From a963b3127aa921958cde0acde697aa71604c85c6 Mon Sep 17 00:00:00 2001 From: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> Date: Tue, 8 Jul 2025 12:21:14 -0500 Subject: [PATCH] Fix low security alert --- .licenses/npm/brace-expansion.dep.yml | 2 +- dist/cache-save/index.js | 59 +++++++---- dist/setup/index.js | 135 ++++++++++++++++---------- package-lock.json | 19 ++-- 4 files changed, 136 insertions(+), 79 deletions(-) diff --git a/.licenses/npm/brace-expansion.dep.yml b/.licenses/npm/brace-expansion.dep.yml index 8fa6cfb..95ca8eb 100644 --- a/.licenses/npm/brace-expansion.dep.yml +++ b/.licenses/npm/brace-expansion.dep.yml @@ -1,6 +1,6 @@ --- name: brace-expansion -version: 1.1.11 +version: 1.1.12 type: npm summary: Brace expansion as known from sh/bash homepage: https://github.com/juliangruber/brace-expansion diff --git a/dist/cache-save/index.js b/dist/cache-save/index.js index abd13d1..9eb66c4 100644 --- a/dist/cache-save/index.js +++ b/dist/cache-save/index.js @@ -51577,7 +51577,7 @@ function expand(str, isTop) { var isOptions = m.body.indexOf(',') >= 0; if (!isSequence && !isOptions) { // {a},b} - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str = m.pre + '{' + m.body + escClose + m.post; return expand(str); } @@ -86631,13 +86631,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? ( }) : function(o, v) { o["default"] = v; }); -var __importStar = (this && this.__importStar) || function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); - __setModuleDefault(result, mod); - return result; -}; +var __importStar = (this && this.__importStar) || (function () { + var ownKeys = function(o) { + ownKeys = Object.getOwnPropertyNames || function (o) { + var ar = []; + for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys(o); + }; + return function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); + __setModuleDefault(result, mod); + return result; + }; +})(); var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { @@ -86651,7 +86661,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.run = void 0; +exports.run = run; const core = __importStar(__nccwpck_require__(2186)); const cache = __importStar(__nccwpck_require__(7799)); const fs_1 = __importDefault(__nccwpck_require__(7147)); @@ -86690,7 +86700,6 @@ function run(earlyExit) { } }); } -exports.run = run; const cachePackages = () => __awaiter(void 0, void 0, void 0, function* () { const packageManager = 'default'; const state = core.getState(constants_1.State.CacheMatchedKey); @@ -86749,13 +86758,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? ( }) : function(o, v) { o["default"] = v; }); -var __importStar = (this && this.__importStar) || function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); - __setModuleDefault(result, mod); - return result; -}; +var __importStar = (this && this.__importStar) || (function () { + var ownKeys = function(o) { + ownKeys = Object.getOwnPropertyNames || function (o) { + var ar = []; + for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys(o); + }; + return function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); + __setModuleDefault(result, mod); + return result; + }; +})(); var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { @@ -86766,7 +86785,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge }); }; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.isCacheFeatureAvailable = exports.isGhes = exports.getCacheDirectoryPath = exports.getPackageManagerInfo = exports.getCommandOutput = void 0; +exports.getCacheDirectoryPath = exports.getPackageManagerInfo = exports.getCommandOutput = void 0; +exports.isGhes = isGhes; +exports.isCacheFeatureAvailable = isCacheFeatureAvailable; const cache = __importStar(__nccwpck_require__(7799)); const core = __importStar(__nccwpck_require__(2186)); const exec = __importStar(__nccwpck_require__(1514)); @@ -86816,7 +86837,6 @@ function isGhes() { const isLocalHost = hostname.endsWith('.LOCALHOST'); return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost; } -exports.isGhes = isGhes; function isCacheFeatureAvailable() { if (cache.isFeatureAvailable()) { return true; @@ -86828,7 +86848,6 @@ function isCacheFeatureAvailable() { core.warning('The runner was not able to contact the cache service. Caching will be skipped'); return false; } -exports.isCacheFeatureAvailable = isCacheFeatureAvailable; /***/ }), diff --git a/dist/setup/index.js b/dist/setup/index.js index 0615d41..e7278d2 100644 --- a/dist/setup/index.js +++ b/dist/setup/index.js @@ -55363,7 +55363,7 @@ function expand(str, isTop) { var isOptions = m.body.indexOf(',') >= 0; if (!isSequence && !isOptions) { // {a},b} - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str = m.pre + '{' + m.body + escClose + m.post; return expand(str); } @@ -92977,13 +92977,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? ( }) : function(o, v) { o["default"] = v; }); -var __importStar = (this && this.__importStar) || function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); - __setModuleDefault(result, mod); - return result; -}; +var __importStar = (this && this.__importStar) || (function () { + var ownKeys = function(o) { + ownKeys = Object.getOwnPropertyNames || function (o) { + var ar = []; + for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys(o); + }; + return function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); + __setModuleDefault(result, mod); + return result; + }; +})(); var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { @@ -93067,13 +93077,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? ( }) : function(o, v) { o["default"] = v; }); -var __importStar = (this && this.__importStar) || function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); - __setModuleDefault(result, mod); - return result; -}; +var __importStar = (this && this.__importStar) || (function () { + var ownKeys = function(o) { + ownKeys = Object.getOwnPropertyNames || function (o) { + var ar = []; + for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys(o); + }; + return function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); + __setModuleDefault(result, mod); + return result; + }; +})(); var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { @@ -93084,7 +93104,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge }); }; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.isCacheFeatureAvailable = exports.isGhes = exports.getCacheDirectoryPath = exports.getPackageManagerInfo = exports.getCommandOutput = void 0; +exports.getCacheDirectoryPath = exports.getPackageManagerInfo = exports.getCommandOutput = void 0; +exports.isGhes = isGhes; +exports.isCacheFeatureAvailable = isCacheFeatureAvailable; const cache = __importStar(__nccwpck_require__(7799)); const core = __importStar(__nccwpck_require__(2186)); const exec = __importStar(__nccwpck_require__(1514)); @@ -93134,7 +93156,6 @@ function isGhes() { const isLocalHost = hostname.endsWith('.LOCALHOST'); return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost; } -exports.isGhes = isGhes; function isCacheFeatureAvailable() { if (cache.isFeatureAvailable()) { return true; @@ -93146,7 +93167,6 @@ function isCacheFeatureAvailable() { core.warning('The runner was not able to contact the cache service. Caching will be skipped'); return false; } -exports.isCacheFeatureAvailable = isCacheFeatureAvailable; /***/ }), @@ -93192,13 +93212,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? ( }) : function(o, v) { o["default"] = v; }); -var __importStar = (this && this.__importStar) || function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); - __setModuleDefault(result, mod); - return result; -}; +var __importStar = (this && this.__importStar) || (function () { + var ownKeys = function(o) { + ownKeys = Object.getOwnPropertyNames || function (o) { + var ar = []; + for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys(o); + }; + return function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); + __setModuleDefault(result, mod); + return result; + }; +})(); var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { @@ -93212,7 +93242,15 @@ var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.resolveStableVersionInput = exports.parseGoVersionFile = exports.makeSemver = exports.getVersionsDist = exports.findMatch = exports.getInfoFromManifest = exports.getManifest = exports.extractGoArchive = exports.getGo = void 0; +exports.getGo = getGo; +exports.extractGoArchive = extractGoArchive; +exports.getManifest = getManifest; +exports.getInfoFromManifest = getInfoFromManifest; +exports.findMatch = findMatch; +exports.getVersionsDist = getVersionsDist; +exports.makeSemver = makeSemver; +exports.parseGoVersionFile = parseGoVersionFile; +exports.resolveStableVersionInput = resolveStableVersionInput; const tc = __importStar(__nccwpck_require__(7784)); const core = __importStar(__nccwpck_require__(2186)); const path = __importStar(__nccwpck_require__(1017)); @@ -93307,7 +93345,6 @@ function getGo(versionSpec_1, checkLatest_1, auth_1) { return downloadPath; }); } -exports.getGo = getGo; function resolveVersionFromManifest(versionSpec, stable, auth, arch, manifest) { return __awaiter(this, void 0, void 0, function* () { try { @@ -93396,7 +93433,6 @@ function extractGoArchive(archivePath) { return extPath; }); } -exports.extractGoArchive = extractGoArchive; function isIToolRelease(obj) { return (typeof obj === 'object' && obj !== null && @@ -93434,7 +93470,6 @@ function getManifest(auth) { return yield getManifestFromURL(); }); } -exports.getManifest = getManifest; function getManifestFromRepo(auth) { core.debug(`Getting manifest from ${MANIFEST_REPO_OWNER}/${MANIFEST_REPO_NAME}@${MANIFEST_REPO_BRANCH}`); return tc.getManifestFromRepo(MANIFEST_REPO_OWNER, MANIFEST_REPO_NAME, auth, MANIFEST_REPO_BRANCH); @@ -93469,7 +93504,6 @@ function getInfoFromManifest(versionSpec_1, stable_1, auth_1) { return info; }); } -exports.getInfoFromManifest = getInfoFromManifest; function getInfoFromDist(versionSpec, arch) { return __awaiter(this, void 0, void 0, function* () { const version = yield findMatch(versionSpec, arch); @@ -93521,7 +93555,6 @@ function findMatch(versionSpec_1) { return result; }); } -exports.findMatch = findMatch; function getVersionsDist(dlUrl) { return __awaiter(this, void 0, void 0, function* () { // this returns versions descending so latest is first @@ -93532,7 +93565,6 @@ function getVersionsDist(dlUrl) { return (yield http.getJson(dlUrl)).result; }); } -exports.getVersionsDist = getVersionsDist; // // Convert the go version syntax into semver for semver matching // 1.13.1 => 1.13.1 @@ -93557,7 +93589,6 @@ function makeSemver(version) { } return fullVersion; } -exports.makeSemver = makeSemver; function parseGoVersionFile(versionFilePath) { const contents = fs_1.default.readFileSync(versionFilePath).toString(); if (path.basename(versionFilePath) === 'go.mod' || @@ -93567,7 +93598,6 @@ function parseGoVersionFile(versionFilePath) { } return contents.trim(); } -exports.parseGoVersionFile = parseGoVersionFile; function resolveStableVersionDist(versionSpec, arch) { return __awaiter(this, void 0, void 0, function* () { const archFilter = sys.getArch(arch); @@ -93606,7 +93636,6 @@ function resolveStableVersionInput(versionSpec, arch, platform, manifest) { } }); } -exports.resolveStableVersionInput = resolveStableVersionInput; /***/ }), @@ -93632,13 +93661,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? ( }) : function(o, v) { o["default"] = v; }); -var __importStar = (this && this.__importStar) || function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); - __setModuleDefault(result, mod); - return result; -}; +var __importStar = (this && this.__importStar) || (function () { + var ownKeys = function(o) { + ownKeys = Object.getOwnPropertyNames || function (o) { + var ar = []; + for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys(o); + }; + return function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); + __setModuleDefault(result, mod); + return result; + }; +})(); var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { @@ -93652,7 +93691,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.parseGoVersion = exports.addBinToPath = exports.run = void 0; +exports.run = run; +exports.addBinToPath = addBinToPath; +exports.parseGoVersion = parseGoVersion; const core = __importStar(__nccwpck_require__(2186)); const io = __importStar(__nccwpck_require__(7436)); const installer = __importStar(__nccwpck_require__(2574)); @@ -93726,7 +93767,6 @@ function run() { } }); } -exports.run = run; function addBinToPath() { return __awaiter(this, void 0, void 0, function* () { let added = false; @@ -93756,7 +93796,6 @@ function addBinToPath() { return added; }); } -exports.addBinToPath = addBinToPath; function parseGoVersion(versionString) { // get the installed version as an Action output // based on go/src/cmd/go/internal/version/version.go: @@ -93764,7 +93803,6 @@ function parseGoVersion(versionString) { // expecting go for runtime.Version() return versionString.split(' ')[2].slice('go'.length); } -exports.parseGoVersion = parseGoVersion; function resolveVersionInput() { let version = core.getInput('go-version'); const versionFilePath = core.getInput('go-version-file'); @@ -93812,7 +93850,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.getArch = exports.getPlatform = void 0; +exports.getPlatform = getPlatform; +exports.getArch = getArch; const os_1 = __importDefault(__nccwpck_require__(2037)); function getPlatform() { // darwin and linux match already @@ -93825,7 +93864,6 @@ function getPlatform() { } return plat; } -exports.getPlatform = getPlatform; function getArch(arch) { // 'arm', 'arm64', 'ia32', 'mips', 'mipsel', 'ppc', 'ppc64', 's390', 's390x', 'x32', and 'x64'. // wants amd64, 386, arm64, armv61, ppc641e, s390x @@ -93846,7 +93884,6 @@ function getArch(arch) { } return arch; } -exports.getArch = getArch; /***/ }), diff --git a/package-lock.json b/package-lock.json index b21ba01..b441b73 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1959,9 +1959,9 @@ } }, "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz", + "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==", "dev": true, "license": "MIT", "dependencies": { @@ -2315,9 +2315,10 @@ "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" }, "node_modules/brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "license": "MIT", "dependencies": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -3281,9 +3282,9 @@ } }, "node_modules/filelist/node_modules/brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz", + "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==", "dev": true, "license": "MIT", "dependencies": {