Compare commits
19 Commits
eggyhead/u
...
main
Author | SHA1 | Date |
---|---|---|
Rob Herley | 834a144ee9 | |
Rob Herley | 134dcf33c0 | |
Rob Herley | 73a0b9c954 | |
Rob Herley | 89ef406dd8 | |
Rob Herley | 23d796df36 | |
Rob Herley | e445c64bc2 | |
Rob Herley | 0b2256b8c0 | |
Rob Herley | 488dcefb9b | |
Rob Herley | 04c51f5766 | |
Rob Herley | 32a9e276a8 | |
Jonathan Tamsut | 552bf3722c | |
eggyhead | 79616d2ded | |
Your Name | 65462800fd | |
eggyhead | c004fb4bf6 | |
Your Name | 90aba496fc | |
eggyhead | b06cde36fc | |
eggyhead | 1746f4ab65 | |
eggyhead | 31685d04a0 | |
eggyhead | 18bf333cd2 |
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
name: "@actions/artifact"
|
name: "@actions/artifact"
|
||||||
version: 2.1.5
|
version: 2.1.8
|
||||||
type: npm
|
type: npm
|
||||||
summary:
|
summary:
|
||||||
homepage:
|
homepage:
|
||||||
|
|
|
@ -2328,9 +2328,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||||
exports.downloadArtifactInternal = exports.downloadArtifactPublic = exports.streamExtractExternal = void 0;
|
exports.downloadArtifactInternal = exports.downloadArtifactPublic = exports.streamExtractExternal = void 0;
|
||||||
const promises_1 = __importDefault(__nccwpck_require__(73292));
|
const promises_1 = __importDefault(__nccwpck_require__(73292));
|
||||||
const stream = __importStar(__nccwpck_require__(12781));
|
|
||||||
const fs_1 = __nccwpck_require__(57147);
|
|
||||||
const path = __importStar(__nccwpck_require__(71017));
|
|
||||||
const github = __importStar(__nccwpck_require__(21260));
|
const github = __importStar(__nccwpck_require__(21260));
|
||||||
const core = __importStar(__nccwpck_require__(42186));
|
const core = __importStar(__nccwpck_require__(42186));
|
||||||
const httpClient = __importStar(__nccwpck_require__(96255));
|
const httpClient = __importStar(__nccwpck_require__(96255));
|
||||||
|
@ -2371,9 +2368,6 @@ function streamExtract(url, directory) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
catch (error) {
|
catch (error) {
|
||||||
if (error.message.includes('Malformed extraction path')) {
|
|
||||||
throw new Error(`Artifact download failed with unretryable error: ${error.message}`);
|
|
||||||
}
|
|
||||||
retryCount++;
|
retryCount++;
|
||||||
core.debug(`Failed to download artifact after ${retryCount} retries due to ${error.message}. Retrying in 5 seconds...`);
|
core.debug(`Failed to download artifact after ${retryCount} retries due to ${error.message}. Retrying in 5 seconds...`);
|
||||||
// wait 5 seconds before retrying
|
// wait 5 seconds before retrying
|
||||||
|
@ -2396,8 +2390,6 @@ function streamExtractExternal(url, directory) {
|
||||||
response.message.destroy(new Error(`Blob storage chunk did not respond in ${timeout}ms`));
|
response.message.destroy(new Error(`Blob storage chunk did not respond in ${timeout}ms`));
|
||||||
};
|
};
|
||||||
const timer = setTimeout(timerFn, timeout);
|
const timer = setTimeout(timerFn, timeout);
|
||||||
const createdDirectories = new Set();
|
|
||||||
createdDirectories.add(directory);
|
|
||||||
response.message
|
response.message
|
||||||
.on('data', () => {
|
.on('data', () => {
|
||||||
timer.refresh();
|
timer.refresh();
|
||||||
|
@ -2407,47 +2399,11 @@ function streamExtractExternal(url, directory) {
|
||||||
clearTimeout(timer);
|
clearTimeout(timer);
|
||||||
reject(error);
|
reject(error);
|
||||||
})
|
})
|
||||||
.pipe(unzip_stream_1.default.Parse())
|
.pipe(unzip_stream_1.default.Extract({ path: directory }))
|
||||||
.pipe(new stream.Transform({
|
.on('close', () => {
|
||||||
objectMode: true,
|
|
||||||
transform: (entry, _, callback) => __awaiter(this, void 0, void 0, function* () {
|
|
||||||
const fullPath = path.normalize(path.join(directory, entry.path));
|
|
||||||
if (!directory.endsWith(path.sep)) {
|
|
||||||
directory += path.sep;
|
|
||||||
}
|
|
||||||
if (!fullPath.startsWith(directory)) {
|
|
||||||
reject(new Error(`Malformed extraction path: ${fullPath}`));
|
|
||||||
}
|
|
||||||
if (entry.type === 'Directory') {
|
|
||||||
if (!createdDirectories.has(fullPath)) {
|
|
||||||
createdDirectories.add(fullPath);
|
|
||||||
yield resolveOrCreateDirectory(fullPath).then(() => {
|
|
||||||
entry.autodrain();
|
|
||||||
callback();
|
|
||||||
});
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
entry.autodrain();
|
|
||||||
callback();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
core.info(`Extracting artifact entry: ${fullPath}`);
|
|
||||||
if (!createdDirectories.has(path.dirname(fullPath))) {
|
|
||||||
createdDirectories.add(path.dirname(fullPath));
|
|
||||||
yield resolveOrCreateDirectory(path.dirname(fullPath));
|
|
||||||
}
|
|
||||||
const writeStream = (0, fs_1.createWriteStream)(fullPath);
|
|
||||||
writeStream.on('finish', callback);
|
|
||||||
writeStream.on('error', reject);
|
|
||||||
entry.pipe(writeStream);
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}))
|
|
||||||
.on('finish', () => __awaiter(this, void 0, void 0, function* () {
|
|
||||||
clearTimeout(timer);
|
clearTimeout(timer);
|
||||||
resolve();
|
resolve();
|
||||||
}))
|
})
|
||||||
.on('error', (error) => {
|
.on('error', (error) => {
|
||||||
reject(error);
|
reject(error);
|
||||||
});
|
});
|
||||||
|
@ -2964,7 +2920,6 @@ class ArtifactHttpClient {
|
||||||
catch (error) {
|
catch (error) {
|
||||||
if (error instanceof SyntaxError) {
|
if (error instanceof SyntaxError) {
|
||||||
(0, core_1.debug)(`Raw Body: ${rawBody}`);
|
(0, core_1.debug)(`Raw Body: ${rawBody}`);
|
||||||
throw error;
|
|
||||||
}
|
}
|
||||||
if (error instanceof errors_1.UsageError) {
|
if (error instanceof errors_1.UsageError) {
|
||||||
throw error;
|
throw error;
|
||||||
|
@ -3070,8 +3025,9 @@ function isGhes() {
|
||||||
const ghUrl = new URL(process.env['GITHUB_SERVER_URL'] || 'https://github.com');
|
const ghUrl = new URL(process.env['GITHUB_SERVER_URL'] || 'https://github.com');
|
||||||
const hostname = ghUrl.hostname.trimEnd().toUpperCase();
|
const hostname = ghUrl.hostname.trimEnd().toUpperCase();
|
||||||
const isGitHubHost = hostname === 'GITHUB.COM';
|
const isGitHubHost = hostname === 'GITHUB.COM';
|
||||||
const isGheHost = hostname.endsWith('.GHE.COM') || hostname.endsWith('.GHE.LOCALHOST');
|
const isGheHost = hostname.endsWith('.GHE.COM');
|
||||||
return !isGitHubHost && !isGheHost;
|
const isLocalHost = hostname.endsWith('.LOCALHOST');
|
||||||
|
return !isGitHubHost && !isGheHost && !isLocalHost;
|
||||||
}
|
}
|
||||||
exports.isGhes = isGhes;
|
exports.isGhes = isGhes;
|
||||||
function getGitHubWorkspaceDir() {
|
function getGitHubWorkspaceDir() {
|
||||||
|
@ -100989,6 +100945,132 @@ function onConnectTimeout (socket) {
|
||||||
module.exports = buildConnector
|
module.exports = buildConnector
|
||||||
|
|
||||||
|
|
||||||
|
/***/ }),
|
||||||
|
|
||||||
|
/***/ 14462:
|
||||||
|
/***/ ((module) => {
|
||||||
|
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
|
||||||
|
/** @type {Record<string, string | undefined>} */
|
||||||
|
const headerNameLowerCasedRecord = {}
|
||||||
|
|
||||||
|
// https://developer.mozilla.org/docs/Web/HTTP/Headers
|
||||||
|
const wellknownHeaderNames = [
|
||||||
|
'Accept',
|
||||||
|
'Accept-Encoding',
|
||||||
|
'Accept-Language',
|
||||||
|
'Accept-Ranges',
|
||||||
|
'Access-Control-Allow-Credentials',
|
||||||
|
'Access-Control-Allow-Headers',
|
||||||
|
'Access-Control-Allow-Methods',
|
||||||
|
'Access-Control-Allow-Origin',
|
||||||
|
'Access-Control-Expose-Headers',
|
||||||
|
'Access-Control-Max-Age',
|
||||||
|
'Access-Control-Request-Headers',
|
||||||
|
'Access-Control-Request-Method',
|
||||||
|
'Age',
|
||||||
|
'Allow',
|
||||||
|
'Alt-Svc',
|
||||||
|
'Alt-Used',
|
||||||
|
'Authorization',
|
||||||
|
'Cache-Control',
|
||||||
|
'Clear-Site-Data',
|
||||||
|
'Connection',
|
||||||
|
'Content-Disposition',
|
||||||
|
'Content-Encoding',
|
||||||
|
'Content-Language',
|
||||||
|
'Content-Length',
|
||||||
|
'Content-Location',
|
||||||
|
'Content-Range',
|
||||||
|
'Content-Security-Policy',
|
||||||
|
'Content-Security-Policy-Report-Only',
|
||||||
|
'Content-Type',
|
||||||
|
'Cookie',
|
||||||
|
'Cross-Origin-Embedder-Policy',
|
||||||
|
'Cross-Origin-Opener-Policy',
|
||||||
|
'Cross-Origin-Resource-Policy',
|
||||||
|
'Date',
|
||||||
|
'Device-Memory',
|
||||||
|
'Downlink',
|
||||||
|
'ECT',
|
||||||
|
'ETag',
|
||||||
|
'Expect',
|
||||||
|
'Expect-CT',
|
||||||
|
'Expires',
|
||||||
|
'Forwarded',
|
||||||
|
'From',
|
||||||
|
'Host',
|
||||||
|
'If-Match',
|
||||||
|
'If-Modified-Since',
|
||||||
|
'If-None-Match',
|
||||||
|
'If-Range',
|
||||||
|
'If-Unmodified-Since',
|
||||||
|
'Keep-Alive',
|
||||||
|
'Last-Modified',
|
||||||
|
'Link',
|
||||||
|
'Location',
|
||||||
|
'Max-Forwards',
|
||||||
|
'Origin',
|
||||||
|
'Permissions-Policy',
|
||||||
|
'Pragma',
|
||||||
|
'Proxy-Authenticate',
|
||||||
|
'Proxy-Authorization',
|
||||||
|
'RTT',
|
||||||
|
'Range',
|
||||||
|
'Referer',
|
||||||
|
'Referrer-Policy',
|
||||||
|
'Refresh',
|
||||||
|
'Retry-After',
|
||||||
|
'Sec-WebSocket-Accept',
|
||||||
|
'Sec-WebSocket-Extensions',
|
||||||
|
'Sec-WebSocket-Key',
|
||||||
|
'Sec-WebSocket-Protocol',
|
||||||
|
'Sec-WebSocket-Version',
|
||||||
|
'Server',
|
||||||
|
'Server-Timing',
|
||||||
|
'Service-Worker-Allowed',
|
||||||
|
'Service-Worker-Navigation-Preload',
|
||||||
|
'Set-Cookie',
|
||||||
|
'SourceMap',
|
||||||
|
'Strict-Transport-Security',
|
||||||
|
'Supports-Loading-Mode',
|
||||||
|
'TE',
|
||||||
|
'Timing-Allow-Origin',
|
||||||
|
'Trailer',
|
||||||
|
'Transfer-Encoding',
|
||||||
|
'Upgrade',
|
||||||
|
'Upgrade-Insecure-Requests',
|
||||||
|
'User-Agent',
|
||||||
|
'Vary',
|
||||||
|
'Via',
|
||||||
|
'WWW-Authenticate',
|
||||||
|
'X-Content-Type-Options',
|
||||||
|
'X-DNS-Prefetch-Control',
|
||||||
|
'X-Frame-Options',
|
||||||
|
'X-Permitted-Cross-Domain-Policies',
|
||||||
|
'X-Powered-By',
|
||||||
|
'X-Requested-With',
|
||||||
|
'X-XSS-Protection'
|
||||||
|
]
|
||||||
|
|
||||||
|
for (let i = 0; i < wellknownHeaderNames.length; ++i) {
|
||||||
|
const key = wellknownHeaderNames[i]
|
||||||
|
const lowerCasedKey = key.toLowerCase()
|
||||||
|
headerNameLowerCasedRecord[key] = headerNameLowerCasedRecord[lowerCasedKey] =
|
||||||
|
lowerCasedKey
|
||||||
|
}
|
||||||
|
|
||||||
|
// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.
|
||||||
|
Object.setPrototypeOf(headerNameLowerCasedRecord, null)
|
||||||
|
|
||||||
|
module.exports = {
|
||||||
|
wellknownHeaderNames,
|
||||||
|
headerNameLowerCasedRecord
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/***/ }),
|
/***/ }),
|
||||||
|
|
||||||
/***/ 48045:
|
/***/ 48045:
|
||||||
|
@ -101821,6 +101903,7 @@ const { InvalidArgumentError } = __nccwpck_require__(48045)
|
||||||
const { Blob } = __nccwpck_require__(14300)
|
const { Blob } = __nccwpck_require__(14300)
|
||||||
const nodeUtil = __nccwpck_require__(73837)
|
const nodeUtil = __nccwpck_require__(73837)
|
||||||
const { stringify } = __nccwpck_require__(63477)
|
const { stringify } = __nccwpck_require__(63477)
|
||||||
|
const { headerNameLowerCasedRecord } = __nccwpck_require__(14462)
|
||||||
|
|
||||||
const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v))
|
const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v))
|
||||||
|
|
||||||
|
@ -102030,6 +102113,15 @@ function parseKeepAliveTimeout (val) {
|
||||||
return m ? parseInt(m[1], 10) * 1000 : null
|
return m ? parseInt(m[1], 10) * 1000 : null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retrieves a header name and returns its lowercase value.
|
||||||
|
* @param {string | Buffer} value Header name
|
||||||
|
* @returns {string}
|
||||||
|
*/
|
||||||
|
function headerNameToString (value) {
|
||||||
|
return headerNameLowerCasedRecord[value] || value.toLowerCase()
|
||||||
|
}
|
||||||
|
|
||||||
function parseHeaders (headers, obj = {}) {
|
function parseHeaders (headers, obj = {}) {
|
||||||
// For H2 support
|
// For H2 support
|
||||||
if (!Array.isArray(headers)) return headers
|
if (!Array.isArray(headers)) return headers
|
||||||
|
@ -102301,6 +102393,7 @@ module.exports = {
|
||||||
isIterable,
|
isIterable,
|
||||||
isAsyncIterable,
|
isAsyncIterable,
|
||||||
isDestroyed,
|
isDestroyed,
|
||||||
|
headerNameToString,
|
||||||
parseRawHeaders,
|
parseRawHeaders,
|
||||||
parseHeaders,
|
parseHeaders,
|
||||||
parseKeepAliveTimeout,
|
parseKeepAliveTimeout,
|
||||||
|
@ -106437,6 +106530,9 @@ function httpRedirectFetch (fetchParams, response) {
|
||||||
// https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name
|
// https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name
|
||||||
request.headersList.delete('authorization')
|
request.headersList.delete('authorization')
|
||||||
|
|
||||||
|
// https://fetch.spec.whatwg.org/#authentication-entries
|
||||||
|
request.headersList.delete('proxy-authorization', true)
|
||||||
|
|
||||||
// "Cookie" and "Host" are forbidden request-headers, which undici doesn't implement.
|
// "Cookie" and "Host" are forbidden request-headers, which undici doesn't implement.
|
||||||
request.headersList.delete('cookie')
|
request.headersList.delete('cookie')
|
||||||
request.headersList.delete('host')
|
request.headersList.delete('host')
|
||||||
|
@ -108945,14 +109041,18 @@ const { isBlobLike, toUSVString, ReadableStreamFrom } = __nccwpck_require__(8398
|
||||||
const assert = __nccwpck_require__(39491)
|
const assert = __nccwpck_require__(39491)
|
||||||
const { isUint8Array } = __nccwpck_require__(29830)
|
const { isUint8Array } = __nccwpck_require__(29830)
|
||||||
|
|
||||||
|
let supportedHashes = []
|
||||||
|
|
||||||
// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
|
// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
|
||||||
/** @type {import('crypto')|undefined} */
|
/** @type {import('crypto')|undefined} */
|
||||||
let crypto
|
let crypto
|
||||||
|
|
||||||
try {
|
try {
|
||||||
crypto = __nccwpck_require__(6113)
|
crypto = __nccwpck_require__(6113)
|
||||||
|
const possibleRelevantHashes = ['sha256', 'sha384', 'sha512']
|
||||||
|
supportedHashes = crypto.getHashes().filter((hash) => possibleRelevantHashes.includes(hash))
|
||||||
|
/* c8 ignore next 3 */
|
||||||
} catch {
|
} catch {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function responseURL (response) {
|
function responseURL (response) {
|
||||||
|
@ -109480,66 +109580,56 @@ function bytesMatch (bytes, metadataList) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
// 3. If parsedMetadata is the empty set, return true.
|
// 3. If response is not eligible for integrity validation, return false.
|
||||||
|
// TODO
|
||||||
|
|
||||||
|
// 4. If parsedMetadata is the empty set, return true.
|
||||||
if (parsedMetadata.length === 0) {
|
if (parsedMetadata.length === 0) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
// 4. Let metadata be the result of getting the strongest
|
// 5. Let metadata be the result of getting the strongest
|
||||||
// metadata from parsedMetadata.
|
// metadata from parsedMetadata.
|
||||||
const list = parsedMetadata.sort((c, d) => d.algo.localeCompare(c.algo))
|
const strongest = getStrongestMetadata(parsedMetadata)
|
||||||
// get the strongest algorithm
|
const metadata = filterMetadataListByAlgorithm(parsedMetadata, strongest)
|
||||||
const strongest = list[0].algo
|
|
||||||
// get all entries that use the strongest algorithm; ignore weaker
|
|
||||||
const metadata = list.filter((item) => item.algo === strongest)
|
|
||||||
|
|
||||||
// 5. For each item in metadata:
|
// 6. For each item in metadata:
|
||||||
for (const item of metadata) {
|
for (const item of metadata) {
|
||||||
// 1. Let algorithm be the alg component of item.
|
// 1. Let algorithm be the alg component of item.
|
||||||
const algorithm = item.algo
|
const algorithm = item.algo
|
||||||
|
|
||||||
// 2. Let expectedValue be the val component of item.
|
// 2. Let expectedValue be the val component of item.
|
||||||
let expectedValue = item.hash
|
const expectedValue = item.hash
|
||||||
|
|
||||||
// See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
|
// See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
|
||||||
// "be liberal with padding". This is annoying, and it's not even in the spec.
|
// "be liberal with padding". This is annoying, and it's not even in the spec.
|
||||||
|
|
||||||
if (expectedValue.endsWith('==')) {
|
|
||||||
expectedValue = expectedValue.slice(0, -2)
|
|
||||||
}
|
|
||||||
|
|
||||||
// 3. Let actualValue be the result of applying algorithm to bytes.
|
// 3. Let actualValue be the result of applying algorithm to bytes.
|
||||||
let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')
|
let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')
|
||||||
|
|
||||||
if (actualValue.endsWith('==')) {
|
if (actualValue[actualValue.length - 1] === '=') {
|
||||||
|
if (actualValue[actualValue.length - 2] === '=') {
|
||||||
actualValue = actualValue.slice(0, -2)
|
actualValue = actualValue.slice(0, -2)
|
||||||
|
} else {
|
||||||
|
actualValue = actualValue.slice(0, -1)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 4. If actualValue is a case-sensitive match for expectedValue,
|
// 4. If actualValue is a case-sensitive match for expectedValue,
|
||||||
// return true.
|
// return true.
|
||||||
if (actualValue === expectedValue) {
|
if (compareBase64Mixed(actualValue, expectedValue)) {
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
||||||
let actualBase64URL = crypto.createHash(algorithm).update(bytes).digest('base64url')
|
|
||||||
|
|
||||||
if (actualBase64URL.endsWith('==')) {
|
|
||||||
actualBase64URL = actualBase64URL.slice(0, -2)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (actualBase64URL === expectedValue) {
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 6. Return false.
|
// 7. Return false.
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
// https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options
|
// https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options
|
||||||
// https://www.w3.org/TR/CSP2/#source-list-syntax
|
// https://www.w3.org/TR/CSP2/#source-list-syntax
|
||||||
// https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
|
// https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
|
||||||
const parseHashWithOptions = /((?<algo>sha256|sha384|sha512)-(?<hash>[A-z0-9+/]{1}.*={0,2}))( +[\x21-\x7e]?)?/i
|
const parseHashWithOptions = /(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
|
* @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
|
||||||
|
@ -109553,8 +109643,6 @@ function parseMetadata (metadata) {
|
||||||
// 2. Let empty be equal to true.
|
// 2. Let empty be equal to true.
|
||||||
let empty = true
|
let empty = true
|
||||||
|
|
||||||
const supportedHashes = crypto.getHashes()
|
|
||||||
|
|
||||||
// 3. For each token returned by splitting metadata on spaces:
|
// 3. For each token returned by splitting metadata on spaces:
|
||||||
for (const token of metadata.split(' ')) {
|
for (const token of metadata.split(' ')) {
|
||||||
// 1. Set empty to false.
|
// 1. Set empty to false.
|
||||||
|
@ -109564,7 +109652,11 @@ function parseMetadata (metadata) {
|
||||||
const parsedToken = parseHashWithOptions.exec(token)
|
const parsedToken = parseHashWithOptions.exec(token)
|
||||||
|
|
||||||
// 3. If token does not parse, continue to the next token.
|
// 3. If token does not parse, continue to the next token.
|
||||||
if (parsedToken === null || parsedToken.groups === undefined) {
|
if (
|
||||||
|
parsedToken === null ||
|
||||||
|
parsedToken.groups === undefined ||
|
||||||
|
parsedToken.groups.algo === undefined
|
||||||
|
) {
|
||||||
// Note: Chromium blocks the request at this point, but Firefox
|
// Note: Chromium blocks the request at this point, but Firefox
|
||||||
// gives a warning that an invalid integrity was given. The
|
// gives a warning that an invalid integrity was given. The
|
||||||
// correct behavior is to ignore these, and subsequently not
|
// correct behavior is to ignore these, and subsequently not
|
||||||
|
@ -109573,11 +109665,11 @@ function parseMetadata (metadata) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// 4. Let algorithm be the hash-algo component of token.
|
// 4. Let algorithm be the hash-algo component of token.
|
||||||
const algorithm = parsedToken.groups.algo
|
const algorithm = parsedToken.groups.algo.toLowerCase()
|
||||||
|
|
||||||
// 5. If algorithm is a hash function recognized by the user
|
// 5. If algorithm is a hash function recognized by the user
|
||||||
// agent, add the parsed token to result.
|
// agent, add the parsed token to result.
|
||||||
if (supportedHashes.includes(algorithm.toLowerCase())) {
|
if (supportedHashes.includes(algorithm)) {
|
||||||
result.push(parsedToken.groups)
|
result.push(parsedToken.groups)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -109590,6 +109682,82 @@ function parseMetadata (metadata) {
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param {{ algo: 'sha256' | 'sha384' | 'sha512' }[]} metadataList
|
||||||
|
*/
|
||||||
|
function getStrongestMetadata (metadataList) {
|
||||||
|
// Let algorithm be the algo component of the first item in metadataList.
|
||||||
|
// Can be sha256
|
||||||
|
let algorithm = metadataList[0].algo
|
||||||
|
// If the algorithm is sha512, then it is the strongest
|
||||||
|
// and we can return immediately
|
||||||
|
if (algorithm[3] === '5') {
|
||||||
|
return algorithm
|
||||||
|
}
|
||||||
|
|
||||||
|
for (let i = 1; i < metadataList.length; ++i) {
|
||||||
|
const metadata = metadataList[i]
|
||||||
|
// If the algorithm is sha512, then it is the strongest
|
||||||
|
// and we can break the loop immediately
|
||||||
|
if (metadata.algo[3] === '5') {
|
||||||
|
algorithm = 'sha512'
|
||||||
|
break
|
||||||
|
// If the algorithm is sha384, then a potential sha256 or sha384 is ignored
|
||||||
|
} else if (algorithm[3] === '3') {
|
||||||
|
continue
|
||||||
|
// algorithm is sha256, check if algorithm is sha384 and if so, set it as
|
||||||
|
// the strongest
|
||||||
|
} else if (metadata.algo[3] === '3') {
|
||||||
|
algorithm = 'sha384'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return algorithm
|
||||||
|
}
|
||||||
|
|
||||||
|
function filterMetadataListByAlgorithm (metadataList, algorithm) {
|
||||||
|
if (metadataList.length === 1) {
|
||||||
|
return metadataList
|
||||||
|
}
|
||||||
|
|
||||||
|
let pos = 0
|
||||||
|
for (let i = 0; i < metadataList.length; ++i) {
|
||||||
|
if (metadataList[i].algo === algorithm) {
|
||||||
|
metadataList[pos++] = metadataList[i]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
metadataList.length = pos
|
||||||
|
|
||||||
|
return metadataList
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Compares two base64 strings, allowing for base64url
|
||||||
|
* in the second string.
|
||||||
|
*
|
||||||
|
* @param {string} actualValue always base64
|
||||||
|
* @param {string} expectedValue base64 or base64url
|
||||||
|
* @returns {boolean}
|
||||||
|
*/
|
||||||
|
function compareBase64Mixed (actualValue, expectedValue) {
|
||||||
|
if (actualValue.length !== expectedValue.length) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
for (let i = 0; i < actualValue.length; ++i) {
|
||||||
|
if (actualValue[i] !== expectedValue[i]) {
|
||||||
|
if (
|
||||||
|
(actualValue[i] === '+' && expectedValue[i] === '-') ||
|
||||||
|
(actualValue[i] === '/' && expectedValue[i] === '_')
|
||||||
|
) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
// https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
|
// https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
|
||||||
function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {
|
function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {
|
||||||
// TODO
|
// TODO
|
||||||
|
@ -110005,7 +110173,8 @@ module.exports = {
|
||||||
urlHasHttpsScheme,
|
urlHasHttpsScheme,
|
||||||
urlIsHttpHttpsScheme,
|
urlIsHttpHttpsScheme,
|
||||||
readAllBytes,
|
readAllBytes,
|
||||||
normalizeMethodRecord
|
normalizeMethodRecord,
|
||||||
|
parseMetadata
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -112092,12 +112261,17 @@ function parseLocation (statusCode, headers) {
|
||||||
|
|
||||||
// https://tools.ietf.org/html/rfc7231#section-6.4.4
|
// https://tools.ietf.org/html/rfc7231#section-6.4.4
|
||||||
function shouldRemoveHeader (header, removeContent, unknownOrigin) {
|
function shouldRemoveHeader (header, removeContent, unknownOrigin) {
|
||||||
return (
|
if (header.length === 4) {
|
||||||
(header.length === 4 && header.toString().toLowerCase() === 'host') ||
|
return util.headerNameToString(header) === 'host'
|
||||||
(removeContent && header.toString().toLowerCase().indexOf('content-') === 0) ||
|
}
|
||||||
(unknownOrigin && header.length === 13 && header.toString().toLowerCase() === 'authorization') ||
|
if (removeContent && util.headerNameToString(header).startsWith('content-')) {
|
||||||
(unknownOrigin && header.length === 6 && header.toString().toLowerCase() === 'cookie')
|
return true
|
||||||
)
|
}
|
||||||
|
if (unknownOrigin && (header.length === 13 || header.length === 6 || header.length === 19)) {
|
||||||
|
const name = util.headerNameToString(header)
|
||||||
|
return name === 'authorization' || name === 'cookie' || name === 'proxy-authorization'
|
||||||
|
}
|
||||||
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
// https://tools.ietf.org/html/rfc7231#section-6.4
|
// https://tools.ietf.org/html/rfc7231#section-6.4
|
||||||
|
@ -135978,7 +136152,7 @@ module.exports = index;
|
||||||
/***/ ((module) => {
|
/***/ ((module) => {
|
||||||
|
|
||||||
"use strict";
|
"use strict";
|
||||||
module.exports = JSON.parse('{"name":"@actions/artifact","version":"2.1.5","preview":true,"description":"Actions artifact lib","keywords":["github","actions","artifact"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/artifact","license":"MIT","main":"lib/artifact.js","types":"lib/artifact.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/artifact"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"cd ../../ && npm run test ./packages/artifact","bootstrap":"cd ../../ && npm run bootstrap","tsc-run":"tsc","tsc":"npm run bootstrap && npm run tsc-run","gen:docs":"typedoc --plugin typedoc-plugin-markdown --out docs/generated src/artifact.ts --githubPages false --readme none"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.10.0","@actions/github":"^5.1.1","@actions/http-client":"^2.1.0","@azure/storage-blob":"^12.15.0","@octokit/core":"^3.5.1","@octokit/plugin-request-log":"^1.0.4","@octokit/plugin-retry":"^3.0.9","@octokit/request-error":"^5.0.0","@protobuf-ts/plugin":"^2.2.3-alpha.1","archiver":"^7.0.1","crypto":"^1.0.1","jwt-decode":"^3.1.2","twirp-ts":"^2.5.0","unzip-stream":"^0.3.1"},"devDependencies":{"@types/archiver":"^5.3.2","@types/unzip-stream":"^0.3.4","typedoc":"^0.25.4","typedoc-plugin-markdown":"^3.17.1","typescript":"^5.2.2"}}');
|
module.exports = JSON.parse('{"name":"@actions/artifact","version":"2.1.8","preview":true,"description":"Actions artifact lib","keywords":["github","actions","artifact"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/artifact","license":"MIT","main":"lib/artifact.js","types":"lib/artifact.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/artifact"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"cd ../../ && npm run test ./packages/artifact","bootstrap":"cd ../../ && npm run bootstrap","tsc-run":"tsc","tsc":"npm run bootstrap && npm run tsc-run","gen:docs":"typedoc --plugin typedoc-plugin-markdown --out docs/generated src/artifact.ts --githubPages false --readme none"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.10.0","@actions/github":"^5.1.1","@actions/http-client":"^2.1.0","@azure/storage-blob":"^12.15.0","@octokit/core":"^3.5.1","@octokit/plugin-request-log":"^1.0.4","@octokit/plugin-retry":"^3.0.9","@octokit/request-error":"^5.0.0","@protobuf-ts/plugin":"^2.2.3-alpha.1","archiver":"^7.0.1","crypto":"^1.0.1","jwt-decode":"^3.1.2","twirp-ts":"^2.5.0","unzip-stream":"^0.3.1"},"devDependencies":{"@types/archiver":"^5.3.2","@types/unzip-stream":"^0.3.4","typedoc":"^0.25.4","typedoc-plugin-markdown":"^3.17.1","typescript":"^5.2.2"}}');
|
||||||
|
|
||||||
/***/ }),
|
/***/ }),
|
||||||
|
|
||||||
|
|
|
@ -2328,9 +2328,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||||
exports.downloadArtifactInternal = exports.downloadArtifactPublic = exports.streamExtractExternal = void 0;
|
exports.downloadArtifactInternal = exports.downloadArtifactPublic = exports.streamExtractExternal = void 0;
|
||||||
const promises_1 = __importDefault(__nccwpck_require__(73292));
|
const promises_1 = __importDefault(__nccwpck_require__(73292));
|
||||||
const stream = __importStar(__nccwpck_require__(12781));
|
|
||||||
const fs_1 = __nccwpck_require__(57147);
|
|
||||||
const path = __importStar(__nccwpck_require__(71017));
|
|
||||||
const github = __importStar(__nccwpck_require__(21260));
|
const github = __importStar(__nccwpck_require__(21260));
|
||||||
const core = __importStar(__nccwpck_require__(42186));
|
const core = __importStar(__nccwpck_require__(42186));
|
||||||
const httpClient = __importStar(__nccwpck_require__(96255));
|
const httpClient = __importStar(__nccwpck_require__(96255));
|
||||||
|
@ -2371,9 +2368,6 @@ function streamExtract(url, directory) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
catch (error) {
|
catch (error) {
|
||||||
if (error.message.includes('Malformed extraction path')) {
|
|
||||||
throw new Error(`Artifact download failed with unretryable error: ${error.message}`);
|
|
||||||
}
|
|
||||||
retryCount++;
|
retryCount++;
|
||||||
core.debug(`Failed to download artifact after ${retryCount} retries due to ${error.message}. Retrying in 5 seconds...`);
|
core.debug(`Failed to download artifact after ${retryCount} retries due to ${error.message}. Retrying in 5 seconds...`);
|
||||||
// wait 5 seconds before retrying
|
// wait 5 seconds before retrying
|
||||||
|
@ -2396,8 +2390,6 @@ function streamExtractExternal(url, directory) {
|
||||||
response.message.destroy(new Error(`Blob storage chunk did not respond in ${timeout}ms`));
|
response.message.destroy(new Error(`Blob storage chunk did not respond in ${timeout}ms`));
|
||||||
};
|
};
|
||||||
const timer = setTimeout(timerFn, timeout);
|
const timer = setTimeout(timerFn, timeout);
|
||||||
const createdDirectories = new Set();
|
|
||||||
createdDirectories.add(directory);
|
|
||||||
response.message
|
response.message
|
||||||
.on('data', () => {
|
.on('data', () => {
|
||||||
timer.refresh();
|
timer.refresh();
|
||||||
|
@ -2407,47 +2399,11 @@ function streamExtractExternal(url, directory) {
|
||||||
clearTimeout(timer);
|
clearTimeout(timer);
|
||||||
reject(error);
|
reject(error);
|
||||||
})
|
})
|
||||||
.pipe(unzip_stream_1.default.Parse())
|
.pipe(unzip_stream_1.default.Extract({ path: directory }))
|
||||||
.pipe(new stream.Transform({
|
.on('close', () => {
|
||||||
objectMode: true,
|
|
||||||
transform: (entry, _, callback) => __awaiter(this, void 0, void 0, function* () {
|
|
||||||
const fullPath = path.normalize(path.join(directory, entry.path));
|
|
||||||
if (!directory.endsWith(path.sep)) {
|
|
||||||
directory += path.sep;
|
|
||||||
}
|
|
||||||
if (!fullPath.startsWith(directory)) {
|
|
||||||
reject(new Error(`Malformed extraction path: ${fullPath}`));
|
|
||||||
}
|
|
||||||
if (entry.type === 'Directory') {
|
|
||||||
if (!createdDirectories.has(fullPath)) {
|
|
||||||
createdDirectories.add(fullPath);
|
|
||||||
yield resolveOrCreateDirectory(fullPath).then(() => {
|
|
||||||
entry.autodrain();
|
|
||||||
callback();
|
|
||||||
});
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
entry.autodrain();
|
|
||||||
callback();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
core.info(`Extracting artifact entry: ${fullPath}`);
|
|
||||||
if (!createdDirectories.has(path.dirname(fullPath))) {
|
|
||||||
createdDirectories.add(path.dirname(fullPath));
|
|
||||||
yield resolveOrCreateDirectory(path.dirname(fullPath));
|
|
||||||
}
|
|
||||||
const writeStream = (0, fs_1.createWriteStream)(fullPath);
|
|
||||||
writeStream.on('finish', callback);
|
|
||||||
writeStream.on('error', reject);
|
|
||||||
entry.pipe(writeStream);
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}))
|
|
||||||
.on('finish', () => __awaiter(this, void 0, void 0, function* () {
|
|
||||||
clearTimeout(timer);
|
clearTimeout(timer);
|
||||||
resolve();
|
resolve();
|
||||||
}))
|
})
|
||||||
.on('error', (error) => {
|
.on('error', (error) => {
|
||||||
reject(error);
|
reject(error);
|
||||||
});
|
});
|
||||||
|
@ -2964,7 +2920,6 @@ class ArtifactHttpClient {
|
||||||
catch (error) {
|
catch (error) {
|
||||||
if (error instanceof SyntaxError) {
|
if (error instanceof SyntaxError) {
|
||||||
(0, core_1.debug)(`Raw Body: ${rawBody}`);
|
(0, core_1.debug)(`Raw Body: ${rawBody}`);
|
||||||
throw error;
|
|
||||||
}
|
}
|
||||||
if (error instanceof errors_1.UsageError) {
|
if (error instanceof errors_1.UsageError) {
|
||||||
throw error;
|
throw error;
|
||||||
|
@ -3070,8 +3025,9 @@ function isGhes() {
|
||||||
const ghUrl = new URL(process.env['GITHUB_SERVER_URL'] || 'https://github.com');
|
const ghUrl = new URL(process.env['GITHUB_SERVER_URL'] || 'https://github.com');
|
||||||
const hostname = ghUrl.hostname.trimEnd().toUpperCase();
|
const hostname = ghUrl.hostname.trimEnd().toUpperCase();
|
||||||
const isGitHubHost = hostname === 'GITHUB.COM';
|
const isGitHubHost = hostname === 'GITHUB.COM';
|
||||||
const isGheHost = hostname.endsWith('.GHE.COM') || hostname.endsWith('.GHE.LOCALHOST');
|
const isGheHost = hostname.endsWith('.GHE.COM');
|
||||||
return !isGitHubHost && !isGheHost;
|
const isLocalHost = hostname.endsWith('.LOCALHOST');
|
||||||
|
return !isGitHubHost && !isGheHost && !isLocalHost;
|
||||||
}
|
}
|
||||||
exports.isGhes = isGhes;
|
exports.isGhes = isGhes;
|
||||||
function getGitHubWorkspaceDir() {
|
function getGitHubWorkspaceDir() {
|
||||||
|
@ -100989,6 +100945,132 @@ function onConnectTimeout (socket) {
|
||||||
module.exports = buildConnector
|
module.exports = buildConnector
|
||||||
|
|
||||||
|
|
||||||
|
/***/ }),
|
||||||
|
|
||||||
|
/***/ 14462:
|
||||||
|
/***/ ((module) => {
|
||||||
|
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
|
||||||
|
/** @type {Record<string, string | undefined>} */
|
||||||
|
const headerNameLowerCasedRecord = {}
|
||||||
|
|
||||||
|
// https://developer.mozilla.org/docs/Web/HTTP/Headers
|
||||||
|
const wellknownHeaderNames = [
|
||||||
|
'Accept',
|
||||||
|
'Accept-Encoding',
|
||||||
|
'Accept-Language',
|
||||||
|
'Accept-Ranges',
|
||||||
|
'Access-Control-Allow-Credentials',
|
||||||
|
'Access-Control-Allow-Headers',
|
||||||
|
'Access-Control-Allow-Methods',
|
||||||
|
'Access-Control-Allow-Origin',
|
||||||
|
'Access-Control-Expose-Headers',
|
||||||
|
'Access-Control-Max-Age',
|
||||||
|
'Access-Control-Request-Headers',
|
||||||
|
'Access-Control-Request-Method',
|
||||||
|
'Age',
|
||||||
|
'Allow',
|
||||||
|
'Alt-Svc',
|
||||||
|
'Alt-Used',
|
||||||
|
'Authorization',
|
||||||
|
'Cache-Control',
|
||||||
|
'Clear-Site-Data',
|
||||||
|
'Connection',
|
||||||
|
'Content-Disposition',
|
||||||
|
'Content-Encoding',
|
||||||
|
'Content-Language',
|
||||||
|
'Content-Length',
|
||||||
|
'Content-Location',
|
||||||
|
'Content-Range',
|
||||||
|
'Content-Security-Policy',
|
||||||
|
'Content-Security-Policy-Report-Only',
|
||||||
|
'Content-Type',
|
||||||
|
'Cookie',
|
||||||
|
'Cross-Origin-Embedder-Policy',
|
||||||
|
'Cross-Origin-Opener-Policy',
|
||||||
|
'Cross-Origin-Resource-Policy',
|
||||||
|
'Date',
|
||||||
|
'Device-Memory',
|
||||||
|
'Downlink',
|
||||||
|
'ECT',
|
||||||
|
'ETag',
|
||||||
|
'Expect',
|
||||||
|
'Expect-CT',
|
||||||
|
'Expires',
|
||||||
|
'Forwarded',
|
||||||
|
'From',
|
||||||
|
'Host',
|
||||||
|
'If-Match',
|
||||||
|
'If-Modified-Since',
|
||||||
|
'If-None-Match',
|
||||||
|
'If-Range',
|
||||||
|
'If-Unmodified-Since',
|
||||||
|
'Keep-Alive',
|
||||||
|
'Last-Modified',
|
||||||
|
'Link',
|
||||||
|
'Location',
|
||||||
|
'Max-Forwards',
|
||||||
|
'Origin',
|
||||||
|
'Permissions-Policy',
|
||||||
|
'Pragma',
|
||||||
|
'Proxy-Authenticate',
|
||||||
|
'Proxy-Authorization',
|
||||||
|
'RTT',
|
||||||
|
'Range',
|
||||||
|
'Referer',
|
||||||
|
'Referrer-Policy',
|
||||||
|
'Refresh',
|
||||||
|
'Retry-After',
|
||||||
|
'Sec-WebSocket-Accept',
|
||||||
|
'Sec-WebSocket-Extensions',
|
||||||
|
'Sec-WebSocket-Key',
|
||||||
|
'Sec-WebSocket-Protocol',
|
||||||
|
'Sec-WebSocket-Version',
|
||||||
|
'Server',
|
||||||
|
'Server-Timing',
|
||||||
|
'Service-Worker-Allowed',
|
||||||
|
'Service-Worker-Navigation-Preload',
|
||||||
|
'Set-Cookie',
|
||||||
|
'SourceMap',
|
||||||
|
'Strict-Transport-Security',
|
||||||
|
'Supports-Loading-Mode',
|
||||||
|
'TE',
|
||||||
|
'Timing-Allow-Origin',
|
||||||
|
'Trailer',
|
||||||
|
'Transfer-Encoding',
|
||||||
|
'Upgrade',
|
||||||
|
'Upgrade-Insecure-Requests',
|
||||||
|
'User-Agent',
|
||||||
|
'Vary',
|
||||||
|
'Via',
|
||||||
|
'WWW-Authenticate',
|
||||||
|
'X-Content-Type-Options',
|
||||||
|
'X-DNS-Prefetch-Control',
|
||||||
|
'X-Frame-Options',
|
||||||
|
'X-Permitted-Cross-Domain-Policies',
|
||||||
|
'X-Powered-By',
|
||||||
|
'X-Requested-With',
|
||||||
|
'X-XSS-Protection'
|
||||||
|
]
|
||||||
|
|
||||||
|
for (let i = 0; i < wellknownHeaderNames.length; ++i) {
|
||||||
|
const key = wellknownHeaderNames[i]
|
||||||
|
const lowerCasedKey = key.toLowerCase()
|
||||||
|
headerNameLowerCasedRecord[key] = headerNameLowerCasedRecord[lowerCasedKey] =
|
||||||
|
lowerCasedKey
|
||||||
|
}
|
||||||
|
|
||||||
|
// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.
|
||||||
|
Object.setPrototypeOf(headerNameLowerCasedRecord, null)
|
||||||
|
|
||||||
|
module.exports = {
|
||||||
|
wellknownHeaderNames,
|
||||||
|
headerNameLowerCasedRecord
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/***/ }),
|
/***/ }),
|
||||||
|
|
||||||
/***/ 48045:
|
/***/ 48045:
|
||||||
|
@ -101821,6 +101903,7 @@ const { InvalidArgumentError } = __nccwpck_require__(48045)
|
||||||
const { Blob } = __nccwpck_require__(14300)
|
const { Blob } = __nccwpck_require__(14300)
|
||||||
const nodeUtil = __nccwpck_require__(73837)
|
const nodeUtil = __nccwpck_require__(73837)
|
||||||
const { stringify } = __nccwpck_require__(63477)
|
const { stringify } = __nccwpck_require__(63477)
|
||||||
|
const { headerNameLowerCasedRecord } = __nccwpck_require__(14462)
|
||||||
|
|
||||||
const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v))
|
const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v))
|
||||||
|
|
||||||
|
@ -102030,6 +102113,15 @@ function parseKeepAliveTimeout (val) {
|
||||||
return m ? parseInt(m[1], 10) * 1000 : null
|
return m ? parseInt(m[1], 10) * 1000 : null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retrieves a header name and returns its lowercase value.
|
||||||
|
* @param {string | Buffer} value Header name
|
||||||
|
* @returns {string}
|
||||||
|
*/
|
||||||
|
function headerNameToString (value) {
|
||||||
|
return headerNameLowerCasedRecord[value] || value.toLowerCase()
|
||||||
|
}
|
||||||
|
|
||||||
function parseHeaders (headers, obj = {}) {
|
function parseHeaders (headers, obj = {}) {
|
||||||
// For H2 support
|
// For H2 support
|
||||||
if (!Array.isArray(headers)) return headers
|
if (!Array.isArray(headers)) return headers
|
||||||
|
@ -102301,6 +102393,7 @@ module.exports = {
|
||||||
isIterable,
|
isIterable,
|
||||||
isAsyncIterable,
|
isAsyncIterable,
|
||||||
isDestroyed,
|
isDestroyed,
|
||||||
|
headerNameToString,
|
||||||
parseRawHeaders,
|
parseRawHeaders,
|
||||||
parseHeaders,
|
parseHeaders,
|
||||||
parseKeepAliveTimeout,
|
parseKeepAliveTimeout,
|
||||||
|
@ -106437,6 +106530,9 @@ function httpRedirectFetch (fetchParams, response) {
|
||||||
// https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name
|
// https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name
|
||||||
request.headersList.delete('authorization')
|
request.headersList.delete('authorization')
|
||||||
|
|
||||||
|
// https://fetch.spec.whatwg.org/#authentication-entries
|
||||||
|
request.headersList.delete('proxy-authorization', true)
|
||||||
|
|
||||||
// "Cookie" and "Host" are forbidden request-headers, which undici doesn't implement.
|
// "Cookie" and "Host" are forbidden request-headers, which undici doesn't implement.
|
||||||
request.headersList.delete('cookie')
|
request.headersList.delete('cookie')
|
||||||
request.headersList.delete('host')
|
request.headersList.delete('host')
|
||||||
|
@ -108945,14 +109041,18 @@ const { isBlobLike, toUSVString, ReadableStreamFrom } = __nccwpck_require__(8398
|
||||||
const assert = __nccwpck_require__(39491)
|
const assert = __nccwpck_require__(39491)
|
||||||
const { isUint8Array } = __nccwpck_require__(29830)
|
const { isUint8Array } = __nccwpck_require__(29830)
|
||||||
|
|
||||||
|
let supportedHashes = []
|
||||||
|
|
||||||
// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
|
// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
|
||||||
/** @type {import('crypto')|undefined} */
|
/** @type {import('crypto')|undefined} */
|
||||||
let crypto
|
let crypto
|
||||||
|
|
||||||
try {
|
try {
|
||||||
crypto = __nccwpck_require__(6113)
|
crypto = __nccwpck_require__(6113)
|
||||||
|
const possibleRelevantHashes = ['sha256', 'sha384', 'sha512']
|
||||||
|
supportedHashes = crypto.getHashes().filter((hash) => possibleRelevantHashes.includes(hash))
|
||||||
|
/* c8 ignore next 3 */
|
||||||
} catch {
|
} catch {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function responseURL (response) {
|
function responseURL (response) {
|
||||||
|
@ -109480,66 +109580,56 @@ function bytesMatch (bytes, metadataList) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
// 3. If parsedMetadata is the empty set, return true.
|
// 3. If response is not eligible for integrity validation, return false.
|
||||||
|
// TODO
|
||||||
|
|
||||||
|
// 4. If parsedMetadata is the empty set, return true.
|
||||||
if (parsedMetadata.length === 0) {
|
if (parsedMetadata.length === 0) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
// 4. Let metadata be the result of getting the strongest
|
// 5. Let metadata be the result of getting the strongest
|
||||||
// metadata from parsedMetadata.
|
// metadata from parsedMetadata.
|
||||||
const list = parsedMetadata.sort((c, d) => d.algo.localeCompare(c.algo))
|
const strongest = getStrongestMetadata(parsedMetadata)
|
||||||
// get the strongest algorithm
|
const metadata = filterMetadataListByAlgorithm(parsedMetadata, strongest)
|
||||||
const strongest = list[0].algo
|
|
||||||
// get all entries that use the strongest algorithm; ignore weaker
|
|
||||||
const metadata = list.filter((item) => item.algo === strongest)
|
|
||||||
|
|
||||||
// 5. For each item in metadata:
|
// 6. For each item in metadata:
|
||||||
for (const item of metadata) {
|
for (const item of metadata) {
|
||||||
// 1. Let algorithm be the alg component of item.
|
// 1. Let algorithm be the alg component of item.
|
||||||
const algorithm = item.algo
|
const algorithm = item.algo
|
||||||
|
|
||||||
// 2. Let expectedValue be the val component of item.
|
// 2. Let expectedValue be the val component of item.
|
||||||
let expectedValue = item.hash
|
const expectedValue = item.hash
|
||||||
|
|
||||||
// See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
|
// See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
|
||||||
// "be liberal with padding". This is annoying, and it's not even in the spec.
|
// "be liberal with padding". This is annoying, and it's not even in the spec.
|
||||||
|
|
||||||
if (expectedValue.endsWith('==')) {
|
|
||||||
expectedValue = expectedValue.slice(0, -2)
|
|
||||||
}
|
|
||||||
|
|
||||||
// 3. Let actualValue be the result of applying algorithm to bytes.
|
// 3. Let actualValue be the result of applying algorithm to bytes.
|
||||||
let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')
|
let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')
|
||||||
|
|
||||||
if (actualValue.endsWith('==')) {
|
if (actualValue[actualValue.length - 1] === '=') {
|
||||||
|
if (actualValue[actualValue.length - 2] === '=') {
|
||||||
actualValue = actualValue.slice(0, -2)
|
actualValue = actualValue.slice(0, -2)
|
||||||
|
} else {
|
||||||
|
actualValue = actualValue.slice(0, -1)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 4. If actualValue is a case-sensitive match for expectedValue,
|
// 4. If actualValue is a case-sensitive match for expectedValue,
|
||||||
// return true.
|
// return true.
|
||||||
if (actualValue === expectedValue) {
|
if (compareBase64Mixed(actualValue, expectedValue)) {
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
||||||
let actualBase64URL = crypto.createHash(algorithm).update(bytes).digest('base64url')
|
|
||||||
|
|
||||||
if (actualBase64URL.endsWith('==')) {
|
|
||||||
actualBase64URL = actualBase64URL.slice(0, -2)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (actualBase64URL === expectedValue) {
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 6. Return false.
|
// 7. Return false.
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
// https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options
|
// https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options
|
||||||
// https://www.w3.org/TR/CSP2/#source-list-syntax
|
// https://www.w3.org/TR/CSP2/#source-list-syntax
|
||||||
// https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
|
// https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
|
||||||
const parseHashWithOptions = /((?<algo>sha256|sha384|sha512)-(?<hash>[A-z0-9+/]{1}.*={0,2}))( +[\x21-\x7e]?)?/i
|
const parseHashWithOptions = /(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
|
* @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
|
||||||
|
@ -109553,8 +109643,6 @@ function parseMetadata (metadata) {
|
||||||
// 2. Let empty be equal to true.
|
// 2. Let empty be equal to true.
|
||||||
let empty = true
|
let empty = true
|
||||||
|
|
||||||
const supportedHashes = crypto.getHashes()
|
|
||||||
|
|
||||||
// 3. For each token returned by splitting metadata on spaces:
|
// 3. For each token returned by splitting metadata on spaces:
|
||||||
for (const token of metadata.split(' ')) {
|
for (const token of metadata.split(' ')) {
|
||||||
// 1. Set empty to false.
|
// 1. Set empty to false.
|
||||||
|
@ -109564,7 +109652,11 @@ function parseMetadata (metadata) {
|
||||||
const parsedToken = parseHashWithOptions.exec(token)
|
const parsedToken = parseHashWithOptions.exec(token)
|
||||||
|
|
||||||
// 3. If token does not parse, continue to the next token.
|
// 3. If token does not parse, continue to the next token.
|
||||||
if (parsedToken === null || parsedToken.groups === undefined) {
|
if (
|
||||||
|
parsedToken === null ||
|
||||||
|
parsedToken.groups === undefined ||
|
||||||
|
parsedToken.groups.algo === undefined
|
||||||
|
) {
|
||||||
// Note: Chromium blocks the request at this point, but Firefox
|
// Note: Chromium blocks the request at this point, but Firefox
|
||||||
// gives a warning that an invalid integrity was given. The
|
// gives a warning that an invalid integrity was given. The
|
||||||
// correct behavior is to ignore these, and subsequently not
|
// correct behavior is to ignore these, and subsequently not
|
||||||
|
@ -109573,11 +109665,11 @@ function parseMetadata (metadata) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// 4. Let algorithm be the hash-algo component of token.
|
// 4. Let algorithm be the hash-algo component of token.
|
||||||
const algorithm = parsedToken.groups.algo
|
const algorithm = parsedToken.groups.algo.toLowerCase()
|
||||||
|
|
||||||
// 5. If algorithm is a hash function recognized by the user
|
// 5. If algorithm is a hash function recognized by the user
|
||||||
// agent, add the parsed token to result.
|
// agent, add the parsed token to result.
|
||||||
if (supportedHashes.includes(algorithm.toLowerCase())) {
|
if (supportedHashes.includes(algorithm)) {
|
||||||
result.push(parsedToken.groups)
|
result.push(parsedToken.groups)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -109590,6 +109682,82 @@ function parseMetadata (metadata) {
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param {{ algo: 'sha256' | 'sha384' | 'sha512' }[]} metadataList
|
||||||
|
*/
|
||||||
|
function getStrongestMetadata (metadataList) {
|
||||||
|
// Let algorithm be the algo component of the first item in metadataList.
|
||||||
|
// Can be sha256
|
||||||
|
let algorithm = metadataList[0].algo
|
||||||
|
// If the algorithm is sha512, then it is the strongest
|
||||||
|
// and we can return immediately
|
||||||
|
if (algorithm[3] === '5') {
|
||||||
|
return algorithm
|
||||||
|
}
|
||||||
|
|
||||||
|
for (let i = 1; i < metadataList.length; ++i) {
|
||||||
|
const metadata = metadataList[i]
|
||||||
|
// If the algorithm is sha512, then it is the strongest
|
||||||
|
// and we can break the loop immediately
|
||||||
|
if (metadata.algo[3] === '5') {
|
||||||
|
algorithm = 'sha512'
|
||||||
|
break
|
||||||
|
// If the algorithm is sha384, then a potential sha256 or sha384 is ignored
|
||||||
|
} else if (algorithm[3] === '3') {
|
||||||
|
continue
|
||||||
|
// algorithm is sha256, check if algorithm is sha384 and if so, set it as
|
||||||
|
// the strongest
|
||||||
|
} else if (metadata.algo[3] === '3') {
|
||||||
|
algorithm = 'sha384'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return algorithm
|
||||||
|
}
|
||||||
|
|
||||||
|
function filterMetadataListByAlgorithm (metadataList, algorithm) {
|
||||||
|
if (metadataList.length === 1) {
|
||||||
|
return metadataList
|
||||||
|
}
|
||||||
|
|
||||||
|
let pos = 0
|
||||||
|
for (let i = 0; i < metadataList.length; ++i) {
|
||||||
|
if (metadataList[i].algo === algorithm) {
|
||||||
|
metadataList[pos++] = metadataList[i]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
metadataList.length = pos
|
||||||
|
|
||||||
|
return metadataList
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Compares two base64 strings, allowing for base64url
|
||||||
|
* in the second string.
|
||||||
|
*
|
||||||
|
* @param {string} actualValue always base64
|
||||||
|
* @param {string} expectedValue base64 or base64url
|
||||||
|
* @returns {boolean}
|
||||||
|
*/
|
||||||
|
function compareBase64Mixed (actualValue, expectedValue) {
|
||||||
|
if (actualValue.length !== expectedValue.length) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
for (let i = 0; i < actualValue.length; ++i) {
|
||||||
|
if (actualValue[i] !== expectedValue[i]) {
|
||||||
|
if (
|
||||||
|
(actualValue[i] === '+' && expectedValue[i] === '-') ||
|
||||||
|
(actualValue[i] === '/' && expectedValue[i] === '_')
|
||||||
|
) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
// https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
|
// https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
|
||||||
function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {
|
function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {
|
||||||
// TODO
|
// TODO
|
||||||
|
@ -110005,7 +110173,8 @@ module.exports = {
|
||||||
urlHasHttpsScheme,
|
urlHasHttpsScheme,
|
||||||
urlIsHttpHttpsScheme,
|
urlIsHttpHttpsScheme,
|
||||||
readAllBytes,
|
readAllBytes,
|
||||||
normalizeMethodRecord
|
normalizeMethodRecord,
|
||||||
|
parseMetadata
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -112092,12 +112261,17 @@ function parseLocation (statusCode, headers) {
|
||||||
|
|
||||||
// https://tools.ietf.org/html/rfc7231#section-6.4.4
|
// https://tools.ietf.org/html/rfc7231#section-6.4.4
|
||||||
function shouldRemoveHeader (header, removeContent, unknownOrigin) {
|
function shouldRemoveHeader (header, removeContent, unknownOrigin) {
|
||||||
return (
|
if (header.length === 4) {
|
||||||
(header.length === 4 && header.toString().toLowerCase() === 'host') ||
|
return util.headerNameToString(header) === 'host'
|
||||||
(removeContent && header.toString().toLowerCase().indexOf('content-') === 0) ||
|
}
|
||||||
(unknownOrigin && header.length === 13 && header.toString().toLowerCase() === 'authorization') ||
|
if (removeContent && util.headerNameToString(header).startsWith('content-')) {
|
||||||
(unknownOrigin && header.length === 6 && header.toString().toLowerCase() === 'cookie')
|
return true
|
||||||
)
|
}
|
||||||
|
if (unknownOrigin && (header.length === 13 || header.length === 6 || header.length === 19)) {
|
||||||
|
const name = util.headerNameToString(header)
|
||||||
|
return name === 'authorization' || name === 'cookie' || name === 'proxy-authorization'
|
||||||
|
}
|
||||||
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
// https://tools.ietf.org/html/rfc7231#section-6.4
|
// https://tools.ietf.org/html/rfc7231#section-6.4
|
||||||
|
@ -135988,7 +136162,7 @@ module.exports = index;
|
||||||
/***/ ((module) => {
|
/***/ ((module) => {
|
||||||
|
|
||||||
"use strict";
|
"use strict";
|
||||||
module.exports = JSON.parse('{"name":"@actions/artifact","version":"2.1.5","preview":true,"description":"Actions artifact lib","keywords":["github","actions","artifact"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/artifact","license":"MIT","main":"lib/artifact.js","types":"lib/artifact.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/artifact"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"cd ../../ && npm run test ./packages/artifact","bootstrap":"cd ../../ && npm run bootstrap","tsc-run":"tsc","tsc":"npm run bootstrap && npm run tsc-run","gen:docs":"typedoc --plugin typedoc-plugin-markdown --out docs/generated src/artifact.ts --githubPages false --readme none"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.10.0","@actions/github":"^5.1.1","@actions/http-client":"^2.1.0","@azure/storage-blob":"^12.15.0","@octokit/core":"^3.5.1","@octokit/plugin-request-log":"^1.0.4","@octokit/plugin-retry":"^3.0.9","@octokit/request-error":"^5.0.0","@protobuf-ts/plugin":"^2.2.3-alpha.1","archiver":"^7.0.1","crypto":"^1.0.1","jwt-decode":"^3.1.2","twirp-ts":"^2.5.0","unzip-stream":"^0.3.1"},"devDependencies":{"@types/archiver":"^5.3.2","@types/unzip-stream":"^0.3.4","typedoc":"^0.25.4","typedoc-plugin-markdown":"^3.17.1","typescript":"^5.2.2"}}');
|
module.exports = JSON.parse('{"name":"@actions/artifact","version":"2.1.8","preview":true,"description":"Actions artifact lib","keywords":["github","actions","artifact"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/artifact","license":"MIT","main":"lib/artifact.js","types":"lib/artifact.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/artifact"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"cd ../../ && npm run test ./packages/artifact","bootstrap":"cd ../../ && npm run bootstrap","tsc-run":"tsc","tsc":"npm run bootstrap && npm run tsc-run","gen:docs":"typedoc --plugin typedoc-plugin-markdown --out docs/generated src/artifact.ts --githubPages false --readme none"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.10.0","@actions/github":"^5.1.1","@actions/http-client":"^2.1.0","@azure/storage-blob":"^12.15.0","@octokit/core":"^3.5.1","@octokit/plugin-request-log":"^1.0.4","@octokit/plugin-retry":"^3.0.9","@octokit/request-error":"^5.0.0","@protobuf-ts/plugin":"^2.2.3-alpha.1","archiver":"^7.0.1","crypto":"^1.0.1","jwt-decode":"^3.1.2","twirp-ts":"^2.5.0","unzip-stream":"^0.3.1"},"devDependencies":{"@types/archiver":"^5.3.2","@types/unzip-stream":"^0.3.4","typedoc":"^0.25.4","typedoc-plugin-markdown":"^3.17.1","typescript":"^5.2.2"}}');
|
||||||
|
|
||||||
/***/ }),
|
/***/ }),
|
||||||
|
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
{
|
{
|
||||||
"name": "upload-artifact",
|
"name": "upload-artifact",
|
||||||
"version": "4.3.1",
|
"version": "4.3.6",
|
||||||
"lockfileVersion": 2,
|
"lockfileVersion": 2,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"packages": {
|
"packages": {
|
||||||
"": {
|
"": {
|
||||||
"name": "upload-artifact",
|
"name": "upload-artifact",
|
||||||
"version": "4.3.1",
|
"version": "4.3.6",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@actions/artifact": "^2.1.5",
|
"@actions/artifact": "2.1.8",
|
||||||
"@actions/core": "^1.10.1",
|
"@actions/core": "^1.10.1",
|
||||||
"@actions/github": "^6.0.0",
|
"@actions/github": "^6.0.0",
|
||||||
"@actions/glob": "^0.3.0",
|
"@actions/glob": "^0.3.0",
|
||||||
|
@ -34,9 +34,9 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/@actions/artifact": {
|
"node_modules/@actions/artifact": {
|
||||||
"version": "2.1.5",
|
"version": "2.1.8",
|
||||||
"resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.1.5.tgz",
|
"resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.1.8.tgz",
|
||||||
"integrity": "sha512-V98roImcfgWq7YtL2gzT2p2PTv1oy7k1xloq2RW/EDsJ7fX4oL7x8v9bLmmTPQ5+f4OrUbwveDZNw4iSjbtiWA==",
|
"integrity": "sha512-kxgbllgF5f6mEdMeSW6WXlUbV1U77V9ECpA7LOYaY+Tm6RfXOm36EdXbpm+T9VPeaVqXK4QHLAgqay9GSyClgw==",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@actions/core": "^1.10.0",
|
"@actions/core": "^1.10.0",
|
||||||
"@actions/github": "^5.1.1",
|
"@actions/github": "^5.1.1",
|
||||||
|
@ -2838,12 +2838,12 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/braces": {
|
"node_modules/braces": {
|
||||||
"version": "3.0.2",
|
"version": "3.0.3",
|
||||||
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
|
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
|
||||||
"integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
|
"integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
|
||||||
"dev": true,
|
"dev": true,
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"fill-range": "^7.0.1"
|
"fill-range": "^7.1.1"
|
||||||
},
|
},
|
||||||
"engines": {
|
"engines": {
|
||||||
"node": ">=8"
|
"node": ">=8"
|
||||||
|
@ -4275,9 +4275,9 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/fill-range": {
|
"node_modules/fill-range": {
|
||||||
"version": "7.0.1",
|
"version": "7.1.1",
|
||||||
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
|
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
|
||||||
"integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
|
"integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
|
||||||
"dev": true,
|
"dev": true,
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"to-regex-range": "^5.0.1"
|
"to-regex-range": "^5.0.1"
|
||||||
|
@ -7584,9 +7584,9 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/undici": {
|
"node_modules/undici": {
|
||||||
"version": "5.28.2",
|
"version": "5.28.4",
|
||||||
"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.2.tgz",
|
"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz",
|
||||||
"integrity": "sha512-wh1pHJHnUeQV5Xa8/kyQhO7WFa8M34l026L5P/+2TYiakvGy5Rdc8jWZVyG7ieht/0WgJLEd3kcU5gKx+6GC8w==",
|
"integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@fastify/busboy": "^2.0.0"
|
"@fastify/busboy": "^2.0.0"
|
||||||
},
|
},
|
||||||
|
@ -7902,9 +7902,9 @@
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@actions/artifact": {
|
"@actions/artifact": {
|
||||||
"version": "2.1.5",
|
"version": "2.1.8",
|
||||||
"resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.1.5.tgz",
|
"resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.1.8.tgz",
|
||||||
"integrity": "sha512-V98roImcfgWq7YtL2gzT2p2PTv1oy7k1xloq2RW/EDsJ7fX4oL7x8v9bLmmTPQ5+f4OrUbwveDZNw4iSjbtiWA==",
|
"integrity": "sha512-kxgbllgF5f6mEdMeSW6WXlUbV1U77V9ECpA7LOYaY+Tm6RfXOm36EdXbpm+T9VPeaVqXK4QHLAgqay9GSyClgw==",
|
||||||
"requires": {
|
"requires": {
|
||||||
"@actions/core": "^1.10.0",
|
"@actions/core": "^1.10.0",
|
||||||
"@actions/github": "^5.1.1",
|
"@actions/github": "^5.1.1",
|
||||||
|
@ -10102,12 +10102,12 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"braces": {
|
"braces": {
|
||||||
"version": "3.0.2",
|
"version": "3.0.3",
|
||||||
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
|
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
|
||||||
"integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
|
"integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
|
||||||
"dev": true,
|
"dev": true,
|
||||||
"requires": {
|
"requires": {
|
||||||
"fill-range": "^7.0.1"
|
"fill-range": "^7.1.1"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"browserslist": {
|
"browserslist": {
|
||||||
|
@ -11196,9 +11196,9 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"fill-range": {
|
"fill-range": {
|
||||||
"version": "7.0.1",
|
"version": "7.1.1",
|
||||||
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
|
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
|
||||||
"integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
|
"integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
|
||||||
"dev": true,
|
"dev": true,
|
||||||
"requires": {
|
"requires": {
|
||||||
"to-regex-range": "^5.0.1"
|
"to-regex-range": "^5.0.1"
|
||||||
|
@ -13638,9 +13638,9 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"undici": {
|
"undici": {
|
||||||
"version": "5.28.2",
|
"version": "5.28.4",
|
||||||
"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.2.tgz",
|
"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz",
|
||||||
"integrity": "sha512-wh1pHJHnUeQV5Xa8/kyQhO7WFa8M34l026L5P/+2TYiakvGy5Rdc8jWZVyG7ieht/0WgJLEd3kcU5gKx+6GC8w==",
|
"integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==",
|
||||||
"requires": {
|
"requires": {
|
||||||
"@fastify/busboy": "^2.0.0"
|
"@fastify/busboy": "^2.0.0"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "upload-artifact",
|
"name": "upload-artifact",
|
||||||
"version": "4.3.1",
|
"version": "4.3.6",
|
||||||
"description": "Upload an Actions Artifact in a workflow run",
|
"description": "Upload an Actions Artifact in a workflow run",
|
||||||
"main": "dist/upload/index.js",
|
"main": "dist/upload/index.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
|
@ -29,7 +29,7 @@
|
||||||
},
|
},
|
||||||
"homepage": "https://github.com/actions/upload-artifact#readme",
|
"homepage": "https://github.com/actions/upload-artifact#readme",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@actions/artifact": "^2.1.5",
|
"@actions/artifact": "2.1.8",
|
||||||
"@actions/core": "^1.10.1",
|
"@actions/core": "^1.10.1",
|
||||||
"@actions/github": "^6.0.0",
|
"@actions/github": "^6.0.0",
|
||||||
"@actions/glob": "^0.3.0",
|
"@actions/glob": "^0.3.0",
|
||||||
|
|
Loading…
Reference in New Issue