascript",
+      },
+    },
+    {
+      name: "Perform CodeQL Analysis",
+      uses: "github/codeql-action/analyze@v2",
+      with: {
+        category: "my-category",
+        upload: false,
+      },
+    },
+  ]);
+  await testFailedSarifUpload(t, actionsWorkflow, {
+    expectedLogs: [
+      {
+        message:
+          "Won't upload a failed SARIF file since SARIF upload is disabled.",
+        type: "debug",
+      },
+    ],
+    expectUpload: false,
+  });
+});
+
 test("uploading failed SARIF run fails when workflow does not reference github/codeql-action", async (t) => {
   const actionsWorkflow = createTestWorkflow([
     {
@@ -149,7 +184,15 @@ function createTestWorkflow(
 async function testFailedSarifUpload(
   t: ExecutionContext<unknown>,
   actionsWorkflow: workflow.Workflow,
-  { category }: { category?: string } = {}
+  {
+    category,
+    expectedLogs = [],
+    expectUpload = true,
+  }: {
+    category?: string;
+    expectedLogs?: LoggedMessage[];
+    expectUpload?: boolean;
+  } = {}
 ): Promise<void> {
   const config = {
     codeQLCmd: "codeql",
@@ -180,23 +223,29 @@ async function testFailedSarifUpload(
     createFeatures([Feature.UploadFailedSarifEnabled]),
     getRecordingLogger(messages)
   );
-  t.deepEqual(messages, []);
-  t.true(
-    diagnosticsExportStub.calledOnceWith(sinon.match.string, category),
-    `Actual args were: ${diagnosticsExportStub.args}`
-  );
-  t.true(
-    uploadFromActions.calledOnceWith(
-      sinon.match.string,
-      sinon.match.string,
-      category,
-      sinon.match.any
-    ),
-    `Actual args were: ${uploadFromActions.args}`
-  );
-  t.true(
-    waitForProcessing.calledOnceWith(sinon.match.any, "42", sinon.match.any, {
-      isUnsuccessfulExecution: true,
-    })
-  );
+  t.deepEqual(messages, expectedLogs);
+  if (expectUpload) {
+    t.true(
+      diagnosticsExportStub.calledOnceWith(sinon.match.string, category),
+      `Actual args were: ${diagnosticsExportStub.args}`
+    );
+    t.true(
+      uploadFromActions.calledOnceWith(
+        sinon.match.string,
+        sinon.match.string,
+        category,
+        sinon.match.any
+      ),
+      `Actual args were: ${uploadFromActions.args}`
+    );
+    t.true(
+      waitForProcessing.calledOnceWith(sinon.match.any, "42", sinon.match.any, {
+        isUnsuccessfulExecution: true,
+      })
+    );
+  } else {
+    t.true(diagnosticsExportStub.notCalled);
+    t.true(uploadFromActions.notCalled);
+    t.true(waitForProcessing.notCalled);
+  }
 }

src/init-action-post-helper.ts

@@ -16,17 +16,37 @@ import {
   getWorkflow,
 } from "./workflow";
 
+export interface UploadFailedSarifResult extends uploadLib.UploadStatusReport {
+  /** If there was an error while uploading a failed run, this is its message. */
+  upload_failed_run_error?: string;
+  /** If there was an error while uploading a failed run, this is its stack trace. */
+  upload_failed_run_stack_trace?: string;
+  /** Reason why we did not upload a SARIF payload with `executionSuccessful: false`. */
+  upload_failed_run_skipped_because?: string;
+}
+
+function createFailedUploadFailedSarifResult(
+  error: unknown
+): UploadFailedSarifResult {
+  return {
+    upload_failed_run_error:
+      error instanceof Error ? error.message : String(error),
+    upload_failed_run_stack_trace:
+      error instanceof Error ? error.stack : undefined,
+  };
+}
+
 export async function uploadFailedSarif(
   config: Config,
   repositoryNwo: RepositoryNwo,
   featureEnablement: FeatureEnablement,
   logger: Logger
-) {
+): Promise<UploadFailedSarifResult> {
   if (!config.codeQLCmd) {
     logger.warning(
       "CodeQL command not found. Unable to upload failed SARIF file."
     );
-    return;
+    return { upload_failed_run_skipped_because: "CodeQL command not found" };
   }
   const codeql = await getCodeQL(config.codeQLCmd);
   if (
@@ -36,7 +56,7 @@ export async function uploadFailedSarif(
     ))
   ) {
     logger.debug("Uploading failed SARIF is disabled.");
-    return;
+    return { upload_failed_run_skipped_because: "Feature disabled" };
   }
   const workflow = await getWorkflow();
   const jobName = getRequiredEnvParam("GITHUB_JOB");
@@ -48,7 +68,7 @@ export async function uploadFailedSarif(
     logger.debug(
       "Won't upload a failed SARIF file since SARIF upload is disabled."
     );
-    return;
+    return { upload_failed_run_skipped_because: "SARIF upload is disabled" };
   }
   const category = getCategoryInputOrThrow(workflow, jobName, matrix);
   const checkoutPath = getCheckoutPathInputOrThrow(workflow, jobName, matrix);
@@ -69,6 +89,48 @@ export async function uploadFailedSarif(
     logger,
     { isUnsuccessfulExecution: true }
   );
+  return uploadResult?.statusReport ?? {};
+}
+
+export async function uploadSarifIfRunFailed(
+  config: Config,
+  repositoryNwo: RepositoryNwo,
+  featureEnablement: FeatureEnablement,
+  logger: Logger
+): Promise<UploadFailedSarifResult> {
+  // Environment variable used to integration test uploading a SARIF file for failed runs
+  const expectFailedSarifUpload =
+    process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true";
+
+  if (process.env[CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF] !== "true") {
+    try {
+      return await uploadFailedSarif(
+        config,
+        repositoryNwo,
+        featureEnablement,
+        logger
+      );
+    } catch (e) {
+      if (expectFailedSarifUpload) {
+        throw new Error(
+          "Expected to upload a SARIF file for the failed run, but encountered " +
+            `the following error: ${e}`
+        );
+      }
+      logger.info(
+        `Failed to upload a SARIF file for the failed run. Error: ${e}`
+      );
+      return createFailedUploadFailedSarifResult(e);
+    }
+  } else if (expectFailedSarifUpload) {
+    throw new Error(
+      "Expected to upload a SARIF file for the failed run, but didn't."
+    );
+  } else {
+    return {
+      upload_failed_run_skipped_because: "SARIF file already uploaded",
+    };
+  }
 }
 
 export async function run(
@@ -87,29 +149,12 @@ export async function run(
     return;
   }
 
-  // Environment variable used to integration test uploading a SARIF file for failed runs
-  const expectFailedSarifUpload =
-    process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true";
-
-  if (process.env[CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF] !== "true") {
-    try {
-      await uploadFailedSarif(config, repositoryNwo, featureEnablement, logger);
-    } catch (e) {
-      if (expectFailedSarifUpload) {
-        throw new Error(
-          "Expected to upload a SARIF file for the failed run, but encountered " +
-            `the following error: ${e}`
-        );
-      }
-      logger.info(
-        `Failed to upload a SARIF file for the failed run. Error: ${e}`
-      );
-    }
-  } else if (expectFailedSarifUpload) {
-    throw new Error(
-      "Expected to upload a SARIF file for the failed run, but didn't."
-    );
-  }
+  const uploadFailedSarifResult = await uploadSarifIfRunFailed(
+    config,
+    repositoryNwo,
+    featureEnablement,
+    logger
+  );
 
   // Upload appropriate Actions artifacts for debugging
   if (config.debugMode) {
@@ -121,4 +166,6 @@ export async function run(
 
     await printDebugLogs(config);
   }
+
+  return uploadFailedSarifResult;
 }

src/init-action-post.ts

@@ -6,7 +6,14 @@
 
 import * as core from "@actions/core";
 
-import * as actionsUtil from "./actions-util";
+import {
+  createStatusReportBase,
+  getActionsStatus,
+  getTemporaryDirectory,
+  printDebugLogs,
+  sendStatusReport,
+  StatusReportBase,
+} from "./actions-util";
 import { getGitHubVersion } from "./api-client";
 import * as debugArtifacts from "./debug-artifacts";
 import { Features } from "./feature-flags";
@@ -15,7 +22,15 @@ import { getActionsLogger } from "./logging";
 import { parseRepositoryNwo } from "./repository";
 import { checkGitHubVersionInRange, getRequiredEnvParam } from "./util";
 
+interface InitPostStatusReport
+  extends StatusReportBase,
+    initActionPostHelper.UploadFailedSarifResult {}
+
 async function runWrapper() {
+  const startedAt = new Date();
+  let uploadFailedSarifResult:
+    | initActionPostHelper.UploadFailedSarifResult
+    | undefined;
   try {
     const logger = getActionsLogger();
     const gitHubVersion = await getGitHubVersion();
@@ -27,22 +42,43 @@ async function runWrapper() {
     const features = new Features(
       gitHubVersion,
       repositoryNwo,
-      actionsUtil.getTemporaryDirectory(),
+      getTemporaryDirectory(),
       logger
     );
 
-    await initActionPostHelper.run(
+    uploadFailedSarifResult = await initActionPostHelper.run(
       debugArtifacts.uploadDatabaseBundleDebugArtifact,
       debugArtifacts.uploadLogsDebugArtifact,
-      actionsUtil.printDebugLogs,
+      printDebugLogs,
       repositoryNwo,
       features,
       logger
     );
-  } catch (error) {
-    core.setFailed(`init post-action step failed: ${error}`);
-    console.log(error);
+  } catch (e) {
+    core.setFailed(e instanceof Error ? e.message : String(e));
+
+    console.log(e);
+    await sendStatusReport(
+      await createStatusReportBase(
+        "init-post",
+        getActionsStatus(e),
+        startedAt,
+        String(e),
+        e instanceof Error ? e.stack : undefined
+      )
+    );
+    return;
   }
+  const statusReportBase = await createStatusReportBase(
+    "init-post",
+    "success",
+    startedAt
+  );
+  const statusReport: InitPostStatusReport = {
+    ...statusReportBase,
+    ...uploadFailedSarifResult,
+  };
+  await sendStatusReport(statusReport);
 }
 
 void runWrapper();

src/workflow.ts

@@ -11,7 +11,7 @@ export interface WorkflowJobStep {
   name?: string;
   run?: any;
   uses?: string;
-  with?: { [key: string]: string };
+  with?: { [key: string]: boolean | number | string };
 }
 
 interface WorkflowJob {
@@ -350,12 +350,12 @@ function getInputOrThrow(
     );
   }
 
-  let input = stepsCallingAction[0].with?.[inputName];
+  let input = stepsCallingAction[0].with?.[inputName]?.toString();
 
   if (input !== undefined && matrixVars !== undefined) {
-    // Make a basic attempt to substitute matrix variables
-    // First normalize by removing whitespace
+    // Normalize by removing whitespace
     input = input.replace(/\${{\s+/, "${{").replace(/\s+}}/, "}}");
+    // Make a basic attempt to substitute matrix variables
     for (const [key, value] of Object.entries(matrixVars)) {
       input = input.replace(`\${{matrix.${key}}}`, value);
     }