actions
/
upload-artifact
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: actions:main
Branches Tags
actions:main
actions:v3/backport-exclude-hidden-files
actions:joshmgross/exclude-git-directory
actions:joshmgross/exclude-hidden-files
actions:robherley/4.3.6
actions:robherley/4.3.5
actions:tmp-4.3.5-rc0
actions:robherley/bump-pkgs
actions:eggyhead/use-artifact-v2.1.6
actions:eggyhead/release-4.3.2
actions:eggyhead/update-artifact-v215
actions:robherley/deprecation-notice
actions:v3/node20
actions:eggyhead/update-artifact-v2.1.1
actions:eggyhead/release-ghes-hostcheck-toolkit2.1.0
actions:robherley/migration-docs-typo
actions:robherley/merge-artifacts
actions:robherley/reorganize
actions:robherley/merge-artifact
actions:robherley/overwrite-artifact
actions:robherley/update-readme-limit
actions:robherley/add-migration-docs
actions:robherley/misc-updates
actions:v4-beta
actions:robherley/v4-documentation
actions:vmjoseph/v4-beta-more-descriptive-annotations
actions:jtamsut/update-upload-artifact
actions:v4-beta-http-patch
actions:dependabot/npm_and_yarn/word-wrap-1.2.4
actions:konradpabjan/bump-actions-artifact
actions:feature/update-lockfile-version
actions:thboop/node16upgrade
actions:upgrade-dependencies
actions:master
actions:v2-preview
actions:releases/v1
actions:v4.3.6
actions:v4
actions:v4.3.5
actions:v4.3.4
actions:v4.3.3
actions:v4.3.2
actions:v3-node20
actions:v4.3.1
actions:v4.3.0
actions:v4.2.0
actions:v4.1.0
actions:v4.0.0
actions:v3.1.3
actions:v3
actions:v3.1.2
actions:v3.1.1
actions:v3.1.0
actions:v3.0.0
actions:v2.3.1
actions:v2
actions:v2.3.0
actions:v2.2.4
actions:v2.2.3
actions:v2.2.2
actions:v2.2.1
actions:v2.2.0
actions:v2.1.4
actions:v2.1.3
actions:v2.1.2
actions:v2.1.1
actions:v2.1.0
actions:2.1.0
actions:v2.0.1
actions:v1.0.0
actions:1.0.0
actions:v1
..
compare: actions:eggyhead/update-artifact-v215
Branches Tags
actions:v3/backport-exclude-hidden-files
actions:joshmgross/exclude-git-directory
actions:joshmgross/exclude-hidden-files
actions:main
actions:robherley/4.3.6
actions:robherley/4.3.5
actions:tmp-4.3.5-rc0
actions:robherley/bump-pkgs
actions:eggyhead/use-artifact-v2.1.6
actions:eggyhead/release-4.3.2
actions:eggyhead/update-artifact-v215
actions:robherley/deprecation-notice
actions:v3/node20
actions:eggyhead/update-artifact-v2.1.1
actions:eggyhead/release-ghes-hostcheck-toolkit2.1.0
actions:robherley/migration-docs-typo
actions:robherley/merge-artifacts
actions:robherley/reorganize
actions:robherley/merge-artifact
actions:robherley/overwrite-artifact
actions:robherley/update-readme-limit
actions:robherley/add-migration-docs
actions:robherley/misc-updates
actions:v4-beta
actions:robherley/v4-documentation
actions:vmjoseph/v4-beta-more-descriptive-annotations
actions:jtamsut/update-upload-artifact
actions:v4-beta-http-patch
actions:dependabot/npm_and_yarn/word-wrap-1.2.4
actions:konradpabjan/bump-actions-artifact
actions:feature/update-lockfile-version
actions:thboop/node16upgrade
actions:upgrade-dependencies
actions:master
actions:v2-preview
actions:releases/v1
actions:v4.3.6
actions:v4
actions:v4.3.5
actions:v4.3.4
actions:v4.3.3
actions:v4.3.2
actions:v3-node20
actions:v4.3.1
actions:v4.3.0
actions:v4.2.0
actions:v4.1.0
actions:v4.0.0
actions:v3.1.3
actions:v3
actions:v3.1.2
actions:v3.1.1
actions:v3.1.0
actions:v3.0.0
actions:v2.3.1
actions:v2
actions:v2.3.0
actions:v2.2.4
actions:v2.2.3
actions:v2.2.2
actions:v2.2.1
actions:v2.2.0
actions:v2.1.4
actions:v2.1.3
actions:v2.1.2
actions:v2.1.1
actions:v2.1.0
actions:2.1.0
actions:v2.0.1
actions:v1.0.0
actions:1.0.0
actions:v1

No commits in common. "main" and "eggyhead/update-artifact-v215" have entirely different histories.
main ... eggyhead/u

5 changed files with 216 additions and 564 deletions
Show Stats Expand all files Collapse all files

2
.licenses/npm/@actions/artifact.dep.yml generated
View File

@ -1,6 +1,6 @@
--- ---
name: "@actions/artifact" name: "@actions/artifact"
version: 2.1.8 version: 2.1.5
type: npm type: npm
summary: summary:
homepage: homepage:

358
dist/merge/index.js vendored
View File

@ -2328,6 +2328,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
Object.defineProperty(exports, "__esModule", ({ value: true })); Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.downloadArtifactInternal = exports.downloadArtifactPublic = exports.streamExtractExternal = void 0; exports.downloadArtifactInternal = exports.downloadArtifactPublic = exports.streamExtractExternal = void 0;
const promises_1 = __importDefault(__nccwpck_require__(73292)); const promises_1 = __importDefault(__nccwpck_require__(73292));
const stream = __importStar(__nccwpck_require__(12781));
const fs_1 = __nccwpck_require__(57147);
const path = __importStar(__nccwpck_require__(71017));
const github = __importStar(__nccwpck_require__(21260)); const github = __importStar(__nccwpck_require__(21260));
const core = __importStar(__nccwpck_require__(42186)); const core = __importStar(__nccwpck_require__(42186));
const httpClient = __importStar(__nccwpck_require__(96255)); const httpClient = __importStar(__nccwpck_require__(96255));
@ -2368,6 +2371,9 @@ function streamExtract(url, directory) {
return; return;
} }
catch (error) { catch (error) {
if (error.message.includes('Malformed extraction path')) {
throw new Error(`Artifact download failed with unretryable error: ${error.message}`);
}
retryCount++; retryCount++;
core.debug(`Failed to download artifact after ${retryCount} retries due to ${error.message}. Retrying in 5 seconds...`); core.debug(`Failed to download artifact after ${retryCount} retries due to ${error.message}. Retrying in 5 seconds...`);
// wait 5 seconds before retrying // wait 5 seconds before retrying
@ -2390,6 +2396,8 @@ function streamExtractExternal(url, directory) {
response.message.destroy(new Error(`Blob storage chunk did not respond in ${timeout}ms`)); response.message.destroy(new Error(`Blob storage chunk did not respond in ${timeout}ms`));
}; };
const timer = setTimeout(timerFn, timeout); const timer = setTimeout(timerFn, timeout);
const createdDirectories = new Set();
createdDirectories.add(directory);
response.message response.message
.on('data', () => { .on('data', () => {
timer.refresh(); timer.refresh();
@ -2399,11 +2407,47 @@ function streamExtractExternal(url, directory) {
clearTimeout(timer); clearTimeout(timer);
reject(error); reject(error);
}) })
.pipe(unzip_stream_1.default.Extract({ path: directory })) .pipe(unzip_stream_1.default.Parse())
.on('close', () => { .pipe(new stream.Transform({
objectMode: true,
transform: (entry, _, callback) => __awaiter(this, void 0, void 0, function* () {
const fullPath = path.normalize(path.join(directory, entry.path));
if (!directory.endsWith(path.sep)) {
directory += path.sep;
}
if (!fullPath.startsWith(directory)) {
reject(new Error(`Malformed extraction path: ${fullPath}`));
}
if (entry.type === 'Directory') {
if (!createdDirectories.has(fullPath)) {
createdDirectories.add(fullPath);
yield resolveOrCreateDirectory(fullPath).then(() => {
entry.autodrain();
callback();
});
}
else {
entry.autodrain();
callback();
}
}
else {
core.info(`Extracting artifact entry: ${fullPath}`);
if (!createdDirectories.has(path.dirname(fullPath))) {
createdDirectories.add(path.dirname(fullPath));
yield resolveOrCreateDirectory(path.dirname(fullPath));
}
const writeStream = (0, fs_1.createWriteStream)(fullPath);
writeStream.on('finish', callback);
writeStream.on('error', reject);
entry.pipe(writeStream);
}
})
}))
.on('finish', () => __awaiter(this, void 0, void 0, function* () {
clearTimeout(timer); clearTimeout(timer);
resolve(); resolve();
}) }))
.on('error', (error) => { .on('error', (error) => {
reject(error); reject(error);
}); });
@ -2920,6 +2964,7 @@ class ArtifactHttpClient {
catch (error) { catch (error) {
if (error instanceof SyntaxError) { if (error instanceof SyntaxError) {
(0, core_1.debug)(`Raw Body: ${rawBody}`); (0, core_1.debug)(`Raw Body: ${rawBody}`);
throw error;
} }
if (error instanceof errors_1.UsageError) { if (error instanceof errors_1.UsageError) {
throw error; throw error;
@ -3025,9 +3070,8 @@ function isGhes() {
const ghUrl = new URL(process.env['GITHUB_SERVER_URL'] || 'https://github.com'); const ghUrl = new URL(process.env['GITHUB_SERVER_URL'] || 'https://github.com');
const hostname = ghUrl.hostname.trimEnd().toUpperCase(); const hostname = ghUrl.hostname.trimEnd().toUpperCase();
const isGitHubHost = hostname === 'GITHUB.COM'; const isGitHubHost = hostname === 'GITHUB.COM';
const isGheHost = hostname.endsWith('.GHE.COM'); const isGheHost = hostname.endsWith('.GHE.COM') || hostname.endsWith('.GHE.LOCALHOST');
const isLocalHost = hostname.endsWith('.LOCALHOST'); return !isGitHubHost && !isGheHost;
return !isGitHubHost && !isGheHost && !isLocalHost;
} }
exports.isGhes = isGhes; exports.isGhes = isGhes;
function getGitHubWorkspaceDir() { function getGitHubWorkspaceDir() {
@ -100945,132 +100989,6 @@ function onConnectTimeout (socket) {
module.exports = buildConnector module.exports = buildConnector
/***/ }),
/***/ 14462:
/***/ ((module) => {
"use strict";
/** @type {Record<string, string | undefined>} */
const headerNameLowerCasedRecord = {}
// https://developer.mozilla.org/docs/Web/HTTP/Headers
const wellknownHeaderNames = [
'Accept',
'Accept-Encoding',
'Accept-Language',
'Accept-Ranges',
'Access-Control-Allow-Credentials',
'Access-Control-Allow-Headers',
'Access-Control-Allow-Methods',
'Access-Control-Allow-Origin',
'Access-Control-Expose-Headers',
'Access-Control-Max-Age',
'Access-Control-Request-Headers',
'Access-Control-Request-Method',
'Age',
'Allow',
'Alt-Svc',
'Alt-Used',
'Authorization',
'Cache-Control',
'Clear-Site-Data',
'Connection',
'Content-Disposition',
'Content-Encoding',
'Content-Language',
'Content-Length',
'Content-Location',
'Content-Range',
'Content-Security-Policy',
'Content-Security-Policy-Report-Only',
'Content-Type',
'Cookie',
'Cross-Origin-Embedder-Policy',
'Cross-Origin-Opener-Policy',
'Cross-Origin-Resource-Policy',
'Date',
'Device-Memory',
'Downlink',
'ECT',
'ETag',
'Expect',
'Expect-CT',
'Expires',
'Forwarded',
'From',
'Host',
'If-Match',
'If-Modified-Since',
'If-None-Match',
'If-Range',
'If-Unmodified-Since',
'Keep-Alive',
'Last-Modified',
'Link',
'Location',
'Max-Forwards',
'Origin',
'Permissions-Policy',
'Pragma',
'Proxy-Authenticate',
'Proxy-Authorization',
'RTT',
'Range',
'Referer',
'Referrer-Policy',
'Refresh',
'Retry-After',
'Sec-WebSocket-Accept',
'Sec-WebSocket-Extensions',
'Sec-WebSocket-Key',
'Sec-WebSocket-Protocol',
'Sec-WebSocket-Version',
'Server',
'Server-Timing',
'Service-Worker-Allowed',
'Service-Worker-Navigation-Preload',
'Set-Cookie',
'SourceMap',
'Strict-Transport-Security',
'Supports-Loading-Mode',
'TE',
'Timing-Allow-Origin',
'Trailer',
'Transfer-Encoding',
'Upgrade',
'Upgrade-Insecure-Requests',
'User-Agent',
'Vary',
'Via',
'WWW-Authenticate',
'X-Content-Type-Options',
'X-DNS-Prefetch-Control',
'X-Frame-Options',
'X-Permitted-Cross-Domain-Policies',
'X-Powered-By',
'X-Requested-With',
'X-XSS-Protection'
]
for (let i = 0; i < wellknownHeaderNames.length; ++i) {
const key = wellknownHeaderNames[i]
const lowerCasedKey = key.toLowerCase()
headerNameLowerCasedRecord[key] = headerNameLowerCasedRecord[lowerCasedKey] =
lowerCasedKey
}
// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.
Object.setPrototypeOf(headerNameLowerCasedRecord, null)
module.exports = {
wellknownHeaderNames,
headerNameLowerCasedRecord
}
/***/ }), /***/ }),
/***/ 48045: /***/ 48045:
@ -101903,7 +101821,6 @@ const { InvalidArgumentError } = __nccwpck_require__(48045)
const { Blob } = __nccwpck_require__(14300) const { Blob } = __nccwpck_require__(14300)
const nodeUtil = __nccwpck_require__(73837) const nodeUtil = __nccwpck_require__(73837)
const { stringify } = __nccwpck_require__(63477) const { stringify } = __nccwpck_require__(63477)
const { headerNameLowerCasedRecord } = __nccwpck_require__(14462)
const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v)) const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v))
@ -102113,15 +102030,6 @@ function parseKeepAliveTimeout (val) {
return m ? parseInt(m[1], 10) * 1000 : null return m ? parseInt(m[1], 10) * 1000 : null
} }
/**
* Retrieves a header name and returns its lowercase value.
* @param {string | Buffer} value Header name
* @returns {string}
*/
function headerNameToString (value) {
return headerNameLowerCasedRecord[value] || value.toLowerCase()
}
function parseHeaders (headers, obj = {}) { function parseHeaders (headers, obj = {}) {
// For H2 support // For H2 support
if (!Array.isArray(headers)) return headers if (!Array.isArray(headers)) return headers
@ -102393,7 +102301,6 @@ module.exports = {
isIterable, isIterable,
isAsyncIterable, isAsyncIterable,
isDestroyed, isDestroyed,
headerNameToString,
parseRawHeaders, parseRawHeaders,
parseHeaders, parseHeaders,
parseKeepAliveTimeout, parseKeepAliveTimeout,
@ -106530,9 +106437,6 @@ function httpRedirectFetch (fetchParams, response) {
// https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name // https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name
request.headersList.delete('authorization') request.headersList.delete('authorization')
// https://fetch.spec.whatwg.org/#authentication-entries
request.headersList.delete('proxy-authorization', true)
// "Cookie" and "Host" are forbidden request-headers, which undici doesn't implement. // "Cookie" and "Host" are forbidden request-headers, which undici doesn't implement.
request.headersList.delete('cookie') request.headersList.delete('cookie')
request.headersList.delete('host') request.headersList.delete('host')
@ -109041,18 +108945,14 @@ const { isBlobLike, toUSVString, ReadableStreamFrom } = __nccwpck_require__(8398
const assert = __nccwpck_require__(39491) const assert = __nccwpck_require__(39491)
const { isUint8Array } = __nccwpck_require__(29830) const { isUint8Array } = __nccwpck_require__(29830)
let supportedHashes = []
// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable // https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
/** @type {import('crypto')|undefined} */ /** @type {import('crypto')|undefined} */
let crypto let crypto
try { try {
crypto = __nccwpck_require__(6113) crypto = __nccwpck_require__(6113)
const possibleRelevantHashes = ['sha256', 'sha384', 'sha512']
supportedHashes = crypto.getHashes().filter((hash) => possibleRelevantHashes.includes(hash))
/* c8 ignore next 3 */
} catch { } catch {
} }
function responseURL (response) { function responseURL (response) {
@ -109580,56 +109480,66 @@ function bytesMatch (bytes, metadataList) {
return true return true
} }
// 3. If response is not eligible for integrity validation, return false. // 3. If parsedMetadata is the empty set, return true.
// TODO
// 4. If parsedMetadata is the empty set, return true.
if (parsedMetadata.length === 0) { if (parsedMetadata.length === 0) {
return true return true
} }
// 5. Let metadata be the result of getting the strongest // 4. Let metadata be the result of getting the strongest
// metadata from parsedMetadata. // metadata from parsedMetadata.
const strongest = getStrongestMetadata(parsedMetadata) const list = parsedMetadata.sort((c, d) => d.algo.localeCompare(c.algo))
const metadata = filterMetadataListByAlgorithm(parsedMetadata, strongest) // get the strongest algorithm
const strongest = list[0].algo
// get all entries that use the strongest algorithm; ignore weaker
const metadata = list.filter((item) => item.algo === strongest)
// 6. For each item in metadata: // 5. For each item in metadata:
for (const item of metadata) { for (const item of metadata) {
// 1. Let algorithm be the alg component of item. // 1. Let algorithm be the alg component of item.
const algorithm = item.algo const algorithm = item.algo
// 2. Let expectedValue be the val component of item. // 2. Let expectedValue be the val component of item.
const expectedValue = item.hash let expectedValue = item.hash
// See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e // See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
// "be liberal with padding". This is annoying, and it's not even in the spec. // "be liberal with padding". This is annoying, and it's not even in the spec.
if (expectedValue.endsWith('==')) {
expectedValue = expectedValue.slice(0, -2)
}
// 3. Let actualValue be the result of applying algorithm to bytes. // 3. Let actualValue be the result of applying algorithm to bytes.
let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64') let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')
if (actualValue[actualValue.length - 1] === '=') { if (actualValue.endsWith('==')) {
if (actualValue[actualValue.length - 2] === '=') { actualValue = actualValue.slice(0, -2)
actualValue = actualValue.slice(0, -2)
} else {
actualValue = actualValue.slice(0, -1)
}
} }
// 4. If actualValue is a case-sensitive match for expectedValue, // 4. If actualValue is a case-sensitive match for expectedValue,
// return true. // return true.
if (compareBase64Mixed(actualValue, expectedValue)) { if (actualValue === expectedValue) {
return true
}
let actualBase64URL = crypto.createHash(algorithm).update(bytes).digest('base64url')
if (actualBase64URL.endsWith('==')) {
actualBase64URL = actualBase64URL.slice(0, -2)
}
if (actualBase64URL === expectedValue) {
return true return true
} }
} }
// 7. Return false. // 6. Return false.
return false return false
} }
// https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options // https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options
// https://www.w3.org/TR/CSP2/#source-list-syntax // https://www.w3.org/TR/CSP2/#source-list-syntax
// https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1 // https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
const parseHashWithOptions = /(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i const parseHashWithOptions = /((?<algo>sha256|sha384|sha512)-(?<hash>[A-z0-9+/]{1}.*={0,2}))( +[\x21-\x7e]?)?/i
/** /**
* @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata * @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
@ -109643,6 +109553,8 @@ function parseMetadata (metadata) {
// 2. Let empty be equal to true. // 2. Let empty be equal to true.
let empty = true let empty = true
const supportedHashes = crypto.getHashes()
// 3. For each token returned by splitting metadata on spaces: // 3. For each token returned by splitting metadata on spaces:
for (const token of metadata.split(' ')) { for (const token of metadata.split(' ')) {
// 1. Set empty to false. // 1. Set empty to false.
@ -109652,11 +109564,7 @@ function parseMetadata (metadata) {
const parsedToken = parseHashWithOptions.exec(token) const parsedToken = parseHashWithOptions.exec(token)
// 3. If token does not parse, continue to the next token. // 3. If token does not parse, continue to the next token.
if ( if (parsedToken === null || parsedToken.groups === undefined) {
parsedToken === null ||
parsedToken.groups === undefined ||
parsedToken.groups.algo === undefined
) {
// Note: Chromium blocks the request at this point, but Firefox // Note: Chromium blocks the request at this point, but Firefox
// gives a warning that an invalid integrity was given. The // gives a warning that an invalid integrity was given. The
// correct behavior is to ignore these, and subsequently not // correct behavior is to ignore these, and subsequently not
@ -109665,11 +109573,11 @@ function parseMetadata (metadata) {
} }
// 4. Let algorithm be the hash-algo component of token. // 4. Let algorithm be the hash-algo component of token.
const algorithm = parsedToken.groups.algo.toLowerCase() const algorithm = parsedToken.groups.algo
// 5. If algorithm is a hash function recognized by the user // 5. If algorithm is a hash function recognized by the user
// agent, add the parsed token to result. // agent, add the parsed token to result.
if (supportedHashes.includes(algorithm)) { if (supportedHashes.includes(algorithm.toLowerCase())) {
result.push(parsedToken.groups) result.push(parsedToken.groups)
} }
} }
@ -109682,82 +109590,6 @@ function parseMetadata (metadata) {
return result return result
} }
/**
* @param {{ algo: 'sha256' | 'sha384' | 'sha512' }[]} metadataList
*/
function getStrongestMetadata (metadataList) {
// Let algorithm be the algo component of the first item in metadataList.
// Can be sha256
let algorithm = metadataList[0].algo
// If the algorithm is sha512, then it is the strongest
// and we can return immediately
if (algorithm[3] === '5') {
return algorithm
}
for (let i = 1; i < metadataList.length; ++i) {
const metadata = metadataList[i]
// If the algorithm is sha512, then it is the strongest
// and we can break the loop immediately
if (metadata.algo[3] === '5') {
algorithm = 'sha512'
break
// If the algorithm is sha384, then a potential sha256 or sha384 is ignored
} else if (algorithm[3] === '3') {
continue
// algorithm is sha256, check if algorithm is sha384 and if so, set it as
// the strongest
} else if (metadata.algo[3] === '3') {
algorithm = 'sha384'
}
}
return algorithm
}
function filterMetadataListByAlgorithm (metadataList, algorithm) {
if (metadataList.length === 1) {
return metadataList
}
let pos = 0
for (let i = 0; i < metadataList.length; ++i) {
if (metadataList[i].algo === algorithm) {
metadataList[pos++] = metadataList[i]
}
}
metadataList.length = pos
return metadataList
}
/**
* Compares two base64 strings, allowing for base64url
* in the second string.
*
* @param {string} actualValue always base64
* @param {string} expectedValue base64 or base64url
* @returns {boolean}
*/
function compareBase64Mixed (actualValue, expectedValue) {
if (actualValue.length !== expectedValue.length) {
return false
}
for (let i = 0; i < actualValue.length; ++i) {
if (actualValue[i] !== expectedValue[i]) {
if (
(actualValue[i] === '+' && expectedValue[i] === '-') ||
(actualValue[i] === '/' && expectedValue[i] === '_')
) {
continue
}
return false
}
}
return true
}
// https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request // https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) { function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {
// TODO // TODO
@ -110173,8 +110005,7 @@ module.exports = {
urlHasHttpsScheme, urlHasHttpsScheme,
urlIsHttpHttpsScheme, urlIsHttpHttpsScheme,
readAllBytes, readAllBytes,
normalizeMethodRecord, normalizeMethodRecord
parseMetadata
} }
@ -112261,17 +112092,12 @@ function parseLocation (statusCode, headers) {
// https://tools.ietf.org/html/rfc7231#section-6.4.4 // https://tools.ietf.org/html/rfc7231#section-6.4.4
function shouldRemoveHeader (header, removeContent, unknownOrigin) { function shouldRemoveHeader (header, removeContent, unknownOrigin) {
if (header.length === 4) { return (
return util.headerNameToString(header) === 'host' (header.length === 4 && header.toString().toLowerCase() === 'host') ||
} (removeContent && header.toString().toLowerCase().indexOf('content-') === 0) ||
if (removeContent && util.headerNameToString(header).startsWith('content-')) { (unknownOrigin && header.length === 13 && header.toString().toLowerCase() === 'authorization') ||
return true (unknownOrigin && header.length === 6 && header.toString().toLowerCase() === 'cookie')
} )
if (unknownOrigin && (header.length === 13 || header.length === 6 || header.length === 19)) {
const name = util.headerNameToString(header)
return name === 'authorization' || name === 'cookie' || name === 'proxy-authorization'
}
return false
} }
// https://tools.ietf.org/html/rfc7231#section-6.4 // https://tools.ietf.org/html/rfc7231#section-6.4
@ -136152,7 +135978,7 @@ module.exports = index;
/***/ ((module) => { /***/ ((module) => {
"use strict"; "use strict";
module.exports = JSON.parse('{"name":"@actions/artifact","version":"2.1.8","preview":true,"description":"Actions artifact lib","keywords":["github","actions","artifact"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/artifact","license":"MIT","main":"lib/artifact.js","types":"lib/artifact.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/artifact"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"cd ../../ && npm run test ./packages/artifact","bootstrap":"cd ../../ && npm run bootstrap","tsc-run":"tsc","tsc":"npm run bootstrap && npm run tsc-run","gen:docs":"typedoc --plugin typedoc-plugin-markdown --out docs/generated src/artifact.ts --githubPages false --readme none"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.10.0","@actions/github":"^5.1.1","@actions/http-client":"^2.1.0","@azure/storage-blob":"^12.15.0","@octokit/core":"^3.5.1","@octokit/plugin-request-log":"^1.0.4","@octokit/plugin-retry":"^3.0.9","@octokit/request-error":"^5.0.0","@protobuf-ts/plugin":"^2.2.3-alpha.1","archiver":"^7.0.1","crypto":"^1.0.1","jwt-decode":"^3.1.2","twirp-ts":"^2.5.0","unzip-stream":"^0.3.1"},"devDependencies":{"@types/archiver":"^5.3.2","@types/unzip-stream":"^0.3.4","typedoc":"^0.25.4","typedoc-plugin-markdown":"^3.17.1","typescript":"^5.2.2"}}'); module.exports = JSON.parse('{"name":"@actions/artifact","version":"2.1.5","preview":true,"description":"Actions artifact lib","keywords":["github","actions","artifact"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/artifact","license":"MIT","main":"lib/artifact.js","types":"lib/artifact.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/artifact"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"cd ../../ && npm run test ./packages/artifact","bootstrap":"cd ../../ && npm run bootstrap","tsc-run":"tsc","tsc":"npm run bootstrap && npm run tsc-run","gen:docs":"typedoc --plugin typedoc-plugin-markdown --out docs/generated src/artifact.ts --githubPages false --readme none"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.10.0","@actions/github":"^5.1.1","@actions/http-client":"^2.1.0","@azure/storage-blob":"^12.15.0","@octokit/core":"^3.5.1","@octokit/plugin-request-log":"^1.0.4","@octokit/plugin-retry":"^3.0.9","@octokit/request-error":"^5.0.0","@protobuf-ts/plugin":"^2.2.3-alpha.1","archiver":"^7.0.1","crypto":"^1.0.1","jwt-decode":"^3.1.2","twirp-ts":"^2.5.0","unzip-stream":"^0.3.1"},"devDependencies":{"@types/archiver":"^5.3.2","@types/unzip-stream":"^0.3.4","typedoc":"^0.25.4","typedoc-plugin-markdown":"^3.17.1","typescript":"^5.2.2"}}');
/***/ }), /***/ }),

358
dist/upload/index.js vendored
View File

@ -2328,6 +2328,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
Object.defineProperty(exports, "__esModule", ({ value: true })); Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.downloadArtifactInternal = exports.downloadArtifactPublic = exports.streamExtractExternal = void 0; exports.downloadArtifactInternal = exports.downloadArtifactPublic = exports.streamExtractExternal = void 0;
const promises_1 = __importDefault(__nccwpck_require__(73292)); const promises_1 = __importDefault(__nccwpck_require__(73292));
const stream = __importStar(__nccwpck_require__(12781));
const fs_1 = __nccwpck_require__(57147);
const path = __importStar(__nccwpck_require__(71017));
const github = __importStar(__nccwpck_require__(21260)); const github = __importStar(__nccwpck_require__(21260));
const core = __importStar(__nccwpck_require__(42186)); const core = __importStar(__nccwpck_require__(42186));
const httpClient = __importStar(__nccwpck_require__(96255)); const httpClient = __importStar(__nccwpck_require__(96255));
@ -2368,6 +2371,9 @@ function streamExtract(url, directory) {
return; return;
} }
catch (error) { catch (error) {
if (error.message.includes('Malformed extraction path')) {
throw new Error(`Artifact download failed with unretryable error: ${error.message}`);
}
retryCount++; retryCount++;
core.debug(`Failed to download artifact after ${retryCount} retries due to ${error.message}. Retrying in 5 seconds...`); core.debug(`Failed to download artifact after ${retryCount} retries due to ${error.message}. Retrying in 5 seconds...`);
// wait 5 seconds before retrying // wait 5 seconds before retrying
@ -2390,6 +2396,8 @@ function streamExtractExternal(url, directory) {
response.message.destroy(new Error(`Blob storage chunk did not respond in ${timeout}ms`)); response.message.destroy(new Error(`Blob storage chunk did not respond in ${timeout}ms`));
}; };
const timer = setTimeout(timerFn, timeout); const timer = setTimeout(timerFn, timeout);
const createdDirectories = new Set();
createdDirectories.add(directory);
response.message response.message
.on('data', () => { .on('data', () => {
timer.refresh(); timer.refresh();
@ -2399,11 +2407,47 @@ function streamExtractExternal(url, directory) {
clearTimeout(timer); clearTimeout(timer);
reject(error); reject(error);
}) })
.pipe(unzip_stream_1.default.Extract({ path: directory })) .pipe(unzip_stream_1.default.Parse())
.on('close', () => { .pipe(new stream.Transform({
objectMode: true,
transform: (entry, _, callback) => __awaiter(this, void 0, void 0, function* () {
const fullPath = path.normalize(path.join(directory, entry.path));
if (!directory.endsWith(path.sep)) {
directory += path.sep;
}
if (!fullPath.startsWith(directory)) {
reject(new Error(`Malformed extraction path: ${fullPath}`));
}
if (entry.type === 'Directory') {
if (!createdDirectories.has(fullPath)) {
createdDirectories.add(fullPath);
yield resolveOrCreateDirectory(fullPath).then(() => {
entry.autodrain();
callback();
});
}
else {
entry.autodrain();
callback();
}
}
else {
core.info(`Extracting artifact entry: ${fullPath}`);
if (!createdDirectories.has(path.dirname(fullPath))) {
createdDirectories.add(path.dirname(fullPath));
yield resolveOrCreateDirectory(path.dirname(fullPath));
}
const writeStream = (0, fs_1.createWriteStream)(fullPath);
writeStream.on('finish', callback);
writeStream.on('error', reject);
entry.pipe(writeStream);
}
})
}))
.on('finish', () => __awaiter(this, void 0, void 0, function* () {
clearTimeout(timer); clearTimeout(timer);
resolve(); resolve();
}) }))
.on('error', (error) => { .on('error', (error) => {
reject(error); reject(error);
}); });
@ -2920,6 +2964,7 @@ class ArtifactHttpClient {
catch (error) { catch (error) {
if (error instanceof SyntaxError) { if (error instanceof SyntaxError) {
(0, core_1.debug)(`Raw Body: ${rawBody}`); (0, core_1.debug)(`Raw Body: ${rawBody}`);
throw error;
} }
if (error instanceof errors_1.UsageError) { if (error instanceof errors_1.UsageError) {
throw error; throw error;
@ -3025,9 +3070,8 @@ function isGhes() {
const ghUrl = new URL(process.env['GITHUB_SERVER_URL'] || 'https://github.com'); const ghUrl = new URL(process.env['GITHUB_SERVER_URL'] || 'https://github.com');
const hostname = ghUrl.hostname.trimEnd().toUpperCase(); const hostname = ghUrl.hostname.trimEnd().toUpperCase();
const isGitHubHost = hostname === 'GITHUB.COM'; const isGitHubHost = hostname === 'GITHUB.COM';
const isGheHost = hostname.endsWith('.GHE.COM'); const isGheHost = hostname.endsWith('.GHE.COM') || hostname.endsWith('.GHE.LOCALHOST');
const isLocalHost = hostname.endsWith('.LOCALHOST'); return !isGitHubHost && !isGheHost;
return !isGitHubHost && !isGheHost && !isLocalHost;
} }
exports.isGhes = isGhes; exports.isGhes = isGhes;
function getGitHubWorkspaceDir() { function getGitHubWorkspaceDir() {
@ -100945,132 +100989,6 @@ function onConnectTimeout (socket) {
module.exports = buildConnector module.exports = buildConnector
/***/ }),
/***/ 14462:
/***/ ((module) => {
"use strict";
/** @type {Record<string, string | undefined>} */
const headerNameLowerCasedRecord = {}
// https://developer.mozilla.org/docs/Web/HTTP/Headers
const wellknownHeaderNames = [
'Accept',
'Accept-Encoding',
'Accept-Language',
'Accept-Ranges',
'Access-Control-Allow-Credentials',
'Access-Control-Allow-Headers',
'Access-Control-Allow-Methods',
'Access-Control-Allow-Origin',
'Access-Control-Expose-Headers',
'Access-Control-Max-Age',
'Access-Control-Request-Headers',
'Access-Control-Request-Method',
'Age',
'Allow',
'Alt-Svc',
'Alt-Used',
'Authorization',
'Cache-Control',
'Clear-Site-Data',
'Connection',
'Content-Disposition',
'Content-Encoding',
'Content-Language',
'Content-Length',
'Content-Location',
'Content-Range',
'Content-Security-Policy',
'Content-Security-Policy-Report-Only',
'Content-Type',
'Cookie',
'Cross-Origin-Embedder-Policy',
'Cross-Origin-Opener-Policy',
'Cross-Origin-Resource-Policy',
'Date',
'Device-Memory',
'Downlink',
'ECT',
'ETag',
'Expect',
'Expect-CT',
'Expires',
'Forwarded',
'From',
'Host',
'If-Match',
'If-Modified-Since',
'If-None-Match',
'If-Range',
'If-Unmodified-Since',
'Keep-Alive',
'Last-Modified',
'Link',
'Location',
'Max-Forwards',
'Origin',
'Permissions-Policy',
'Pragma',
'Proxy-Authenticate',
'Proxy-Authorization',
'RTT',
'Range',
'Referer',
'Referrer-Policy',
'Refresh',
'Retry-After',
'Sec-WebSocket-Accept',
'Sec-WebSocket-Extensions',
'Sec-WebSocket-Key',
'Sec-WebSocket-Protocol',
'Sec-WebSocket-Version',
'Server',
'Server-Timing',
'Service-Worker-Allowed',
'Service-Worker-Navigation-Preload',
'Set-Cookie',
'SourceMap',
'Strict-Transport-Security',
'Supports-Loading-Mode',
'TE',
'Timing-Allow-Origin',
'Trailer',
'Transfer-Encoding',
'Upgrade',
'Upgrade-Insecure-Requests',
'User-Agent',
'Vary',
'Via',
'WWW-Authenticate',
'X-Content-Type-Options',
'X-DNS-Prefetch-Control',
'X-Frame-Options',
'X-Permitted-Cross-Domain-Policies',
'X-Powered-By',
'X-Requested-With',
'X-XSS-Protection'
]
for (let i = 0; i < wellknownHeaderNames.length; ++i) {
const key = wellknownHeaderNames[i]
const lowerCasedKey = key.toLowerCase()
headerNameLowerCasedRecord[key] = headerNameLowerCasedRecord[lowerCasedKey] =
lowerCasedKey
}
// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.
Object.setPrototypeOf(headerNameLowerCasedRecord, null)
module.exports = {
wellknownHeaderNames,
headerNameLowerCasedRecord
}
/***/ }), /***/ }),
/***/ 48045: /***/ 48045:
@ -101903,7 +101821,6 @@ const { InvalidArgumentError } = __nccwpck_require__(48045)
const { Blob } = __nccwpck_require__(14300) const { Blob } = __nccwpck_require__(14300)
const nodeUtil = __nccwpck_require__(73837) const nodeUtil = __nccwpck_require__(73837)
const { stringify } = __nccwpck_require__(63477) const { stringify } = __nccwpck_require__(63477)
const { headerNameLowerCasedRecord } = __nccwpck_require__(14462)
const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v)) const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v))
@ -102113,15 +102030,6 @@ function parseKeepAliveTimeout (val) {
return m ? parseInt(m[1], 10) * 1000 : null return m ? parseInt(m[1], 10) * 1000 : null
} }
/**
* Retrieves a header name and returns its lowercase value.
* @param {string | Buffer} value Header name
* @returns {string}
*/
function headerNameToString (value) {
return headerNameLowerCasedRecord[value] || value.toLowerCase()
}
function parseHeaders (headers, obj = {}) { function parseHeaders (headers, obj = {}) {
// For H2 support // For H2 support
if (!Array.isArray(headers)) return headers if (!Array.isArray(headers)) return headers
@ -102393,7 +102301,6 @@ module.exports = {
isIterable, isIterable,
isAsyncIterable, isAsyncIterable,
isDestroyed, isDestroyed,
headerNameToString,
parseRawHeaders, parseRawHeaders,
parseHeaders, parseHeaders,
parseKeepAliveTimeout, parseKeepAliveTimeout,
@ -106530,9 +106437,6 @@ function httpRedirectFetch (fetchParams, response) {
// https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name // https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name
request.headersList.delete('authorization') request.headersList.delete('authorization')
// https://fetch.spec.whatwg.org/#authentication-entries
request.headersList.delete('proxy-authorization', true)
// "Cookie" and "Host" are forbidden request-headers, which undici doesn't implement. // "Cookie" and "Host" are forbidden request-headers, which undici doesn't implement.
request.headersList.delete('cookie') request.headersList.delete('cookie')
request.headersList.delete('host') request.headersList.delete('host')
@ -109041,18 +108945,14 @@ const { isBlobLike, toUSVString, ReadableStreamFrom } = __nccwpck_require__(8398
const assert = __nccwpck_require__(39491) const assert = __nccwpck_require__(39491)
const { isUint8Array } = __nccwpck_require__(29830) const { isUint8Array } = __nccwpck_require__(29830)
let supportedHashes = []
// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable // https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
/** @type {import('crypto')|undefined} */ /** @type {import('crypto')|undefined} */
let crypto let crypto
try { try {
crypto = __nccwpck_require__(6113) crypto = __nccwpck_require__(6113)
const possibleRelevantHashes = ['sha256', 'sha384', 'sha512']
supportedHashes = crypto.getHashes().filter((hash) => possibleRelevantHashes.includes(hash))
/* c8 ignore next 3 */
} catch { } catch {
} }
function responseURL (response) { function responseURL (response) {
@ -109580,56 +109480,66 @@ function bytesMatch (bytes, metadataList) {
return true return true
} }
// 3. If response is not eligible for integrity validation, return false. // 3. If parsedMetadata is the empty set, return true.
// TODO
// 4. If parsedMetadata is the empty set, return true.
if (parsedMetadata.length === 0) { if (parsedMetadata.length === 0) {
return true return true
} }
// 5. Let metadata be the result of getting the strongest // 4. Let metadata be the result of getting the strongest
// metadata from parsedMetadata. // metadata from parsedMetadata.
const strongest = getStrongestMetadata(parsedMetadata) const list = parsedMetadata.sort((c, d) => d.algo.localeCompare(c.algo))
const metadata = filterMetadataListByAlgorithm(parsedMetadata, strongest) // get the strongest algorithm
const strongest = list[0].algo
// get all entries that use the strongest algorithm; ignore weaker
const metadata = list.filter((item) => item.algo === strongest)
// 6. For each item in metadata: // 5. For each item in metadata:
for (const item of metadata) { for (const item of metadata) {
// 1. Let algorithm be the alg component of item. // 1. Let algorithm be the alg component of item.
const algorithm = item.algo const algorithm = item.algo
// 2. Let expectedValue be the val component of item. // 2. Let expectedValue be the val component of item.
const expectedValue = item.hash let expectedValue = item.hash
// See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e // See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
// "be liberal with padding". This is annoying, and it's not even in the spec. // "be liberal with padding". This is annoying, and it's not even in the spec.
if (expectedValue.endsWith('==')) {
expectedValue = expectedValue.slice(0, -2)
}
// 3. Let actualValue be the result of applying algorithm to bytes. // 3. Let actualValue be the result of applying algorithm to bytes.
let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64') let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')
if (actualValue[actualValue.length - 1] === '=') { if (actualValue.endsWith('==')) {
if (actualValue[actualValue.length - 2] === '=') { actualValue = actualValue.slice(0, -2)
actualValue = actualValue.slice(0, -2)
} else {
actualValue = actualValue.slice(0, -1)
}
} }
// 4. If actualValue is a case-sensitive match for expectedValue, // 4. If actualValue is a case-sensitive match for expectedValue,
// return true. // return true.
if (compareBase64Mixed(actualValue, expectedValue)) { if (actualValue === expectedValue) {
return true
}
let actualBase64URL = crypto.createHash(algorithm).update(bytes).digest('base64url')
if (actualBase64URL.endsWith('==')) {
actualBase64URL = actualBase64URL.slice(0, -2)
}
if (actualBase64URL === expectedValue) {
return true return true
} }
} }
// 7. Return false. // 6. Return false.
return false return false
} }
// https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options // https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options
// https://www.w3.org/TR/CSP2/#source-list-syntax // https://www.w3.org/TR/CSP2/#source-list-syntax
// https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1 // https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
const parseHashWithOptions = /(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i const parseHashWithOptions = /((?<algo>sha256|sha384|sha512)-(?<hash>[A-z0-9+/]{1}.*={0,2}))( +[\x21-\x7e]?)?/i
/** /**
* @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata * @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
@ -109643,6 +109553,8 @@ function parseMetadata (metadata) {
// 2. Let empty be equal to true. // 2. Let empty be equal to true.
let empty = true let empty = true
const supportedHashes = crypto.getHashes()
// 3. For each token returned by splitting metadata on spaces: // 3. For each token returned by splitting metadata on spaces:
for (const token of metadata.split(' ')) { for (const token of metadata.split(' ')) {
// 1. Set empty to false. // 1. Set empty to false.
@ -109652,11 +109564,7 @@ function parseMetadata (metadata) {
const parsedToken = parseHashWithOptions.exec(token) const parsedToken = parseHashWithOptions.exec(token)
// 3. If token does not parse, continue to the next token. // 3. If token does not parse, continue to the next token.
if ( if (parsedToken === null || parsedToken.groups === undefined) {
parsedToken === null ||
parsedToken.groups === undefined ||
parsedToken.groups.algo === undefined
) {
// Note: Chromium blocks the request at this point, but Firefox // Note: Chromium blocks the request at this point, but Firefox
// gives a warning that an invalid integrity was given. The // gives a warning that an invalid integrity was given. The
// correct behavior is to ignore these, and subsequently not // correct behavior is to ignore these, and subsequently not
@ -109665,11 +109573,11 @@ function parseMetadata (metadata) {
} }
// 4. Let algorithm be the hash-algo component of token. // 4. Let algorithm be the hash-algo component of token.
const algorithm = parsedToken.groups.algo.toLowerCase() const algorithm = parsedToken.groups.algo
// 5. If algorithm is a hash function recognized by the user // 5. If algorithm is a hash function recognized by the user
// agent, add the parsed token to result. // agent, add the parsed token to result.
if (supportedHashes.includes(algorithm)) { if (supportedHashes.includes(algorithm.toLowerCase())) {
result.push(parsedToken.groups) result.push(parsedToken.groups)
} }
} }
@ -109682,82 +109590,6 @@ function parseMetadata (metadata) {
return result return result
} }
/**
* @param {{ algo: 'sha256' | 'sha384' | 'sha512' }[]} metadataList
*/
function getStrongestMetadata (metadataList) {
// Let algorithm be the algo component of the first item in metadataList.
// Can be sha256
let algorithm = metadataList[0].algo
// If the algorithm is sha512, then it is the strongest
// and we can return immediately
if (algorithm[3] === '5') {
return algorithm
}
for (let i = 1; i < metadataList.length; ++i) {
const metadata = metadataList[i]
// If the algorithm is sha512, then it is the strongest
// and we can break the loop immediately
if (metadata.algo[3] === '5') {
algorithm = 'sha512'
break
// If the algorithm is sha384, then a potential sha256 or sha384 is ignored
} else if (algorithm[3] === '3') {
continue
// algorithm is sha256, check if algorithm is sha384 and if so, set it as
// the strongest
} else if (metadata.algo[3] === '3') {
algorithm = 'sha384'
}
}
return algorithm
}
function filterMetadataListByAlgorithm (metadataList, algorithm) {
if (metadataList.length === 1) {
return metadataList
}
let pos = 0
for (let i = 0; i < metadataList.length; ++i) {
if (metadataList[i].algo === algorithm) {
metadataList[pos++] = metadataList[i]
}
}
metadataList.length = pos
return metadataList
}
/**
* Compares two base64 strings, allowing for base64url
* in the second string.
*
* @param {string} actualValue always base64
* @param {string} expectedValue base64 or base64url
* @returns {boolean}
*/
function compareBase64Mixed (actualValue, expectedValue) {
if (actualValue.length !== expectedValue.length) {
return false
}
for (let i = 0; i < actualValue.length; ++i) {
if (actualValue[i] !== expectedValue[i]) {
if (
(actualValue[i] === '+' && expectedValue[i] === '-') ||
(actualValue[i] === '/' && expectedValue[i] === '_')
) {
continue
}
return false
}
}
return true
}
// https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request // https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) { function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {
// TODO // TODO
@ -110173,8 +110005,7 @@ module.exports = {
urlHasHttpsScheme, urlHasHttpsScheme,
urlIsHttpHttpsScheme, urlIsHttpHttpsScheme,
readAllBytes, readAllBytes,
normalizeMethodRecord, normalizeMethodRecord
parseMetadata
} }
@ -112261,17 +112092,12 @@ function parseLocation (statusCode, headers) {
// https://tools.ietf.org/html/rfc7231#section-6.4.4 // https://tools.ietf.org/html/rfc7231#section-6.4.4
function shouldRemoveHeader (header, removeContent, unknownOrigin) { function shouldRemoveHeader (header, removeContent, unknownOrigin) {
if (header.length === 4) { return (
return util.headerNameToString(header) === 'host' (header.length === 4 && header.toString().toLowerCase() === 'host') ||
} (removeContent && header.toString().toLowerCase().indexOf('content-') === 0) ||
if (removeContent && util.headerNameToString(header).startsWith('content-')) { (unknownOrigin && header.length === 13 && header.toString().toLowerCase() === 'authorization') ||
return true (unknownOrigin && header.length === 6 && header.toString().toLowerCase() === 'cookie')
} )
if (unknownOrigin && (header.length === 13 || header.length === 6 || header.length === 19)) {
const name = util.headerNameToString(header)
return name === 'authorization' || name === 'cookie' || name === 'proxy-authorization'
}
return false
} }
// https://tools.ietf.org/html/rfc7231#section-6.4 // https://tools.ietf.org/html/rfc7231#section-6.4
@ -136162,7 +135988,7 @@ module.exports = index;
/***/ ((module) => { /***/ ((module) => {
"use strict"; "use strict";
module.exports = JSON.parse('{"name":"@actions/artifact","version":"2.1.8","preview":true,"description":"Actions artifact lib","keywords":["github","actions","artifact"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/artifact","license":"MIT","main":"lib/artifact.js","types":"lib/artifact.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/artifact"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"cd ../../ && npm run test ./packages/artifact","bootstrap":"cd ../../ && npm run bootstrap","tsc-run":"tsc","tsc":"npm run bootstrap && npm run tsc-run","gen:docs":"typedoc --plugin typedoc-plugin-markdown --out docs/generated src/artifact.ts --githubPages false --readme none"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.10.0","@actions/github":"^5.1.1","@actions/http-client":"^2.1.0","@azure/storage-blob":"^12.15.0","@octokit/core":"^3.5.1","@octokit/plugin-request-log":"^1.0.4","@octokit/plugin-retry":"^3.0.9","@octokit/request-error":"^5.0.0","@protobuf-ts/plugin":"^2.2.3-alpha.1","archiver":"^7.0.1","crypto":"^1.0.1","jwt-decode":"^3.1.2","twirp-ts":"^2.5.0","unzip-stream":"^0.3.1"},"devDependencies":{"@types/archiver":"^5.3.2","@types/unzip-stream":"^0.3.4","typedoc":"^0.25.4","typedoc-plugin-markdown":"^3.17.1","typescript":"^5.2.2"}}'); module.exports = JSON.parse('{"name":"@actions/artifact","version":"2.1.5","preview":true,"description":"Actions artifact lib","keywords":["github","actions","artifact"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/artifact","license":"MIT","main":"lib/artifact.js","types":"lib/artifact.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/artifact"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"cd ../../ && npm run test ./packages/artifact","bootstrap":"cd ../../ && npm run bootstrap","tsc-run":"tsc","tsc":"npm run bootstrap && npm run tsc-run","gen:docs":"typedoc --plugin typedoc-plugin-markdown --out docs/generated src/artifact.ts --githubPages false --readme none"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.10.0","@actions/github":"^5.1.1","@actions/http-client":"^2.1.0","@azure/storage-blob":"^12.15.0","@octokit/core":"^3.5.1","@octokit/plugin-request-log":"^1.0.4","@octokit/plugin-retry":"^3.0.9","@octokit/request-error":"^5.0.0","@protobuf-ts/plugin":"^2.2.3-alpha.1","archiver":"^7.0.1","crypto":"^1.0.1","jwt-decode":"^3.1.2","twirp-ts":"^2.5.0","unzip-stream":"^0.3.1"},"devDependencies":{"@types/archiver":"^5.3.2","@types/unzip-stream":"^0.3.4","typedoc":"^0.25.4","typedoc-plugin-markdown":"^3.17.1","typescript":"^5.2.2"}}');
/***/ }), /***/ }),

58
package-lock.json generated
View File

@ -1,15 +1,15 @@
{ {
"name": "upload-artifact", "name": "upload-artifact",
"version": "4.3.6", "version": "4.3.1",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "upload-artifact", "name": "upload-artifact",
"version": "4.3.6", "version": "4.3.1",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@actions/artifact": "2.1.8", "@actions/artifact": "^2.1.5",
"@actions/core": "^1.10.1", "@actions/core": "^1.10.1",
"@actions/github": "^6.0.0", "@actions/github": "^6.0.0",
"@actions/glob": "^0.3.0", "@actions/glob": "^0.3.0",
@ -34,9 +34,9 @@
} }
}, },
"node_modules/@actions/artifact": { "node_modules/@actions/artifact": {
"version": "2.1.8", "version": "2.1.5",
"resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.1.8.tgz", "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.1.5.tgz",
"integrity": "sha512-kxgbllgF5f6mEdMeSW6WXlUbV1U77V9ECpA7LOYaY+Tm6RfXOm36EdXbpm+T9VPeaVqXK4QHLAgqay9GSyClgw==", "integrity": "sha512-V98roImcfgWq7YtL2gzT2p2PTv1oy7k1xloq2RW/EDsJ7fX4oL7x8v9bLmmTPQ5+f4OrUbwveDZNw4iSjbtiWA==",
"dependencies": { "dependencies": {
"@actions/core": "^1.10.0", "@actions/core": "^1.10.0",
"@actions/github": "^5.1.1", "@actions/github": "^5.1.1",
@ -2838,12 +2838,12 @@
} }
}, },
"node_modules/braces": { "node_modules/braces": {
"version": "3.0.3", "version": "3.0.2",
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
"integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
"dev": true, "dev": true,
"dependencies": { "dependencies": {
"fill-range": "^7.1.1" "fill-range": "^7.0.1"
}, },
"engines": { "engines": {
"node": ">=8" "node": ">=8"
@ -4275,9 +4275,9 @@
} }
}, },
"node_modules/fill-range": { "node_modules/fill-range": {
"version": "7.1.1", "version": "7.0.1",
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
"integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
"dev": true, "dev": true,
"dependencies": { "dependencies": {
"to-regex-range": "^5.0.1" "to-regex-range": "^5.0.1"
@ -7584,9 +7584,9 @@
} }
}, },
"node_modules/undici": { "node_modules/undici": {
"version": "5.28.4", "version": "5.28.2",
"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz", "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.2.tgz",
"integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==", "integrity": "sha512-wh1pHJHnUeQV5Xa8/kyQhO7WFa8M34l026L5P/+2TYiakvGy5Rdc8jWZVyG7ieht/0WgJLEd3kcU5gKx+6GC8w==",
"dependencies": { "dependencies": {
"@fastify/busboy": "^2.0.0" "@fastify/busboy": "^2.0.0"
}, },
@ -7902,9 +7902,9 @@
}, },
"dependencies": { "dependencies": {
"@actions/artifact": { "@actions/artifact": {
"version": "2.1.8", "version": "2.1.5",
"resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.1.8.tgz", "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.1.5.tgz",
"integrity": "sha512-kxgbllgF5f6mEdMeSW6WXlUbV1U77V9ECpA7LOYaY+Tm6RfXOm36EdXbpm+T9VPeaVqXK4QHLAgqay9GSyClgw==", "integrity": "sha512-V98roImcfgWq7YtL2gzT2p2PTv1oy7k1xloq2RW/EDsJ7fX4oL7x8v9bLmmTPQ5+f4OrUbwveDZNw4iSjbtiWA==",
"requires": { "requires": {
"@actions/core": "^1.10.0", "@actions/core": "^1.10.0",
"@actions/github": "^5.1.1", "@actions/github": "^5.1.1",
@ -10102,12 +10102,12 @@
} }
}, },
"braces": { "braces": {
"version": "3.0.3", "version": "3.0.2",
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
"integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
"dev": true, "dev": true,
"requires": { "requires": {
"fill-range": "^7.1.1" "fill-range": "^7.0.1"
} }
}, },
"browserslist": { "browserslist": {
@ -11196,9 +11196,9 @@
} }
}, },
"fill-range": { "fill-range": {
"version": "7.1.1", "version": "7.0.1",
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
"integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
"dev": true, "dev": true,
"requires": { "requires": {
"to-regex-range": "^5.0.1" "to-regex-range": "^5.0.1"
@ -13638,9 +13638,9 @@
} }
}, },
"undici": { "undici": {
"version": "5.28.4", "version": "5.28.2",
"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz", "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.2.tgz",
"integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==", "integrity": "sha512-wh1pHJHnUeQV5Xa8/kyQhO7WFa8M34l026L5P/+2TYiakvGy5Rdc8jWZVyG7ieht/0WgJLEd3kcU5gKx+6GC8w==",
"requires": { "requires": {
"@fastify/busboy": "^2.0.0" "@fastify/busboy": "^2.0.0"
} }

4
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "upload-artifact", "name": "upload-artifact",
"version": "4.3.6", "version": "4.3.1",
"description": "Upload an Actions Artifact in a workflow run", "description": "Upload an Actions Artifact in a workflow run",
"main": "dist/upload/index.js", "main": "dist/upload/index.js",
"scripts": { "scripts": {
@ -29,7 +29,7 @@
}, },
"homepage": "https://github.com/actions/upload-artifact#readme", "homepage": "https://github.com/actions/upload-artifact#readme",
"dependencies": { "dependencies": {
"@actions/artifact": "2.1.8", "@actions/artifact": "^2.1.5",
"@actions/core": "^1.10.1", "@actions/core": "^1.10.1",
"@actions/github": "^6.0.0", "@actions/github": "^6.0.0",
"@actions/glob": "^0.3.0", "@actions/glob": "^0.3.0",