diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index a8f5be4a..6633406b 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -32,7 +32,7 @@ jobs: run: npm run bootstrap - name: audit tools (without allow-list) - run: npm audit --audit-level=moderate + run: npm audit --audit-level=moderate --omit dev - name: audit packages run: npm run audit-all diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index 3f69cb63..592f7707 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -1,5 +1,7 @@ name: Publish NPM +run-name: Publish NPM - ${{ github.event.inputs.package }} + on: workflow_dispatch: inputs: diff --git a/package-lock.json b/package-lock.json index 88646d46..6ebe4c24 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6569,12 +6569,13 @@ } }, "node_modules/axios": { - "version": "1.6.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.2.tgz", - "integrity": "sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==", + "version": "1.7.4", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz", + "integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==", "dev": true, + "license": "MIT", "dependencies": { - "follow-redirects": "^1.15.0", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } @@ -6829,12 +6830,12 @@ } }, "node_modules/braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "dev": true, "dependencies": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" }, "engines": { "node": ">=8" @@ -8242,9 +8243,9 @@ } }, "node_modules/ejs": { - "version": "3.1.9", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.9.tgz", - "integrity": "sha512-rC+QVNMJWv+MtPgkt0y+0rVEIdbtxVADApW9JXrUVlzHetgcyczP/E7DJmWJ4fJCZF2cPcBk0laWO9ZHMG3DmQ==", + "version": "3.1.10", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==", "dev": true, "dependencies": { "jake": "^10.8.5" @@ -9316,9 +9317,9 @@ } }, "node_modules/fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "dev": true, "dependencies": { "to-regex-range": "^5.0.1" diff --git a/packages/artifact/RELEASES.md b/packages/artifact/RELEASES.md index afc7f6a7..6688ad45 100644 --- a/packages/artifact/RELEASES.md +++ b/packages/artifact/RELEASES.md @@ -1,5 +1,14 @@ # @actions/artifact Releases +### 2.1.9 + +- Fixed artifact upload chunk timeout logic [#1774](https://github.com/actions/toolkit/pull/1774) +- Use lazy stream to prevent issues with open file limits [#1771](https://github.com/actions/toolkit/pull/1771) + +### 2.1.8 + +- Allows `*.localhost` domains for hostname checks for local development. + ### 2.1.7 - Update unzip-stream dependency and reverted to using `unzip.Extract()` diff --git a/packages/artifact/__tests__/config.test.ts b/packages/artifact/__tests__/config.test.ts index 5afed94d..b9ef643c 100644 --- a/packages/artifact/__tests__/config.test.ts +++ b/packages/artifact/__tests__/config.test.ts @@ -20,6 +20,11 @@ describe('isGhes', () => { expect(config.isGhes()).toBe(false) }) + it('should return false when the request domain ends with .localhost', () => { + process.env.GITHUB_SERVER_URL = 'https://github.localhost' + expect(config.isGhes()).toBe(false) + }) + it('should return false when the request domain is specific to an enterprise', () => { process.env.GITHUB_SERVER_URL = 'https://my-enterprise.github.com' expect(config.isGhes()).toBe(true) diff --git a/packages/artifact/__tests__/upload-artifact.test.ts b/packages/artifact/__tests__/upload-artifact.test.ts index 1761fa01..cd383db9 100644 --- a/packages/artifact/__tests__/upload-artifact.test.ts +++ b/packages/artifact/__tests__/upload-artifact.test.ts @@ -1,260 +1,137 @@ import * as uploadZipSpecification from '../src/internal/upload/upload-zip-specification' import * as zip from '../src/internal/upload/zip' import * as util from '../src/internal/shared/util' -import * as retention from '../src/internal/upload/retention' import * as config from '../src/internal/shared/config' -import {Timestamp, ArtifactServiceClientJSON} from '../src/generated' +import {ArtifactServiceClientJSON} from '../src/generated' import * as blobUpload from '../src/internal/upload/blob-upload' import {uploadArtifact} from '../src/internal/upload/upload-artifact' import {noopLogs} from './common' import {FilesNotFoundError} from '../src/internal/shared/errors' -import {BlockBlobClient} from '@azure/storage-blob' +import {BlockBlobUploadStreamOptions} from '@azure/storage-blob' import * as fs from 'fs' import * as path from 'path' +const uploadStreamMock = jest.fn() +const blockBlobClientMock = jest.fn().mockImplementation(() => ({ + uploadStream: uploadStreamMock +})) + +jest.mock('@azure/storage-blob', () => ({ + BlobClient: jest.fn().mockImplementation(() => { + return { + getBlockBlobClient: blockBlobClientMock + } + }) +})) + +const fixtures = { + uploadDirectory: path.join(__dirname, '_temp', 'plz-upload'), + files: [ + ['file1.txt', 'test 1 file content'], + ['file2.txt', 'test 2 file content'], + ['file3.txt', 'test 3 file content'] + ], + backendIDs: { + workflowRunBackendId: '67dbcc20-e851-4452-a7c3-2cc0d2e0ec67', + workflowJobRunBackendId: '5f49179d-3386-4c38-85f7-00f8138facd0' + }, + runtimeToken: 'test-token', + resultsServiceURL: 'http://results.local', + inputs: { + artifactName: 'test-artifact', + files: [ + '/home/user/files/plz-upload/file1.txt', + '/home/user/files/plz-upload/file2.txt', + '/home/user/files/plz-upload/dir/file3.txt' + ], + rootDirectory: '/home/user/files/plz-upload' + } +} + describe('upload-artifact', () => { + beforeAll(() => { + if (!fs.existsSync(fixtures.uploadDirectory)) { + fs.mkdirSync(fixtures.uploadDirectory, {recursive: true}) + } + + for (const [file, content] of fixtures.files) { + fs.writeFileSync(path.join(fixtures.uploadDirectory, file), content) + } + }) + beforeEach(() => { noopLogs() + jest + .spyOn(uploadZipSpecification, 'validateRootDirectory') + .mockReturnValue() + jest + .spyOn(util, 'getBackendIdsFromToken') + .mockReturnValue(fixtures.backendIDs) + jest + .spyOn(uploadZipSpecification, 'getUploadZipSpecification') + .mockReturnValue( + fixtures.files.map(file => ({ + sourcePath: path.join(fixtures.uploadDirectory, file[0]), + destinationPath: file[0] + })) + ) + jest.spyOn(config, 'getRuntimeToken').mockReturnValue(fixtures.runtimeToken) + jest + .spyOn(config, 'getResultsServiceUrl') + .mockReturnValue(fixtures.resultsServiceURL) }) afterEach(() => { jest.restoreAllMocks() }) - it('should successfully upload an artifact', () => { - const mockDate = new Date('2020-01-01') - jest - .spyOn(uploadZipSpecification, 'validateRootDirectory') - .mockReturnValue() - jest - .spyOn(uploadZipSpecification, 'getUploadZipSpecification') - .mockReturnValue([ - { - sourcePath: '/home/user/files/plz-upload/file1.txt', - destinationPath: 'file1.txt' - }, - { - sourcePath: '/home/user/files/plz-upload/file2.txt', - destinationPath: 'file2.txt' - }, - { - sourcePath: '/home/user/files/plz-upload/dir/file3.txt', - destinationPath: 'dir/file3.txt' - } - ]) - - jest - .spyOn(zip, 'createZipUploadStream') - .mockReturnValue(Promise.resolve(new zip.ZipUploadStream(1))) - jest.spyOn(util, 'getBackendIdsFromToken').mockReturnValue({ - workflowRunBackendId: '1234', - workflowJobRunBackendId: '5678' - }) - jest - .spyOn(retention, 'getExpiration') - .mockReturnValue(Timestamp.fromDate(mockDate)) - jest - .spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact') - .mockReturnValue( - Promise.resolve({ - ok: true, - signedUploadUrl: 'https://signed-upload-url.com' - }) - ) - jest.spyOn(blobUpload, 'uploadZipToBlobStorage').mockReturnValue( - Promise.resolve({ - uploadSize: 1234, - sha256Hash: 'test-sha256-hash' - }) - ) - jest - .spyOn(ArtifactServiceClientJSON.prototype, 'FinalizeArtifact') - .mockReturnValue(Promise.resolve({ok: true, artifactId: '1'})) - - // ArtifactHttpClient mocks - jest.spyOn(config, 'getRuntimeToken').mockReturnValue('test-token') - jest - .spyOn(config, 'getResultsServiceUrl') - .mockReturnValue('https://test-url.com') - - const uploadResp = uploadArtifact( - 'test-artifact', - [ - '/home/user/files/plz-upload/file1.txt', - '/home/user/files/plz-upload/file2.txt', - '/home/user/files/plz-upload/dir/file3.txt' - ], - '/home/user/files/plz-upload' - ) - - expect(uploadResp).resolves.toEqual({size: 1234, id: 1}) - }) - - it('should throw an error if the root directory is invalid', () => { - jest - .spyOn(uploadZipSpecification, 'validateRootDirectory') - .mockImplementation(() => { - throw new Error('Invalid root directory') - }) - - const uploadResp = uploadArtifact( - 'test-artifact', - [ - '/home/user/files/plz-upload/file1.txt', - '/home/user/files/plz-upload/file2.txt', - '/home/user/files/plz-upload/dir/file3.txt' - ], - '/home/user/files/plz-upload' - ) - - expect(uploadResp).rejects.toThrow('Invalid root directory') - }) - - it('should reject if there are no files to upload', () => { - jest - .spyOn(uploadZipSpecification, 'validateRootDirectory') - .mockReturnValue() + it('should reject if there are no files to upload', async () => { jest .spyOn(uploadZipSpecification, 'getUploadZipSpecification') + .mockClear() .mockReturnValue([]) const uploadResp = uploadArtifact( - 'test-artifact', - [ - '/home/user/files/plz-upload/file1.txt', - '/home/user/files/plz-upload/file2.txt', - '/home/user/files/plz-upload/dir/file3.txt' - ], - '/home/user/files/plz-upload' + fixtures.inputs.artifactName, + fixtures.inputs.files, + fixtures.inputs.rootDirectory ) - expect(uploadResp).rejects.toThrowError(FilesNotFoundError) + await expect(uploadResp).rejects.toThrowError(FilesNotFoundError) }) - it('should reject if no backend IDs are found', () => { - jest - .spyOn(uploadZipSpecification, 'validateRootDirectory') - .mockReturnValue() - jest - .spyOn(uploadZipSpecification, 'getUploadZipSpecification') - .mockReturnValue([ - { - sourcePath: '/home/user/files/plz-upload/file1.txt', - destinationPath: 'file1.txt' - }, - { - sourcePath: '/home/user/files/plz-upload/file2.txt', - destinationPath: 'file2.txt' - }, - { - sourcePath: '/home/user/files/plz-upload/dir/file3.txt', - destinationPath: 'dir/file3.txt' - } - ]) - - jest - .spyOn(zip, 'createZipUploadStream') - .mockReturnValue(Promise.resolve(new zip.ZipUploadStream(1))) + it('should reject if no backend IDs are found', async () => { + jest.spyOn(util, 'getBackendIdsFromToken').mockRestore() const uploadResp = uploadArtifact( - 'test-artifact', - [ - '/home/user/files/plz-upload/file1.txt', - '/home/user/files/plz-upload/file2.txt', - '/home/user/files/plz-upload/dir/file3.txt' - ], - '/home/user/files/plz-upload' + fixtures.inputs.artifactName, + fixtures.inputs.files, + fixtures.inputs.rootDirectory ) - expect(uploadResp).rejects.toThrow() + await expect(uploadResp).rejects.toThrow() }) - it('should return false if the creation request fails', () => { - const mockDate = new Date('2020-01-01') - jest - .spyOn(uploadZipSpecification, 'validateRootDirectory') - .mockReturnValue() - jest - .spyOn(uploadZipSpecification, 'getUploadZipSpecification') - .mockReturnValue([ - { - sourcePath: '/home/user/files/plz-upload/file1.txt', - destinationPath: 'file1.txt' - }, - { - sourcePath: '/home/user/files/plz-upload/file2.txt', - destinationPath: 'file2.txt' - }, - { - sourcePath: '/home/user/files/plz-upload/dir/file3.txt', - destinationPath: 'dir/file3.txt' - } - ]) - + it('should return false if the creation request fails', async () => { jest .spyOn(zip, 'createZipUploadStream') .mockReturnValue(Promise.resolve(new zip.ZipUploadStream(1))) - jest.spyOn(util, 'getBackendIdsFromToken').mockReturnValue({ - workflowRunBackendId: '1234', - workflowJobRunBackendId: '5678' - }) - jest - .spyOn(retention, 'getExpiration') - .mockReturnValue(Timestamp.fromDate(mockDate)) jest .spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact') .mockReturnValue(Promise.resolve({ok: false, signedUploadUrl: ''})) - // ArtifactHttpClient mocks - jest.spyOn(config, 'getRuntimeToken').mockReturnValue('test-token') - jest - .spyOn(config, 'getResultsServiceUrl') - .mockReturnValue('https://test-url.com') - const uploadResp = uploadArtifact( - 'test-artifact', - [ - '/home/user/files/plz-upload/file1.txt', - '/home/user/files/plz-upload/file2.txt', - '/home/user/files/plz-upload/dir/file3.txt' - ], - '/home/user/files/plz-upload' + fixtures.inputs.artifactName, + fixtures.inputs.files, + fixtures.inputs.rootDirectory ) - expect(uploadResp).rejects.toThrow() + await expect(uploadResp).rejects.toThrow() }) - it('should return false if blob storage upload is unsuccessful', () => { - const mockDate = new Date('2020-01-01') - jest - .spyOn(uploadZipSpecification, 'validateRootDirectory') - .mockReturnValue() - jest - .spyOn(uploadZipSpecification, 'getUploadZipSpecification') - .mockReturnValue([ - { - sourcePath: '/home/user/files/plz-upload/file1.txt', - destinationPath: 'file1.txt' - }, - { - sourcePath: '/home/user/files/plz-upload/file2.txt', - destinationPath: 'file2.txt' - }, - { - sourcePath: '/home/user/files/plz-upload/dir/file3.txt', - destinationPath: 'dir/file3.txt' - } - ]) - + it('should return false if blob storage upload is unsuccessful', async () => { jest .spyOn(zip, 'createZipUploadStream') .mockReturnValue(Promise.resolve(new zip.ZipUploadStream(1))) - jest.spyOn(util, 'getBackendIdsFromToken').mockReturnValue({ - workflowRunBackendId: '1234', - workflowJobRunBackendId: '5678' - }) - jest - .spyOn(retention, 'getExpiration') - .mockReturnValue(Timestamp.fromDate(mockDate)) jest .spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact') .mockReturnValue( @@ -267,57 +144,19 @@ describe('upload-artifact', () => { .spyOn(blobUpload, 'uploadZipToBlobStorage') .mockReturnValue(Promise.reject(new Error('boom'))) - // ArtifactHttpClient mocks - jest.spyOn(config, 'getRuntimeToken').mockReturnValue('test-token') - jest - .spyOn(config, 'getResultsServiceUrl') - .mockReturnValue('https://test-url.com') - const uploadResp = uploadArtifact( - 'test-artifact', - [ - '/home/user/files/plz-upload/file1.txt', - '/home/user/files/plz-upload/file2.txt', - '/home/user/files/plz-upload/dir/file3.txt' - ], - '/home/user/files/plz-upload' + fixtures.inputs.artifactName, + fixtures.inputs.files, + fixtures.inputs.rootDirectory ) - expect(uploadResp).rejects.toThrow() + await expect(uploadResp).rejects.toThrow() }) - it('should reject if finalize artifact fails', () => { - const mockDate = new Date('2020-01-01') - jest - .spyOn(uploadZipSpecification, 'validateRootDirectory') - .mockReturnValue() - jest - .spyOn(uploadZipSpecification, 'getUploadZipSpecification') - .mockReturnValue([ - { - sourcePath: '/home/user/files/plz-upload/file1.txt', - destinationPath: 'file1.txt' - }, - { - sourcePath: '/home/user/files/plz-upload/file2.txt', - destinationPath: 'file2.txt' - }, - { - sourcePath: '/home/user/files/plz-upload/dir/file3.txt', - destinationPath: 'dir/file3.txt' - } - ]) - + it('should reject if finalize artifact fails', async () => { jest .spyOn(zip, 'createZipUploadStream') .mockReturnValue(Promise.resolve(new zip.ZipUploadStream(1))) - jest.spyOn(util, 'getBackendIdsFromToken').mockReturnValue({ - workflowRunBackendId: '1234', - workflowJobRunBackendId: '5678' - }) - jest - .spyOn(retention, 'getExpiration') - .mockReturnValue(Timestamp.fromDate(mockDate)) jest .spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact') .mockReturnValue( @@ -336,112 +175,113 @@ describe('upload-artifact', () => { .spyOn(ArtifactServiceClientJSON.prototype, 'FinalizeArtifact') .mockReturnValue(Promise.resolve({ok: false, artifactId: ''})) - // ArtifactHttpClient mocks - jest.spyOn(config, 'getRuntimeToken').mockReturnValue('test-token') - jest - .spyOn(config, 'getResultsServiceUrl') - .mockReturnValue('https://test-url.com') - const uploadResp = uploadArtifact( - 'test-artifact', - [ - '/home/user/files/plz-upload/file1.txt', - '/home/user/files/plz-upload/file2.txt', - '/home/user/files/plz-upload/dir/file3.txt' - ], - '/home/user/files/plz-upload' + fixtures.inputs.artifactName, + fixtures.inputs.files, + fixtures.inputs.rootDirectory ) - expect(uploadResp).rejects.toThrow() + await expect(uploadResp).rejects.toThrow() }) - it('should throw an error uploading blob chunks get delayed', async () => { - const mockDate = new Date('2020-01-01') - const dirPath = path.join(__dirname, `plz-upload`) - if (!fs.existsSync(dirPath)) { - fs.mkdirSync(dirPath, {recursive: true}) - } - - fs.writeFileSync(path.join(dirPath, 'file1.txt'), 'test file content') - fs.writeFileSync(path.join(dirPath, 'file2.txt'), 'test file content') - - fs.writeFileSync(path.join(dirPath, 'file3.txt'), 'test file content') - - jest - .spyOn(uploadZipSpecification, 'validateRootDirectory') - .mockReturnValue() - jest - .spyOn(uploadZipSpecification, 'getUploadZipSpecification') - .mockReturnValue([ - { - sourcePath: path.join(dirPath, 'file1.txt'), - destinationPath: 'file1.txt' - }, - { - sourcePath: path.join(dirPath, 'file2.txt'), - destinationPath: 'file2.txt' - }, - { - sourcePath: path.join(dirPath, 'file3.txt'), - destinationPath: 'dir/file3.txt' - } - ]) - - jest.spyOn(util, 'getBackendIdsFromToken').mockReturnValue({ - workflowRunBackendId: '1234', - workflowJobRunBackendId: '5678' - }) - jest - .spyOn(retention, 'getExpiration') - .mockReturnValue(Timestamp.fromDate(mockDate)) + it('should successfully upload an artifact', async () => { jest .spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact') .mockReturnValue( Promise.resolve({ ok: true, - signedUploadUrl: 'https://signed-upload-url.com' + signedUploadUrl: 'https://signed-upload-url.local' }) ) jest - .spyOn(blobUpload, 'uploadZipToBlobStorage') - .mockReturnValue(Promise.reject(new Error('Upload progress stalled.'))) - - // ArtifactHttpClient mocks - jest.spyOn(config, 'getRuntimeToken').mockReturnValue('test-token') - jest - .spyOn(config, 'getResultsServiceUrl') - .mockReturnValue('https://test-url.com') - - BlockBlobClient.prototype.uploadStream = jest - .fn() - .mockImplementation( - async (stream, bufferSize, maxConcurrency, options) => { - return new Promise(resolve => { - // Call the onProgress callback with a progress event - options.onProgress({loadedBytes: 0}) - - // Wait for 31 seconds before resolving the promise - setTimeout(() => { - // Call the onProgress callback again to simulate progress - options.onProgress({loadedBytes: 100}) - - resolve() - }, 31000) // Delay longer than your timeout - }) - } + .spyOn(ArtifactServiceClientJSON.prototype, 'FinalizeArtifact') + .mockReturnValue( + Promise.resolve({ + ok: true, + artifactId: '1' + }) ) - jest.mock('fs') - const uploadResp = uploadArtifact( - 'test-artifact', - [ - '/home/user/files/plz-upload/file1.txt', - '/home/user/files/plz-upload/file2.txt', - '/home/user/files/plz-upload/dir/file3.txt' - ], - '/home/user/files/plz-upload' + uploadStreamMock.mockImplementation( + async ( + stream: NodeJS.ReadableStream, + bufferSize?: number, + maxConcurrency?: number, + options?: BlockBlobUploadStreamOptions + ) => { + const {onProgress, abortSignal} = options || {} + + onProgress?.({loadedBytes: 0}) + + return new Promise(resolve => { + const timerId = setTimeout(() => { + onProgress?.({loadedBytes: 256}) + resolve({}) + }, 1_000) + abortSignal?.addEventListener('abort', () => { + clearTimeout(timerId) + resolve({}) + }) + }) + } ) - expect(uploadResp).rejects.toThrow('Upload progress stalled.') + const {id, size} = await uploadArtifact( + fixtures.inputs.artifactName, + fixtures.inputs.files, + fixtures.inputs.rootDirectory + ) + + expect(id).toBe(1) + expect(size).toBe(256) + }) + + it('should throw an error uploading blob chunks get delayed', async () => { + jest + .spyOn(ArtifactServiceClientJSON.prototype, 'CreateArtifact') + .mockReturnValue( + Promise.resolve({ + ok: true, + signedUploadUrl: 'https://signed-upload-url.local' + }) + ) + jest + .spyOn(ArtifactServiceClientJSON.prototype, 'FinalizeArtifact') + .mockReturnValue( + Promise.resolve({ + ok: true, + artifactId: '1' + }) + ) + jest + .spyOn(config, 'getResultsServiceUrl') + .mockReturnValue('https://results.local') + + jest.spyOn(config, 'getUploadChunkTimeout').mockReturnValue(2_000) + + uploadStreamMock.mockImplementation( + async ( + stream: NodeJS.ReadableStream, + bufferSize?: number, + maxConcurrency?: number, + options?: BlockBlobUploadStreamOptions + ) => { + const {onProgress, abortSignal} = options || {} + onProgress?.({loadedBytes: 0}) + return new Promise(resolve => { + abortSignal?.addEventListener('abort', () => { + resolve({}) + }) + }) + } + ) + + const uploadResp = uploadArtifact( + fixtures.inputs.artifactName, + fixtures.inputs.files, + fixtures.inputs.rootDirectory + ) + + await expect(uploadResp).rejects.toThrow('Upload progress stalled.') }) }) diff --git a/packages/artifact/package-lock.json b/packages/artifact/package-lock.json index dce18974..809562ab 100644 --- a/packages/artifact/package-lock.json +++ b/packages/artifact/package-lock.json @@ -1,12 +1,12 @@ { "name": "@actions/artifact", - "version": "2.1.7", + "version": "2.1.9", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@actions/artifact", - "version": "2.1.7", + "version": "2.1.9", "license": "MIT", "dependencies": { "@actions/core": "^1.10.0", diff --git a/packages/artifact/package.json b/packages/artifact/package.json index ab84d0f2..fefa6abe 100644 --- a/packages/artifact/package.json +++ b/packages/artifact/package.json @@ -1,6 +1,6 @@ { "name": "@actions/artifact", - "version": "2.1.7", + "version": "2.1.9", "preview": true, "description": "Actions artifact lib", "keywords": [ diff --git a/packages/artifact/src/internal/shared/config.ts b/packages/artifact/src/internal/shared/config.ts index 089fae14..047d3b98 100644 --- a/packages/artifact/src/internal/shared/config.ts +++ b/packages/artifact/src/internal/shared/config.ts @@ -30,10 +30,10 @@ export function isGhes(): boolean { const hostname = ghUrl.hostname.trimEnd().toUpperCase() const isGitHubHost = hostname === 'GITHUB.COM' - const isGheHost = - hostname.endsWith('.GHE.COM') || hostname.endsWith('.GHE.LOCALHOST') + const isGheHost = hostname.endsWith('.GHE.COM') + const isLocalHost = hostname.endsWith('.LOCALHOST') - return !isGitHubHost && !isGheHost + return !isGitHubHost && !isGheHost && !isLocalHost } export function getGitHubWorkspaceDir(): string { @@ -57,3 +57,7 @@ export function getConcurrency(): number { const concurrency = 16 * numCPUs return concurrency > 300 ? 300 : concurrency } + +export function getUploadChunkTimeout(): number { + return 300_000 // 5 minutes +} diff --git a/packages/artifact/src/internal/upload/blob-upload.ts b/packages/artifact/src/internal/upload/blob-upload.ts index 6c62fd49..331ee878 100644 --- a/packages/artifact/src/internal/upload/blob-upload.ts +++ b/packages/artifact/src/internal/upload/blob-upload.ts @@ -1,7 +1,11 @@ import {BlobClient, BlockBlobUploadStreamOptions} from '@azure/storage-blob' import {TransferProgressEvent} from '@azure/core-http' import {ZipUploadStream} from './zip' -import {getUploadChunkSize, getConcurrency} from '../shared/config' +import { + getUploadChunkSize, + getConcurrency, + getUploadChunkTimeout +} from '../shared/config' import * as core from '@actions/core' import * as crypto from 'crypto' import * as stream from 'stream' @@ -25,29 +29,26 @@ export async function uploadZipToBlobStorage( ): Promise { let uploadByteCount = 0 let lastProgressTime = Date.now() - let timeoutId: NodeJS.Timeout | undefined + const abortController = new AbortController() - const chunkTimer = (timeout: number): NodeJS.Timeout => { - // clear the previous timeout - if (timeoutId) { - clearTimeout(timeoutId) - } + const chunkTimer = async (interval: number): Promise => + new Promise((resolve, reject) => { + const timer = setInterval(() => { + if (Date.now() - lastProgressTime > interval) { + reject(new Error('Upload progress stalled.')) + } + }, interval) + + abortController.signal.addEventListener('abort', () => { + clearInterval(timer) + resolve() + }) + }) - timeoutId = setTimeout(() => { - const now = Date.now() - // if there's been more than 30 seconds since the - // last progress event, then we'll consider the upload stalled - if (now - lastProgressTime > timeout) { - throw new Error('Upload progress stalled.') - } - }, timeout) - return timeoutId - } const maxConcurrency = getConcurrency() const bufferSize = getUploadChunkSize() const blobClient = new BlobClient(authenticatedUploadURL) const blockBlobClient = blobClient.getBlockBlobClient() - const timeoutDuration = 300000 // 30 seconds core.debug( `Uploading artifact zip to blob storage with maxConcurrency: ${maxConcurrency}, bufferSize: ${bufferSize}` @@ -56,13 +57,13 @@ export async function uploadZipToBlobStorage( const uploadCallback = (progress: TransferProgressEvent): void => { core.info(`Uploaded bytes ${progress.loadedBytes}`) uploadByteCount = progress.loadedBytes - chunkTimer(timeoutDuration) lastProgressTime = Date.now() } const options: BlockBlobUploadStreamOptions = { blobHTTPHeaders: {blobContentType: 'zip'}, - onProgress: uploadCallback + onProgress: uploadCallback, + abortSignal: abortController.signal } let sha256Hash: string | undefined = undefined @@ -75,24 +76,22 @@ export async function uploadZipToBlobStorage( core.info('Beginning upload of artifact content to blob storage') try { - // Start the chunk timer - timeoutId = chunkTimer(timeoutDuration) - await blockBlobClient.uploadStream( - uploadStream, - bufferSize, - maxConcurrency, - options - ) + await Promise.race([ + blockBlobClient.uploadStream( + uploadStream, + bufferSize, + maxConcurrency, + options + ), + chunkTimer(getUploadChunkTimeout()) + ]) } catch (error) { if (NetworkError.isNetworkErrorCode(error?.code)) { throw new NetworkError(error?.code) } throw error } finally { - // clear the timeout whether or not the upload completes - if (timeoutId) { - clearTimeout(timeoutId) - } + abortController.abort() } core.info('Finished uploading artifact content to blob storage!') diff --git a/packages/artifact/src/internal/upload/zip.ts b/packages/artifact/src/internal/upload/zip.ts index 5a923119..10433fb8 100644 --- a/packages/artifact/src/internal/upload/zip.ts +++ b/packages/artifact/src/internal/upload/zip.ts @@ -1,7 +1,6 @@ import * as stream from 'stream' import * as archiver from 'archiver' import * as core from '@actions/core' -import {createReadStream} from 'fs' import {UploadZipSpecification} from './upload-zip-specification' import {getUploadChunkSize} from '../shared/config' @@ -44,7 +43,7 @@ export async function createZipUploadStream( for (const file of uploadSpecification) { if (file.sourcePath !== null) { // Add a normal file to the zip - zip.append(createReadStream(file.sourcePath), { + zip.file(file.sourcePath, { name: file.destinationPath }) } else { diff --git a/packages/attest/README.md b/packages/attest/README.md index 56e2adb5..8f004399 100644 --- a/packages/attest/README.md +++ b/packages/attest/README.md @@ -63,6 +63,8 @@ export type AttestOptions = { // Sigstore instance to use for signing. Must be one of "public-good" or // "github". sigstore?: 'public-good' | 'github' + // HTTP headers to include in request to attestations API. + headers?: {[header: string]: string | number | undefined} // Whether to skip writing the attestation to the GH attestations API. skipWrite?: boolean } @@ -113,6 +115,8 @@ export type AttestProvenanceOptions = { // Sigstore instance to use for signing. Must be one of "public-good" or // "github". sigstore?: 'public-good' | 'github' + // HTTP headers to include in request to attestations API. + headers?: {[header: string]: string | number | undefined} // Whether to skip writing the attestation to the GH attestations API. skipWrite?: boolean // Issuer URL responsible for minting the OIDC token from which the diff --git a/packages/attest/RELEASES.md b/packages/attest/RELEASES.md index 60d08dd8..722fcd46 100644 --- a/packages/attest/RELEASES.md +++ b/packages/attest/RELEASES.md @@ -1,19 +1,42 @@ # @actions/attest Releases +### 1.4.2 + +- Fix bug in `buildSLSAProvenancePredicate`/`attestProvenance` when generating provenance statement for enterprise account using customized OIDC issuer value [#1823](https://github.com/actions/toolkit/pull/1823) +### 1.4.1 + +- Bump @actions/http-client from 2.2.1 to 2.2.3 [#1805](https://github.com/actions/toolkit/pull/1805) + +### 1.4.0 + +- Add new `headers` parameter to the `attest` and `attestProvenance` functions [#1790](https://github.com/actions/toolkit/pull/1790) +- Update `buildSLSAProvenancePredicate`/`attestProvenance` to automatically derive default OIDC issuer URL from current execution context [#1796](https://github.com/actions/toolkit/pull/1796) +### 1.3.1 + +- Fix bug with proxy support when retrieving JWKS for OIDC issuer [#1776](https://github.com/actions/toolkit/pull/1776) + +### 1.3.0 + +- Dynamic construction of Sigstore API URLs [#1735](https://github.com/actions/toolkit/pull/1735) +- Switch to new GH provenance build type [#1745](https://github.com/actions/toolkit/pull/1745) +- Fetch existing Rekor entry on 409 conflict error [#1759](https://github.com/actions/toolkit/pull/1759) +- Bump @sigstore/bundle from 2.3.0 to 2.3.2 [#1738](https://github.com/actions/toolkit/pull/1738) +- Bump @sigstore/sign from 2.3.0 to 2.3.2 [#1738](https://github.com/actions/toolkit/pull/1738) + ### 1.2.1 -- Retry request on attestation persistence failure +- Retry request on attestation persistence failure [#1725](https://github.com/actions/toolkit/pull/1725) ### 1.2.0 -- Generate attestations using the v0.3 Sigstore bundle format. -- Bump @sigstore/bundle from 2.2.0 to 2.3.0. -- Bump @sigstore/sign from 2.2.3 to 2.3.0. -- Remove dependency on make-fetch-happen +- Generate attestations using the v0.3 Sigstore bundle format [#1701](https://github.com/actions/toolkit/pull/1701) +- Bump @sigstore/bundle from 2.2.0 to 2.3.0 [#1701](https://github.com/actions/toolkit/pull/1701) +- Bump @sigstore/sign from 2.2.3 to 2.3.0 [#1701](https://github.com/actions/toolkit/pull/1701) +- Remove dependency on make-fetch-happen [#1714](https://github.com/actions/toolkit/pull/1714) ### 1.1.0 -- Updates the `attestProvenance` function to retrieve a token from the GitHub OIDC provider and use the token claims to populate the provenance statement. +- Updates the `attestProvenance` function to retrieve a token from the GitHub OIDC provider and use the token claims to populate the provenance statement [#1693](https://github.com/actions/toolkit/pull/1693) ### 1.0.0 diff --git a/packages/attest/__tests__/__snapshots__/provenance.test.ts.snap b/packages/attest/__tests__/__snapshots__/provenance.test.ts.snap index 2aed4a16..4c199dae 100644 --- a/packages/attest/__tests__/__snapshots__/provenance.test.ts.snap +++ b/packages/attest/__tests__/__snapshots__/provenance.test.ts.snap @@ -4,12 +4,12 @@ exports[`provenance functions buildSLSAProvenancePredicate returns a provenance { "params": { "buildDefinition": { - "buildType": "https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1", + "buildType": "https://actions.github.io/buildtypes/workflow/v1", "externalParameters": { "workflow": { "path": ".github/workflows/main.yml", "ref": "main", - "repository": "https://github.com/owner/repo", + "repository": "https://foo.ghe.com/owner/repo", }, }, "internalParameters": { @@ -17,6 +17,7 @@ exports[`provenance functions buildSLSAProvenancePredicate returns a provenance "event_name": "push", "repository_id": "repo-id", "repository_owner_id": "owner-id", + "runner_environment": "github-hosted", }, }, "resolvedDependencies": [ @@ -24,16 +25,16 @@ exports[`provenance functions buildSLSAProvenancePredicate returns a provenance "digest": { "gitCommit": "babca52ab0c93ae16539e5923cb0d7403b9a093b", }, - "uri": "git+https://github.com/owner/repo@refs/heads/main", + "uri": "git+https://foo.ghe.com/owner/repo@refs/heads/main", }, ], }, "runDetails": { "builder": { - "id": "https://github.com/actions/runner/github-hosted", + "id": "https://foo.ghe.com/owner/workflows/.github/workflows/publish.yml@main", }, "metadata": { - "invocationId": "https://github.com/owner/repo/actions/runs/run-id/attempts/run-attempt", + "invocationId": "https://foo.ghe.com/owner/repo/actions/runs/run-id/attempts/run-attempt", }, }, }, diff --git a/packages/attest/__tests__/oidc.test.ts b/packages/attest/__tests__/oidc.test.ts index 5a6a665f..3922325b 100644 --- a/packages/attest/__tests__/oidc.test.ts +++ b/packages/attest/__tests__/oidc.test.ts @@ -45,7 +45,8 @@ describe('getIDTokenClaims', () => { sha: 'sha', repository: 'repo', event_name: 'push', - workflow_ref: 'main', + job_workflow_ref: 'job_workflow_ref', + workflow_ref: 'workflow', repository_id: '1', repository_owner_id: '1', runner_environment: 'github-hosted', @@ -67,6 +68,55 @@ describe('getIDTokenClaims', () => { }) }) + describe('when ID token is valid (w/ enterprise slug)', () => { + const claims = { + iss: `${issuer}/foo-bar`, + aud: audience, + ref: 'ref', + sha: 'sha', + repository: 'repo', + event_name: 'push', + job_workflow_ref: 'job_workflow_ref', + workflow_ref: 'workflow', + repository_id: '1', + repository_owner_id: '1', + runner_environment: 'github-hosted', + run_id: '1', + run_attempt: '1' + } + + beforeEach(async () => { + const jwt = await new jose.SignJWT(claims) + .setProtectedHeader({alg: 'PS256'}) + .sign(key.privateKey) + + nock(issuer).get(tokenPath).query({audience}).reply(200, {value: jwt}) + }) + + it('returns the ID token claims', async () => { + const result = await getIDTokenClaims(issuer) + expect(result).toEqual(claims) + }) + }) + + describe('when ID token is missing the "iss" claim', () => { + const claims = { + aud: audience + } + + beforeEach(async () => { + const jwt = await new jose.SignJWT(claims) + .setProtectedHeader({alg: 'PS256'}) + .sign(key.privateKey) + + nock(issuer).get(tokenPath).query({audience}).reply(200, {value: jwt}) + }) + + it('throws an error', async () => { + await expect(getIDTokenClaims(issuer)).rejects.toThrow(/missing "iss"/i) + }) + }) + describe('when ID token is missing required claims', () => { const claims = { iss: issuer, @@ -98,7 +148,9 @@ describe('getIDTokenClaims', () => { }) it('throws an error', async () => { - await expect(getIDTokenClaims(issuer)).rejects.toThrow(/issuer invalid/) + await expect(getIDTokenClaims(issuer)).rejects.toThrow( + /unexpected "iss"/i + ) }) }) @@ -114,7 +166,7 @@ describe('getIDTokenClaims', () => { }) it('throw an error', async () => { - await expect(getIDTokenClaims(issuer)).rejects.toThrow(/audience invalid/) + await expect(getIDTokenClaims(issuer)).rejects.toThrow(/unexpected "aud"/) }) }) diff --git a/packages/attest/__tests__/provenance.test.ts b/packages/attest/__tests__/provenance.test.ts index f4ac707e..4dbfef58 100644 --- a/packages/attest/__tests__/provenance.test.ts +++ b/packages/attest/__tests__/provenance.test.ts @@ -8,7 +8,7 @@ import {attestProvenance, buildSLSAProvenancePredicate} from '../src/provenance' describe('provenance functions', () => { const originalEnv = process.env - const issuer = 'https://example.com' + const issuer = 'https://token.actions.foo.ghe.com' const audience = 'nobody' const jwksPath = '/.well-known/jwks.json' const tokenPath = '/token' @@ -23,6 +23,7 @@ describe('provenance functions', () => { repository: 'owner/repo', ref: 'refs/heads/main', sha: 'babca52ab0c93ae16539e5923cb0d7403b9a093b', + job_workflow_ref: 'owner/workflows/.github/workflows/publish.yml@main', workflow_ref: 'owner/repo/.github/workflows/main.yml@main', event_name: 'push', repository_id: 'repo-id', @@ -37,7 +38,7 @@ describe('provenance functions', () => { ...originalEnv, ACTIONS_ID_TOKEN_REQUEST_URL: `${issuer}${tokenPath}?`, ACTIONS_ID_TOKEN_REQUEST_TOKEN: 'token', - GITHUB_SERVER_URL: 'https://github.com', + GITHUB_SERVER_URL: 'https://foo.ghe.com', GITHUB_REPOSITORY: claims.repository } @@ -67,7 +68,7 @@ describe('provenance functions', () => { describe('buildSLSAProvenancePredicate', () => { it('returns a provenance hydrated from an OIDC token', async () => { - const predicate = await buildSLSAProvenancePredicate(issuer) + const predicate = await buildSLSAProvenancePredicate() expect(predicate).toMatchSnapshot() }) }) @@ -95,9 +96,9 @@ describe('provenance functions', () => { }) describe('when using the github Sigstore instance', () => { - const {fulcioURL, tsaServerURL} = signingEndpoints('github') - beforeEach(async () => { + const {fulcioURL, tsaServerURL} = signingEndpoints('github') + // Mock Sigstore await mockFulcio({baseURL: fulcioURL, strict: false}) await mockTSA({baseURL: tsaServerURL}) @@ -117,8 +118,7 @@ describe('provenance functions', () => { subjectName, subjectDigest, token: 'token', - sigstore: 'github', - issuer + sigstore: 'github' }) expect(attestation).toBeDefined() @@ -145,8 +145,7 @@ describe('provenance functions', () => { const attestation = await attestProvenance({ subjectName, subjectDigest, - token: 'token', - issuer + token: 'token' }) expect(attestation).toBeDefined() @@ -182,8 +181,7 @@ describe('provenance functions', () => { subjectName, subjectDigest, token: 'token', - sigstore: 'public-good', - issuer + sigstore: 'public-good' }) expect(attestation).toBeDefined() @@ -210,8 +208,7 @@ describe('provenance functions', () => { const attestation = await attestProvenance({ subjectName, subjectDigest, - token: 'token', - issuer + token: 'token' }) expect(attestation).toBeDefined() @@ -237,8 +234,7 @@ describe('provenance functions', () => { subjectDigest, token: 'token', sigstore: 'public-good', - skipWrite: true, - issuer + skipWrite: true }) expect(attestation).toBeDefined() diff --git a/packages/attest/__tests__/store.test.ts b/packages/attest/__tests__/store.test.ts index 205e0427..5dd31c2f 100644 --- a/packages/attest/__tests__/store.test.ts +++ b/packages/attest/__tests__/store.test.ts @@ -5,6 +5,7 @@ describe('writeAttestation', () => { const originalEnv = process.env const attestation = {foo: 'bar '} const token = 'token' + const headers = {'X-GitHub-Foo': 'true'} const mockAgent = new MockAgent() setGlobalDispatcher(mockAgent) @@ -27,14 +28,16 @@ describe('writeAttestation', () => { .intercept({ path: '/repos/foo/bar/attestations', method: 'POST', - headers: {authorization: `token ${token}`}, + headers: {authorization: `token ${token}`, ...headers}, body: JSON.stringify({bundle: attestation}) }) .reply(201, {id: '123'}) }) it('persists the attestation', async () => { - await expect(writeAttestation(attestation, token)).resolves.toEqual('123') + await expect( + writeAttestation(attestation, token, {headers}) + ).resolves.toEqual('123') }) }) diff --git a/packages/attest/package-lock.json b/packages/attest/package-lock.json index 5e9f7dad..f959c54f 100644 --- a/packages/attest/package-lock.json +++ b/packages/attest/package-lock.json @@ -1,28 +1,26 @@ { "name": "@actions/attest", - "version": "1.2.1", + "version": "1.4.2", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@actions/attest", - "version": "1.2.1", + "version": "1.4.2", "license": "MIT", "dependencies": { "@actions/core": "^1.10.1", "@actions/github": "^6.0.0", - "@actions/http-client": "^2.2.1", + "@actions/http-client": "^2.2.3", "@octokit/plugin-retry": "^6.0.1", - "@sigstore/bundle": "^2.3.0", - "@sigstore/sign": "^2.3.0", - "jsonwebtoken": "^9.0.2", - "jwks-rsa": "^3.1.0" + "@sigstore/bundle": "^2.3.2", + "@sigstore/sign": "^2.3.2", + "jose": "^5.2.3" }, "devDependencies": { - "@sigstore/mock": "^0.6.5", + "@sigstore/mock": "^0.7.4", "@sigstore/rekor-types": "^2.0.0", "@types/jsonwebtoken": "^9.0.6", - "jose": "^5.2.3", "nock": "^13.5.1", "undici": "^5.28.4" } @@ -48,9 +46,9 @@ } }, "node_modules/@actions/http-client": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.1.tgz", - "integrity": "sha512-KhC/cZsq7f8I4LfZSJKgCvEwfkE8o1538VoBeoGzokVLLnbFDEAdFD3UhoMklxo2un9NJVBdANOresx7vTHlHw==", + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz", + "integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==", "dependencies": { "tunnel": "^0.0.6", "undici": "^5.25.4" @@ -81,24 +79,24 @@ } }, "node_modules/@npmcli/agent": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/@npmcli/agent/-/agent-2.2.1.tgz", - "integrity": "sha512-H4FrOVtNyWC8MUwL3UfjOsAihHvT1Pe8POj3JvjXhSTJipsZMtgUALCT4mGyYZNxymkUfOw3PUj6dE4QPp6osQ==", + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/@npmcli/agent/-/agent-2.2.2.tgz", + "integrity": "sha512-OrcNPXdpSl9UX7qPVRWbmWMCSXrcDa2M9DvrbOTj7ao1S4PlqVFYv9/yLKMkrJKZ/V5A/kDBC690or307i26Og==", "dependencies": { "agent-base": "^7.1.0", "http-proxy-agent": "^7.0.0", "https-proxy-agent": "^7.0.1", "lru-cache": "^10.0.1", - "socks-proxy-agent": "^8.0.1" + "socks-proxy-agent": "^8.0.3" }, "engines": { "node": "^16.14.0 || >=18.0.0" } }, "node_modules/@npmcli/fs": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-3.1.0.tgz", - "integrity": "sha512-7kZUAaLscfgbwBQRbvdMYaZOWyMEcPTH/tJjnyAWJ/dvvs9Ef+CERx/qJb9GExJpl1qipaDGn7KqHnFGGixd0w==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-3.1.1.tgz", + "integrity": "sha512-q9CRWjpHCMIh5sVyefoD1cA7PkvILqCZsnSOEUUivORLjxCO/Irmue2DprETiNgEqktDBZaM1Bi+jrarx1XdCg==", "dependencies": { "semver": "^7.3.5" }, @@ -445,16 +443,16 @@ } }, "node_modules/@peculiar/webcrypto": { - "version": "1.4.5", - "resolved": "https://registry.npmjs.org/@peculiar/webcrypto/-/webcrypto-1.4.5.tgz", - "integrity": "sha512-oDk93QCDGdxFRM8382Zdminzs44dg3M2+E5Np+JWkpqLDyJC9DviMh8F8mEJkYuUcUOGA5jHO5AJJ10MFWdbZw==", + "version": "1.4.6", + "resolved": "https://registry.npmjs.org/@peculiar/webcrypto/-/webcrypto-1.4.6.tgz", + "integrity": "sha512-YBcMfqNSwn3SujUJvAaySy5tlYbYm6tVt9SKoXu8BaTdKGROiJDgPR3TXpZdAKUfklzm3lRapJEAltiMQtBgZg==", "dev": true, "dependencies": { "@peculiar/asn1-schema": "^2.3.8", "@peculiar/json-schema": "^1.1.12", "pvtsutils": "^1.3.5", "tslib": "^2.6.2", - "webcrypto-core": "^1.7.8" + "webcrypto-core": "^1.7.9" }, "engines": { "node": ">=10.12.0" @@ -489,11 +487,11 @@ } }, "node_modules/@sigstore/bundle": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-2.3.0.tgz", - "integrity": "sha512-MU3XYHkOvKEFnuUtcAtVh0s4RTemRyi1NN87+v9fAL0qR9JZuK/nF27YJ79wjPvvi1W9sz3qc7cTgshH5tji6Q==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-2.3.2.tgz", + "integrity": "sha512-wueKWDk70QixNLB363yHc2D2ItTgYiMTdPwK8D9dKQMR3ZQ0c35IxP5xnwQ8cNLoCgCRcHf14kE+CLIvNX1zmA==", "dependencies": { - "@sigstore/protobuf-specs": "^0.3.1" + "@sigstore/protobuf-specs": "^0.3.2" }, "engines": { "node": "^16.14.0 || >=18.0.0" @@ -508,20 +506,20 @@ } }, "node_modules/@sigstore/mock": { - "version": "0.6.5", - "resolved": "https://registry.npmjs.org/@sigstore/mock/-/mock-0.6.5.tgz", - "integrity": "sha512-mMWj6SNmM+yGVZ9Qk2sDsVPZuwoPaLGzMFpVGdNeSYNC4HtzdrCihKYxJ+VSo0tdh+X6HwOUKaVtkRsjpY1ZbQ==", + "version": "0.7.4", + "resolved": "https://registry.npmjs.org/@sigstore/mock/-/mock-0.7.4.tgz", + "integrity": "sha512-ij9X2Fij9fcH7upxf3KuAZ38ecGSMm+Asvbik5xiHTBUcwe1+bZ5eG6k5p1eHaNY+XJ581bC6O33871Bm5m5mQ==", "dev": true, "dependencies": { - "@peculiar/webcrypto": "^1.4.5", + "@peculiar/webcrypto": "^1.4.6", "@peculiar/x509": "^1.9.7", - "@sigstore/protobuf-specs": "^0.3.0", + "@sigstore/protobuf-specs": "^0.3.2", "asn1js": "^3.0.5", "bytestreamjs": "^2.0.1", "canonicalize": "^2.0.0", - "jose": "^5.2.2", - "nock": "^13.5.1", - "pkijs": "^3.0.15", + "jose": "^5.2.4", + "nock": "^13.5.4", + "pkijs": "^3.0.16", "pvutils": "^1.1.3" }, "engines": { @@ -529,9 +527,9 @@ } }, "node_modules/@sigstore/protobuf-specs": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.3.1.tgz", - "integrity": "sha512-aIL8Z9NsMr3C64jyQzE0XlkEyBLpgEJJFDHLVVStkFV5Q3Il/r/YtY6NJWKQ4cy4AE7spP1IX5Jq7VCAxHHMfQ==", + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.3.2.tgz", + "integrity": "sha512-c6B0ehIWxMI8wiS/bj6rHMPqeFvngFV7cDU/MY+B16P9Z3Mp9k8L93eYZ7BYzSickzuqAQqAq0V956b3Ju6mLw==", "engines": { "node": "^16.14.0 || >=18.0.0" } @@ -546,117 +544,43 @@ } }, "node_modules/@sigstore/sign": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@sigstore/sign/-/sign-2.3.0.tgz", - "integrity": "sha512-tsAyV6FC3R3pHmKS880IXcDJuiFJiKITO1jxR1qbplcsBkZLBmjrEw5GbC7ikD6f5RU1hr7WnmxB/2kKc1qUWQ==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/@sigstore/sign/-/sign-2.3.2.tgz", + "integrity": "sha512-5Vz5dPVuunIIvC5vBb0APwo7qKA4G9yM48kPWJT+OEERs40md5GoUR1yedwpekWZ4m0Hhw44m6zU+ObsON+iDA==", "dependencies": { - "@sigstore/bundle": "^2.3.0", + "@sigstore/bundle": "^2.3.2", "@sigstore/core": "^1.0.0", - "@sigstore/protobuf-specs": "^0.3.1", - "make-fetch-happen": "^13.0.0" + "@sigstore/protobuf-specs": "^0.3.2", + "make-fetch-happen": "^13.0.1", + "proc-log": "^4.2.0", + "promise-retry": "^2.0.1" }, "engines": { "node": "^16.14.0 || >=18.0.0" } }, - "node_modules/@types/body-parser": { - "version": "1.19.5", - "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", - "integrity": "sha512-fB3Zu92ucau0iQ0JMCFQE7b/dv8Ot07NI3KaZIkIUNXq82k4eBAqUaneXfleGY9JWskeS9y+u0nXMyspcuQrCg==", - "dependencies": { - "@types/connect": "*", - "@types/node": "*" - } - }, - "node_modules/@types/connect": { - "version": "3.4.38", - "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", - "integrity": "sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==", - "dependencies": { - "@types/node": "*" - } - }, - "node_modules/@types/express": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", - "integrity": "sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==", - "dependencies": { - "@types/body-parser": "*", - "@types/express-serve-static-core": "^4.17.33", - "@types/qs": "*", - "@types/serve-static": "*" - } - }, - "node_modules/@types/express-serve-static-core": { - "version": "4.17.43", - "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.43.tgz", - "integrity": "sha512-oaYtiBirUOPQGSWNGPWnzyAFJ0BP3cwvN4oWZQY+zUBwpVIGsKUkpBpSztp74drYcjavs7SKFZ4DX1V2QeN8rg==", - "dependencies": { - "@types/node": "*", - "@types/qs": "*", - "@types/range-parser": "*", - "@types/send": "*" - } - }, - "node_modules/@types/http-errors": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", - "integrity": "sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA==" - }, "node_modules/@types/jsonwebtoken": { "version": "9.0.6", "resolved": "https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.6.tgz", "integrity": "sha512-/5hndP5dCjloafCXns6SZyESp3Ldq7YjH3zwzwczYnjxIT0Fqzk5ROSYVGfFyczIue7IUEj8hkvLbPoLQ18vQw==", + "dev": true, "dependencies": { "@types/node": "*" } }, - "node_modules/@types/mime": { - "version": "1.3.5", - "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", - "integrity": "sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==" - }, "node_modules/@types/node": { "version": "20.11.19", "resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.19.tgz", "integrity": "sha512-7xMnVEcZFu0DikYjWOlRq7NTPETrm7teqUT2WkQjrTIkEgUyyGdWsj/Zg8bEJt5TNklzbPD1X3fqfsHw3SpapQ==", + "dev": true, "dependencies": { "undici-types": "~5.26.4" } }, - "node_modules/@types/qs": { - "version": "6.9.14", - "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.14.tgz", - "integrity": "sha512-5khscbd3SwWMhFqylJBLQ0zIu7c1K6Vz0uBIt915BI3zV0q1nfjRQD3RqSBcPaO6PHEF4ov/t9y89fSiyThlPA==" - }, - "node_modules/@types/range-parser": { - "version": "1.2.7", - "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", - "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==" - }, - "node_modules/@types/send": { - "version": "0.17.4", - "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", - "integrity": "sha512-x2EM6TJOybec7c52BX0ZspPodMsQUd5L6PRwOunVyVUhXiBSKf3AezDL8Dgvgt5o0UfKNfuA0eMLr2wLT4AiBA==", - "dependencies": { - "@types/mime": "^1", - "@types/node": "*" - } - }, - "node_modules/@types/serve-static": { - "version": "1.15.5", - "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.5.tgz", - "integrity": "sha512-PDRk21MnK70hja/YF8AHfC7yIsiQHn1rcXx7ijCFBX/k+XQJhQT/gw3xekXKJvx+5SXaMMS8oqQy09Mzvz2TuQ==", - "dependencies": { - "@types/http-errors": "*", - "@types/mime": "*", - "@types/node": "*" - } - }, "node_modules/agent-base": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.0.tgz", - "integrity": "sha512-o/zjMZRhJxny7OyEF+Op8X+efiELC7k7yOjMzgfzVqOzXqkBkWI79YoTdOtsuWd5BWhAGAuOY/Xa6xpiaWXiNg==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz", + "integrity": "sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==", "dependencies": { "debug": "^4.3.4" }, @@ -735,11 +659,6 @@ "balanced-match": "^1.0.0" } }, - "node_modules/buffer-equal-constant-time": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", - "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==" - }, "node_modules/bytestreamjs": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/bytestreamjs/-/bytestreamjs-2.0.1.tgz", @@ -750,9 +669,9 @@ } }, "node_modules/cacache": { - "version": "18.0.2", - "resolved": "https://registry.npmjs.org/cacache/-/cacache-18.0.2.tgz", - "integrity": "sha512-r3NU8h/P+4lVUHfeRw1dtgQYar3DZMm4/cm2bZgOvrFC/su7budSOeqh52VJIC4U4iG1WWwV6vRW0znqBvxNuw==", + "version": "18.0.3", + "resolved": "https://registry.npmjs.org/cacache/-/cacache-18.0.3.tgz", + "integrity": "sha512-qXCd4rh6I07cnDqh8V48/94Tc/WSfj+o3Gn6NZ0aZovS255bUx8O13uKxRFd2eWG0xgsco7+YItQNPaa5E85hg==", "dependencies": { "@npmcli/fs": "^3.1.0", "fs-minipass": "^3.0.0", @@ -848,14 +767,6 @@ "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==" }, - "node_modules/ecdsa-sig-formatter": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", - "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", - "dependencies": { - "safe-buffer": "^5.0.1" - } - }, "node_modules/emoji-regex": { "version": "9.2.2", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", @@ -902,21 +813,21 @@ } }, "node_modules/glob": { - "version": "10.3.10", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.10.tgz", - "integrity": "sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g==", + "version": "10.3.16", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.16.tgz", + "integrity": "sha512-JDKXl1DiuuHJ6fVS2FXjownaavciiHNUU4mOvV/B793RLh05vZL1rcPnCSaOgv1hDT6RDlY7AB7ZUvFYAtPgAw==", "dependencies": { "foreground-child": "^3.1.0", - "jackspeak": "^2.3.5", + "jackspeak": "^3.1.2", "minimatch": "^9.0.1", - "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0", - "path-scurry": "^1.10.1" + "minipass": "^7.0.4", + "path-scurry": "^1.11.0" }, "bin": { "glob": "dist/esm/bin.mjs" }, "engines": { - "node": ">=16 || 14 >=14.17" + "node": ">=16 || 14 >=14.18" }, "funding": { "url": "https://github.com/sponsors/isaacs" @@ -1019,9 +930,9 @@ "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==" }, "node_modules/jackspeak": { - "version": "2.3.6", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", - "integrity": "sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.1.2.tgz", + "integrity": "sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==", "dependencies": { "@isaacs/cliui": "^8.0.2" }, @@ -1036,10 +947,9 @@ } }, "node_modules/jose": { - "version": "5.2.3", - "resolved": "https://registry.npmjs.org/jose/-/jose-5.2.3.tgz", - "integrity": "sha512-KUXdbctm1uHVL8BYhnyHkgp3zDX5KW8ZhAKVFEfUbU2P8Alpzjb+48hHvjOdQIyPshoblhzsuqOwEEAbtHVirA==", - "dev": true, + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/jose/-/jose-5.3.0.tgz", + "integrity": "sha512-IChe9AtAE79ru084ow8jzkN2lNrG3Ntfiv65Cvj9uOCE2m5LNsdHG+9EbxWxAoWRF9TgDOqLN5jm08++owDVRg==", "funding": { "url": "https://github.com/sponsors/panva" } @@ -1055,150 +965,18 @@ "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==", "dev": true }, - "node_modules/jsonwebtoken": { - "version": "9.0.2", - "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", - "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", - "dependencies": { - "jws": "^3.2.2", - "lodash.includes": "^4.3.0", - "lodash.isboolean": "^3.0.3", - "lodash.isinteger": "^4.0.4", - "lodash.isnumber": "^3.0.3", - "lodash.isplainobject": "^4.0.6", - "lodash.isstring": "^4.0.1", - "lodash.once": "^4.0.0", - "ms": "^2.1.1", - "semver": "^7.5.4" - }, - "engines": { - "node": ">=12", - "npm": ">=6" - } - }, - "node_modules/jwa": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", - "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", - "dependencies": { - "buffer-equal-constant-time": "1.0.1", - "ecdsa-sig-formatter": "1.0.11", - "safe-buffer": "^5.0.1" - } - }, - "node_modules/jwks-rsa": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/jwks-rsa/-/jwks-rsa-3.1.0.tgz", - "integrity": "sha512-v7nqlfezb9YfHHzYII3ef2a2j1XnGeSE/bK3WfumaYCqONAIstJbrEGapz4kadScZzEt7zYCN7bucj8C0Mv/Rg==", - "dependencies": { - "@types/express": "^4.17.17", - "@types/jsonwebtoken": "^9.0.2", - "debug": "^4.3.4", - "jose": "^4.14.6", - "limiter": "^1.1.5", - "lru-memoizer": "^2.2.0" - }, - "engines": { - "node": ">=14" - } - }, - "node_modules/jwks-rsa/node_modules/jose": { - "version": "4.15.5", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.5.tgz", - "integrity": "sha512-jc7BFxgKPKi94uOvEmzlSWFFe2+vASyXaKUpdQKatWAESU2MWjDfFf0fdfc83CDKcA5QecabZeNLyfhe3yKNkg==", - "funding": { - "url": "https://github.com/sponsors/panva" - } - }, - "node_modules/jws": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", - "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", - "dependencies": { - "jwa": "^1.4.1", - "safe-buffer": "^5.0.1" - } - }, - "node_modules/limiter": { - "version": "1.1.5", - "resolved": "https://registry.npmjs.org/limiter/-/limiter-1.1.5.tgz", - "integrity": "sha512-FWWMIEOxz3GwUI4Ts/IvgVy6LPvoMPgjMdQ185nN6psJyBJ4yOpzqm695/h5umdLJg2vW3GR5iG11MAkR2AzJA==" - }, - "node_modules/lodash.clonedeep": { - "version": "4.5.0", - "resolved": "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz", - "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==" - }, - "node_modules/lodash.includes": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", - "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==" - }, - "node_modules/lodash.isboolean": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", - "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==" - }, - "node_modules/lodash.isinteger": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", - "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==" - }, - "node_modules/lodash.isnumber": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", - "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==" - }, - "node_modules/lodash.isplainobject": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", - "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==" - }, - "node_modules/lodash.isstring": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", - "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==" - }, - "node_modules/lodash.once": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", - "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==" - }, "node_modules/lru-cache": { - "version": "10.2.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", - "integrity": "sha512-2bIM8x+VAf6JT4bKAljS1qUWgMsqZRPGJS6FSahIMPVvctcNhyVp7AJu7quxOW9jwkryBReKZY5tY5JYv2n/7Q==", + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==", "engines": { "node": "14 || >=16.14" } }, - "node_modules/lru-memoizer": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/lru-memoizer/-/lru-memoizer-2.2.0.tgz", - "integrity": "sha512-QfOZ6jNkxCcM/BkIPnFsqDhtrazLRsghi9mBwFAzol5GCvj4EkFT899Za3+QwikCg5sRX8JstioBDwOxEyzaNw==", - "dependencies": { - "lodash.clonedeep": "^4.5.0", - "lru-cache": "~4.0.0" - } - }, - "node_modules/lru-memoizer/node_modules/lru-cache": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.0.2.tgz", - "integrity": "sha512-uQw9OqphAGiZhkuPlpFGmdTU2tEuhxTourM/19qGJrxBPHAr/f8BT1a0i/lOclESnGatdJG/UCkP9kZB/Lh1iw==", - "dependencies": { - "pseudomap": "^1.0.1", - "yallist": "^2.0.0" - } - }, - "node_modules/lru-memoizer/node_modules/yallist": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", - "integrity": "sha512-ncTzHV7NvsQZkYe1DW7cbDLm0YpzHmZF5r/iyP3ZnQtMiJ+pjzisCiMNI+Sj+xQF5pXhSHxSB3uDbsBTzY/c2A==" - }, "node_modules/make-fetch-happen": { - "version": "13.0.0", - "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-13.0.0.tgz", - "integrity": "sha512-7ThobcL8brtGo9CavByQrQi+23aIfgYU++wg4B87AIS8Rb2ZBt/MEaDqzA00Xwv/jUjAjYkLHjVolYuTLKda2A==", + "version": "13.0.1", + "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-13.0.1.tgz", + "integrity": "sha512-cKTUFc/rbKUd/9meOvgrpJ2WrNzymt6jfRDdwg5UCnVzv9dTpEj9JS5m3wtziXVCjluIXyL8pcaukYqezIzZQA==", "dependencies": { "@npmcli/agent": "^2.0.0", "cacache": "^18.0.0", @@ -1209,6 +987,7 @@ "minipass-flush": "^1.0.5", "minipass-pipeline": "^1.2.4", "negotiator": "^0.6.3", + "proc-log": "^4.2.0", "promise-retry": "^2.0.1", "ssri": "^10.0.0" }, @@ -1217,9 +996,9 @@ } }, "node_modules/minimatch": { - "version": "9.0.3", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz", - "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==", + "version": "9.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==", "dependencies": { "brace-expansion": "^2.0.1" }, @@ -1231,9 +1010,9 @@ } }, "node_modules/minipass": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", - "integrity": "sha512-jYofLM5Dam9279rdkWzqHozUo4ybjdZmCsDHePy5V/PbBcVMiSZR97gmAy45aqi8CK1lG2ECd356FU86avfwUQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.1.tgz", + "integrity": "sha512-UZ7eQ+h8ywIRAW1hIEl2AqdwzJucU/Kp59+8kkZeSvafXhZjul247BvIJjEVFVeON6d7lM46XX1HXCduKAS8VA==", "engines": { "node": ">=16 || 14 >=14.17" } @@ -1250,9 +1029,9 @@ } }, "node_modules/minipass-fetch": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/minipass-fetch/-/minipass-fetch-3.0.4.tgz", - "integrity": "sha512-jHAqnA728uUpIaFm7NWsCnqKT6UqZz7GcI/bDpPATuwYyKwJwW0remxSCxUlKiEty+eopHGa3oc8WxgQ1FFJqg==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/minipass-fetch/-/minipass-fetch-3.0.5.tgz", + "integrity": "sha512-2N8elDQAtSnFV0Dk7gt15KHsS0Fyz6CbYZ360h0WTYV1Ty46li3rAXVOQj1THMNLdmrD9Vt5pBPtWtVkpwGBqg==", "dependencies": { "minipass": "^7.0.3", "minipass-sized": "^1.0.3", @@ -1379,9 +1158,9 @@ } }, "node_modules/nock": { - "version": "13.5.1", - "resolved": "https://registry.npmjs.org/nock/-/nock-13.5.1.tgz", - "integrity": "sha512-+s7b73fzj5KnxbKH4Oaqz07tQ8degcMilU4rrmnKvI//b0JMBU4wEXFQ8zqr+3+L4eWSfU3H/UoIVGUV0tue1Q==", + "version": "13.5.4", + "resolved": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "integrity": "sha512-yAyTfdeNJGGBFxWdzSKCBYxs5FxLbCg5X5Q4ets974hcQzG1+qCxvIyOo4j2Ry6MUlhWVMX4OoYDefAIIwupjw==", "dev": true, "dependencies": { "debug": "^4.1.0", @@ -1423,24 +1202,24 @@ } }, "node_modules/path-scurry": { - "version": "1.10.1", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.1.tgz", - "integrity": "sha512-MkhCqzzBEpPvxxQ71Md0b1Kk51W01lrYvlMzSUaIzNsODdd7mqhiimSZlr+VegAz5Z6Vzt9Xg2ttE//XBhH3EQ==", + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", + "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", "dependencies": { - "lru-cache": "^9.1.1 || ^10.0.0", + "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" }, "engines": { - "node": ">=16 || 14 >=14.17" + "node": ">=16 || 14 >=14.18" }, "funding": { "url": "https://github.com/sponsors/isaacs" } }, "node_modules/pkijs": { - "version": "3.0.15", - "resolved": "https://registry.npmjs.org/pkijs/-/pkijs-3.0.15.tgz", - "integrity": "sha512-n7nAl9JpqdeQsjy+rPmswkmZ3oO/Fu5uN9me45PPQVdWjd0X7HKfL8+HYwfxihqoDSSPUIajkOcqFxEUxMqhwQ==", + "version": "3.0.16", + "resolved": "https://registry.npmjs.org/pkijs/-/pkijs-3.0.16.tgz", + "integrity": "sha512-iDUm90wfgtfd1PDV1oEnQj/4jBIU9hCSJeV0kQKThwDpbseFxC4TdpoMYlwE9maol5u0wMGZX9cNG2h1/0Lhww==", "dev": true, "dependencies": { "asn1js": "^3.0.5", @@ -1453,6 +1232,14 @@ "node": ">=12.0.0" } }, + "node_modules/proc-log": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", + "integrity": "sha512-g8+OnU/L2v+wyiVK+D5fA34J7EH8jZ8DDlvwhRCMxmMj7UCBvxiO1mGeN+36JXIKF4zevU4kRBd8lVgG9vLelA==", + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, "node_modules/promise-retry": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/promise-retry/-/promise-retry-2.0.1.tgz", @@ -1474,11 +1261,6 @@ "node": ">= 8" } }, - "node_modules/pseudomap": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz", - "integrity": "sha512-b/YwNhb8lk1Zz2+bXXpS/LK9OisiZZ1SNsSLxN1x2OXVEhW2Ckr/7mWE5vrC1ZTiJlD9g19jWszTmJsB+oEpFQ==" - }, "node_modules/pvtsutils": { "version": "1.3.5", "resolved": "https://registry.npmjs.org/pvtsutils/-/pvtsutils-1.3.5.tgz", @@ -1511,25 +1293,6 @@ "node": ">= 4" } }, - "node_modules/safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ] - }, "node_modules/safer-buffer": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", @@ -1601,9 +1364,9 @@ } }, "node_modules/socks": { - "version": "2.7.3", - "resolved": "https://registry.npmjs.org/socks/-/socks-2.7.3.tgz", - "integrity": "sha512-vfuYK48HXCTFD03G/1/zkIls3Ebr2YNa4qU9gHDZdblHLiqhJrJGkY3+0Nx0JpN9qBhJbVObc1CNciT1bIZJxw==", + "version": "2.8.3", + "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.3.tgz", + "integrity": "sha512-l5x7VUUWbjVFbafGLxPWkYsHIhEvmF85tbIeFZWc8ZPtoMyybuEhL7Jye/ooC4/d48FgOjSJXgsF/AJPYCW8Zw==", "dependencies": { "ip-address": "^9.0.5", "smart-buffer": "^4.2.0" @@ -1614,11 +1377,11 @@ } }, "node_modules/socks-proxy-agent": { - "version": "8.0.2", - "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.2.tgz", - "integrity": "sha512-8zuqoLv1aP/66PHF5TqwJ7Czm3Yv32urJQHrVyhD7mmA6d61Zv8cIXQYPTWwmg6qlupnPvs/QKDmfa4P/qct2g==", + "version": "8.0.3", + "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.3.tgz", + "integrity": "sha512-VNegTZKhuGq5vSD6XNKlbqWhyt/40CgoEw8XxD6dhnm8Jq9IEa3nIa4HwnM8XOqU0CdB0BwWVXusqiFXfHB3+A==", "dependencies": { - "agent-base": "^7.0.2", + "agent-base": "^7.1.1", "debug": "^4.3.4", "socks": "^2.7.1" }, @@ -1632,9 +1395,9 @@ "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==" }, "node_modules/ssri": { - "version": "10.0.5", - "resolved": "https://registry.npmjs.org/ssri/-/ssri-10.0.5.tgz", - "integrity": "sha512-bSf16tAFkGeRlUNDjXu8FzaMQt6g2HZJrun7mtMbIPOddxt3GLMSz5VWUWcqTJUPfLEaDIepGxv+bYQW49596A==", + "version": "10.0.6", + "resolved": "https://registry.npmjs.org/ssri/-/ssri-10.0.6.tgz", + "integrity": "sha512-MGrFH9Z4NP9Iyhqn16sDtBpRRNJ0Y2hNa6D65h736fVSaPCHr4DM4sWUNvVaSuC+0OBGhwsrydQwmgfg5LncqQ==", "dependencies": { "minipass": "^7.0.3" }, @@ -1822,7 +1585,8 @@ "node_modules/undici-types": { "version": "5.26.5", "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", - "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==" + "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==", + "dev": true }, "node_modules/unique-filename": { "version": "3.0.0", @@ -1860,9 +1624,9 @@ } }, "node_modules/webcrypto-core": { - "version": "1.7.8", - "resolved": "https://registry.npmjs.org/webcrypto-core/-/webcrypto-core-1.7.8.tgz", - "integrity": "sha512-eBR98r9nQXTqXt/yDRtInszPMjTaSAMJAFDg2AHsgrnczawT1asx9YNBX6k5p+MekbPF4+s/UJJrr88zsTqkSg==", + "version": "1.7.9", + "resolved": "https://registry.npmjs.org/webcrypto-core/-/webcrypto-core-1.7.9.tgz", + "integrity": "sha512-FE+a4PPkOmBbgNDIyRmcHhgXn+2ClRl3JzJdDu/P4+B8y81LqKe6RAsI9b3lAOHe1T1BMkSjsRHTYRikImZnVA==", "dev": true, "dependencies": { "@peculiar/asn1-schema": "^2.3.8", @@ -2003,9 +1767,9 @@ } }, "@actions/http-client": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.1.tgz", - "integrity": "sha512-KhC/cZsq7f8I4LfZSJKgCvEwfkE8o1538VoBeoGzokVLLnbFDEAdFD3UhoMklxo2un9NJVBdANOresx7vTHlHw==", + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz", + "integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==", "requires": { "tunnel": "^0.0.6", "undici": "^5.25.4" @@ -2030,21 +1794,21 @@ } }, "@npmcli/agent": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/@npmcli/agent/-/agent-2.2.1.tgz", - "integrity": "sha512-H4FrOVtNyWC8MUwL3UfjOsAihHvT1Pe8POj3JvjXhSTJipsZMtgUALCT4mGyYZNxymkUfOw3PUj6dE4QPp6osQ==", + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/@npmcli/agent/-/agent-2.2.2.tgz", + "integrity": "sha512-OrcNPXdpSl9UX7qPVRWbmWMCSXrcDa2M9DvrbOTj7ao1S4PlqVFYv9/yLKMkrJKZ/V5A/kDBC690or307i26Og==", "requires": { "agent-base": "^7.1.0", "http-proxy-agent": "^7.0.0", "https-proxy-agent": "^7.0.1", "lru-cache": "^10.0.1", - "socks-proxy-agent": "^8.0.1" + "socks-proxy-agent": "^8.0.3" } }, "@npmcli/fs": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-3.1.0.tgz", - "integrity": "sha512-7kZUAaLscfgbwBQRbvdMYaZOWyMEcPTH/tJjnyAWJ/dvvs9Ef+CERx/qJb9GExJpl1qipaDGn7KqHnFGGixd0w==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-3.1.1.tgz", + "integrity": "sha512-q9CRWjpHCMIh5sVyefoD1cA7PkvILqCZsnSOEUUivORLjxCO/Irmue2DprETiNgEqktDBZaM1Bi+jrarx1XdCg==", "requires": { "semver": "^7.3.5" } @@ -2359,16 +2123,16 @@ } }, "@peculiar/webcrypto": { - "version": "1.4.5", - "resolved": "https://registry.npmjs.org/@peculiar/webcrypto/-/webcrypto-1.4.5.tgz", - "integrity": "sha512-oDk93QCDGdxFRM8382Zdminzs44dg3M2+E5Np+JWkpqLDyJC9DviMh8F8mEJkYuUcUOGA5jHO5AJJ10MFWdbZw==", + "version": "1.4.6", + "resolved": "https://registry.npmjs.org/@peculiar/webcrypto/-/webcrypto-1.4.6.tgz", + "integrity": "sha512-YBcMfqNSwn3SujUJvAaySy5tlYbYm6tVt9SKoXu8BaTdKGROiJDgPR3TXpZdAKUfklzm3lRapJEAltiMQtBgZg==", "dev": true, "requires": { "@peculiar/asn1-schema": "^2.3.8", "@peculiar/json-schema": "^1.1.12", "pvtsutils": "^1.3.5", "tslib": "^2.6.2", - "webcrypto-core": "^1.7.8" + "webcrypto-core": "^1.7.9" } }, "@peculiar/x509": { @@ -2397,11 +2161,11 @@ "optional": true }, "@sigstore/bundle": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-2.3.0.tgz", - "integrity": "sha512-MU3XYHkOvKEFnuUtcAtVh0s4RTemRyi1NN87+v9fAL0qR9JZuK/nF27YJ79wjPvvi1W9sz3qc7cTgshH5tji6Q==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-2.3.2.tgz", + "integrity": "sha512-wueKWDk70QixNLB363yHc2D2ItTgYiMTdPwK8D9dKQMR3ZQ0c35IxP5xnwQ8cNLoCgCRcHf14kE+CLIvNX1zmA==", "requires": { - "@sigstore/protobuf-specs": "^0.3.1" + "@sigstore/protobuf-specs": "^0.3.2" } }, "@sigstore/core": { @@ -2410,27 +2174,27 @@ "integrity": "sha512-dW2qjbWLRKGu6MIDUTBuJwXCnR8zivcSpf5inUzk7y84zqy/dji0/uahppoIgMoKeR+6pUZucrwHfkQQtiG9Rw==" }, "@sigstore/mock": { - "version": "0.6.5", - "resolved": "https://registry.npmjs.org/@sigstore/mock/-/mock-0.6.5.tgz", - "integrity": "sha512-mMWj6SNmM+yGVZ9Qk2sDsVPZuwoPaLGzMFpVGdNeSYNC4HtzdrCihKYxJ+VSo0tdh+X6HwOUKaVtkRsjpY1ZbQ==", + "version": "0.7.4", + "resolved": "https://registry.npmjs.org/@sigstore/mock/-/mock-0.7.4.tgz", + "integrity": "sha512-ij9X2Fij9fcH7upxf3KuAZ38ecGSMm+Asvbik5xiHTBUcwe1+bZ5eG6k5p1eHaNY+XJ581bC6O33871Bm5m5mQ==", "dev": true, "requires": { - "@peculiar/webcrypto": "^1.4.5", + "@peculiar/webcrypto": "^1.4.6", "@peculiar/x509": "^1.9.7", - "@sigstore/protobuf-specs": "^0.3.0", + "@sigstore/protobuf-specs": "^0.3.2", "asn1js": "^3.0.5", "bytestreamjs": "^2.0.1", "canonicalize": "^2.0.0", - "jose": "^5.2.2", - "nock": "^13.5.1", - "pkijs": "^3.0.15", + "jose": "^5.2.4", + "nock": "^13.5.4", + "pkijs": "^3.0.16", "pvutils": "^1.1.3" } }, "@sigstore/protobuf-specs": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.3.1.tgz", - "integrity": "sha512-aIL8Z9NsMr3C64jyQzE0XlkEyBLpgEJJFDHLVVStkFV5Q3Il/r/YtY6NJWKQ4cy4AE7spP1IX5Jq7VCAxHHMfQ==" + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.3.2.tgz", + "integrity": "sha512-c6B0ehIWxMI8wiS/bj6rHMPqeFvngFV7cDU/MY+B16P9Z3Mp9k8L93eYZ7BYzSickzuqAQqAq0V956b3Ju6mLw==" }, "@sigstore/rekor-types": { "version": "2.0.0", @@ -2439,114 +2203,40 @@ "dev": true }, "@sigstore/sign": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@sigstore/sign/-/sign-2.3.0.tgz", - "integrity": "sha512-tsAyV6FC3R3pHmKS880IXcDJuiFJiKITO1jxR1qbplcsBkZLBmjrEw5GbC7ikD6f5RU1hr7WnmxB/2kKc1qUWQ==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/@sigstore/sign/-/sign-2.3.2.tgz", + "integrity": "sha512-5Vz5dPVuunIIvC5vBb0APwo7qKA4G9yM48kPWJT+OEERs40md5GoUR1yedwpekWZ4m0Hhw44m6zU+ObsON+iDA==", "requires": { - "@sigstore/bundle": "^2.3.0", + "@sigstore/bundle": "^2.3.2", "@sigstore/core": "^1.0.0", - "@sigstore/protobuf-specs": "^0.3.1", - "make-fetch-happen": "^13.0.0" + "@sigstore/protobuf-specs": "^0.3.2", + "make-fetch-happen": "^13.0.1", + "proc-log": "^4.2.0", + "promise-retry": "^2.0.1" } }, - "@types/body-parser": { - "version": "1.19.5", - "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", - "integrity": "sha512-fB3Zu92ucau0iQ0JMCFQE7b/dv8Ot07NI3KaZIkIUNXq82k4eBAqUaneXfleGY9JWskeS9y+u0nXMyspcuQrCg==", - "requires": { - "@types/connect": "*", - "@types/node": "*" - } - }, - "@types/connect": { - "version": "3.4.38", - "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", - "integrity": "sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==", - "requires": { - "@types/node": "*" - } - }, - "@types/express": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", - "integrity": "sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==", - "requires": { - "@types/body-parser": "*", - "@types/express-serve-static-core": "^4.17.33", - "@types/qs": "*", - "@types/serve-static": "*" - } - }, - "@types/express-serve-static-core": { - "version": "4.17.43", - "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.43.tgz", - "integrity": "sha512-oaYtiBirUOPQGSWNGPWnzyAFJ0BP3cwvN4oWZQY+zUBwpVIGsKUkpBpSztp74drYcjavs7SKFZ4DX1V2QeN8rg==", - "requires": { - "@types/node": "*", - "@types/qs": "*", - "@types/range-parser": "*", - "@types/send": "*" - } - }, - "@types/http-errors": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", - "integrity": "sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA==" - }, "@types/jsonwebtoken": { "version": "9.0.6", "resolved": "https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.6.tgz", "integrity": "sha512-/5hndP5dCjloafCXns6SZyESp3Ldq7YjH3zwzwczYnjxIT0Fqzk5ROSYVGfFyczIue7IUEj8hkvLbPoLQ18vQw==", + "dev": true, "requires": { "@types/node": "*" } }, - "@types/mime": { - "version": "1.3.5", - "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", - "integrity": "sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==" - }, "@types/node": { "version": "20.11.19", "resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.19.tgz", "integrity": "sha512-7xMnVEcZFu0DikYjWOlRq7NTPETrm7teqUT2WkQjrTIkEgUyyGdWsj/Zg8bEJt5TNklzbPD1X3fqfsHw3SpapQ==", + "dev": true, "requires": { "undici-types": "~5.26.4" } }, - "@types/qs": { - "version": "6.9.14", - "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.14.tgz", - "integrity": "sha512-5khscbd3SwWMhFqylJBLQ0zIu7c1K6Vz0uBIt915BI3zV0q1nfjRQD3RqSBcPaO6PHEF4ov/t9y89fSiyThlPA==" - }, - "@types/range-parser": { - "version": "1.2.7", - "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", - "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==" - }, - "@types/send": { - "version": "0.17.4", - "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", - "integrity": "sha512-x2EM6TJOybec7c52BX0ZspPodMsQUd5L6PRwOunVyVUhXiBSKf3AezDL8Dgvgt5o0UfKNfuA0eMLr2wLT4AiBA==", - "requires": { - "@types/mime": "^1", - "@types/node": "*" - } - }, - "@types/serve-static": { - "version": "1.15.5", - "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.5.tgz", - "integrity": "sha512-PDRk21MnK70hja/YF8AHfC7yIsiQHn1rcXx7ijCFBX/k+XQJhQT/gw3xekXKJvx+5SXaMMS8oqQy09Mzvz2TuQ==", - "requires": { - "@types/http-errors": "*", - "@types/mime": "*", - "@types/node": "*" - } - }, "agent-base": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.0.tgz", - "integrity": "sha512-o/zjMZRhJxny7OyEF+Op8X+efiELC7k7yOjMzgfzVqOzXqkBkWI79YoTdOtsuWd5BWhAGAuOY/Xa6xpiaWXiNg==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz", + "integrity": "sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==", "requires": { "debug": "^4.3.4" } @@ -2604,11 +2294,6 @@ "balanced-match": "^1.0.0" } }, - "buffer-equal-constant-time": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", - "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==" - }, "bytestreamjs": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/bytestreamjs/-/bytestreamjs-2.0.1.tgz", @@ -2616,9 +2301,9 @@ "dev": true }, "cacache": { - "version": "18.0.2", - "resolved": "https://registry.npmjs.org/cacache/-/cacache-18.0.2.tgz", - "integrity": "sha512-r3NU8h/P+4lVUHfeRw1dtgQYar3DZMm4/cm2bZgOvrFC/su7budSOeqh52VJIC4U4iG1WWwV6vRW0znqBvxNuw==", + "version": "18.0.3", + "resolved": "https://registry.npmjs.org/cacache/-/cacache-18.0.3.tgz", + "integrity": "sha512-qXCd4rh6I07cnDqh8V48/94Tc/WSfj+o3Gn6NZ0aZovS255bUx8O13uKxRFd2eWG0xgsco7+YItQNPaa5E85hg==", "requires": { "@npmcli/fs": "^3.1.0", "fs-minipass": "^3.0.0", @@ -2691,14 +2376,6 @@ "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==" }, - "ecdsa-sig-formatter": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", - "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", - "requires": { - "safe-buffer": "^5.0.1" - } - }, "emoji-regex": { "version": "9.2.2", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", @@ -2736,15 +2413,15 @@ } }, "glob": { - "version": "10.3.10", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.10.tgz", - "integrity": "sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g==", + "version": "10.3.16", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.16.tgz", + "integrity": "sha512-JDKXl1DiuuHJ6fVS2FXjownaavciiHNUU4mOvV/B793RLh05vZL1rcPnCSaOgv1hDT6RDlY7AB7ZUvFYAtPgAw==", "requires": { "foreground-child": "^3.1.0", - "jackspeak": "^2.3.5", + "jackspeak": "^3.1.2", "minimatch": "^9.0.1", - "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0", - "path-scurry": "^1.10.1" + "minipass": "^7.0.4", + "path-scurry": "^1.11.0" } }, "http-cache-semantics": { @@ -2820,19 +2497,18 @@ "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==" }, "jackspeak": { - "version": "2.3.6", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", - "integrity": "sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.1.2.tgz", + "integrity": "sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==", "requires": { "@isaacs/cliui": "^8.0.2", "@pkgjs/parseargs": "^0.11.0" } }, "jose": { - "version": "5.2.3", - "resolved": "https://registry.npmjs.org/jose/-/jose-5.2.3.tgz", - "integrity": "sha512-KUXdbctm1uHVL8BYhnyHkgp3zDX5KW8ZhAKVFEfUbU2P8Alpzjb+48hHvjOdQIyPshoblhzsuqOwEEAbtHVirA==", - "dev": true + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/jose/-/jose-5.3.0.tgz", + "integrity": "sha512-IChe9AtAE79ru084ow8jzkN2lNrG3Ntfiv65Cvj9uOCE2m5LNsdHG+9EbxWxAoWRF9TgDOqLN5jm08++owDVRg==" }, "jsbn": { "version": "1.1.0", @@ -2845,141 +2521,15 @@ "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==", "dev": true }, - "jsonwebtoken": { - "version": "9.0.2", - "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", - "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", - "requires": { - "jws": "^3.2.2", - "lodash.includes": "^4.3.0", - "lodash.isboolean": "^3.0.3", - "lodash.isinteger": "^4.0.4", - "lodash.isnumber": "^3.0.3", - "lodash.isplainobject": "^4.0.6", - "lodash.isstring": "^4.0.1", - "lodash.once": "^4.0.0", - "ms": "^2.1.1", - "semver": "^7.5.4" - } - }, - "jwa": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", - "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", - "requires": { - "buffer-equal-constant-time": "1.0.1", - "ecdsa-sig-formatter": "1.0.11", - "safe-buffer": "^5.0.1" - } - }, - "jwks-rsa": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/jwks-rsa/-/jwks-rsa-3.1.0.tgz", - "integrity": "sha512-v7nqlfezb9YfHHzYII3ef2a2j1XnGeSE/bK3WfumaYCqONAIstJbrEGapz4kadScZzEt7zYCN7bucj8C0Mv/Rg==", - "requires": { - "@types/express": "^4.17.17", - "@types/jsonwebtoken": "^9.0.2", - "debug": "^4.3.4", - "jose": "^4.14.6", - "limiter": "^1.1.5", - "lru-memoizer": "^2.2.0" - }, - "dependencies": { - "jose": { - "version": "4.15.5", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.5.tgz", - "integrity": "sha512-jc7BFxgKPKi94uOvEmzlSWFFe2+vASyXaKUpdQKatWAESU2MWjDfFf0fdfc83CDKcA5QecabZeNLyfhe3yKNkg==" - } - } - }, - "jws": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", - "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", - "requires": { - "jwa": "^1.4.1", - "safe-buffer": "^5.0.1" - } - }, - "limiter": { - "version": "1.1.5", - "resolved": "https://registry.npmjs.org/limiter/-/limiter-1.1.5.tgz", - "integrity": "sha512-FWWMIEOxz3GwUI4Ts/IvgVy6LPvoMPgjMdQ185nN6psJyBJ4yOpzqm695/h5umdLJg2vW3GR5iG11MAkR2AzJA==" - }, - "lodash.clonedeep": { - "version": "4.5.0", - "resolved": "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz", - "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==" - }, - "lodash.includes": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", - "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==" - }, - "lodash.isboolean": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", - "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==" - }, - "lodash.isinteger": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", - "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==" - }, - "lodash.isnumber": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", - "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==" - }, - "lodash.isplainobject": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", - "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==" - }, - "lodash.isstring": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", - "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==" - }, - "lodash.once": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", - "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==" - }, "lru-cache": { - "version": "10.2.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", - "integrity": "sha512-2bIM8x+VAf6JT4bKAljS1qUWgMsqZRPGJS6FSahIMPVvctcNhyVp7AJu7quxOW9jwkryBReKZY5tY5JYv2n/7Q==" - }, - "lru-memoizer": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/lru-memoizer/-/lru-memoizer-2.2.0.tgz", - "integrity": "sha512-QfOZ6jNkxCcM/BkIPnFsqDhtrazLRsghi9mBwFAzol5GCvj4EkFT899Za3+QwikCg5sRX8JstioBDwOxEyzaNw==", - "requires": { - "lodash.clonedeep": "^4.5.0", - "lru-cache": "~4.0.0" - }, - "dependencies": { - "lru-cache": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.0.2.tgz", - "integrity": "sha512-uQw9OqphAGiZhkuPlpFGmdTU2tEuhxTourM/19qGJrxBPHAr/f8BT1a0i/lOclESnGatdJG/UCkP9kZB/Lh1iw==", - "requires": { - "pseudomap": "^1.0.1", - "yallist": "^2.0.0" - } - }, - "yallist": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", - "integrity": "sha512-ncTzHV7NvsQZkYe1DW7cbDLm0YpzHmZF5r/iyP3ZnQtMiJ+pjzisCiMNI+Sj+xQF5pXhSHxSB3uDbsBTzY/c2A==" - } - } + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==" }, "make-fetch-happen": { - "version": "13.0.0", - "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-13.0.0.tgz", - "integrity": "sha512-7ThobcL8brtGo9CavByQrQi+23aIfgYU++wg4B87AIS8Rb2ZBt/MEaDqzA00Xwv/jUjAjYkLHjVolYuTLKda2A==", + "version": "13.0.1", + "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-13.0.1.tgz", + "integrity": "sha512-cKTUFc/rbKUd/9meOvgrpJ2WrNzymt6jfRDdwg5UCnVzv9dTpEj9JS5m3wtziXVCjluIXyL8pcaukYqezIzZQA==", "requires": { "@npmcli/agent": "^2.0.0", "cacache": "^18.0.0", @@ -2990,22 +2540,23 @@ "minipass-flush": "^1.0.5", "minipass-pipeline": "^1.2.4", "negotiator": "^0.6.3", + "proc-log": "^4.2.0", "promise-retry": "^2.0.1", "ssri": "^10.0.0" } }, "minimatch": { - "version": "9.0.3", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz", - "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==", + "version": "9.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==", "requires": { "brace-expansion": "^2.0.1" } }, "minipass": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", - "integrity": "sha512-jYofLM5Dam9279rdkWzqHozUo4ybjdZmCsDHePy5V/PbBcVMiSZR97gmAy45aqi8CK1lG2ECd356FU86avfwUQ==" + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.1.tgz", + "integrity": "sha512-UZ7eQ+h8ywIRAW1hIEl2AqdwzJucU/Kp59+8kkZeSvafXhZjul247BvIJjEVFVeON6d7lM46XX1HXCduKAS8VA==" }, "minipass-collect": { "version": "2.0.1", @@ -3016,9 +2567,9 @@ } }, "minipass-fetch": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/minipass-fetch/-/minipass-fetch-3.0.4.tgz", - "integrity": "sha512-jHAqnA728uUpIaFm7NWsCnqKT6UqZz7GcI/bDpPATuwYyKwJwW0remxSCxUlKiEty+eopHGa3oc8WxgQ1FFJqg==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/minipass-fetch/-/minipass-fetch-3.0.5.tgz", + "integrity": "sha512-2N8elDQAtSnFV0Dk7gt15KHsS0Fyz6CbYZ360h0WTYV1Ty46li3rAXVOQj1THMNLdmrD9Vt5pBPtWtVkpwGBqg==", "requires": { "encoding": "^0.1.13", "minipass": "^7.0.3", @@ -3115,9 +2666,9 @@ "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==" }, "nock": { - "version": "13.5.1", - "resolved": "https://registry.npmjs.org/nock/-/nock-13.5.1.tgz", - "integrity": "sha512-+s7b73fzj5KnxbKH4Oaqz07tQ8degcMilU4rrmnKvI//b0JMBU4wEXFQ8zqr+3+L4eWSfU3H/UoIVGUV0tue1Q==", + "version": "13.5.4", + "resolved": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "integrity": "sha512-yAyTfdeNJGGBFxWdzSKCBYxs5FxLbCg5X5Q4ets974hcQzG1+qCxvIyOo4j2Ry6MUlhWVMX4OoYDefAIIwupjw==", "dev": true, "requires": { "debug": "^4.1.0", @@ -3147,18 +2698,18 @@ "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==" }, "path-scurry": { - "version": "1.10.1", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.1.tgz", - "integrity": "sha512-MkhCqzzBEpPvxxQ71Md0b1Kk51W01lrYvlMzSUaIzNsODdd7mqhiimSZlr+VegAz5Z6Vzt9Xg2ttE//XBhH3EQ==", + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", + "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", "requires": { - "lru-cache": "^9.1.1 || ^10.0.0", + "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" } }, "pkijs": { - "version": "3.0.15", - "resolved": "https://registry.npmjs.org/pkijs/-/pkijs-3.0.15.tgz", - "integrity": "sha512-n7nAl9JpqdeQsjy+rPmswkmZ3oO/Fu5uN9me45PPQVdWjd0X7HKfL8+HYwfxihqoDSSPUIajkOcqFxEUxMqhwQ==", + "version": "3.0.16", + "resolved": "https://registry.npmjs.org/pkijs/-/pkijs-3.0.16.tgz", + "integrity": "sha512-iDUm90wfgtfd1PDV1oEnQj/4jBIU9hCSJeV0kQKThwDpbseFxC4TdpoMYlwE9maol5u0wMGZX9cNG2h1/0Lhww==", "dev": true, "requires": { "asn1js": "^3.0.5", @@ -3168,6 +2719,11 @@ "tslib": "^2.4.0" } }, + "proc-log": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", + "integrity": "sha512-g8+OnU/L2v+wyiVK+D5fA34J7EH8jZ8DDlvwhRCMxmMj7UCBvxiO1mGeN+36JXIKF4zevU4kRBd8lVgG9vLelA==" + }, "promise-retry": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/promise-retry/-/promise-retry-2.0.1.tgz", @@ -3183,11 +2739,6 @@ "integrity": "sha512-vGrhOavPSTz4QVNuBNdcNXePNdNMaO1xj9yBeH1ScQPjk/rhg9sSlCXPhMkFuaNNW/syTvYqsnbIJxMBfRbbag==", "dev": true }, - "pseudomap": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz", - "integrity": "sha512-b/YwNhb8lk1Zz2+bXXpS/LK9OisiZZ1SNsSLxN1x2OXVEhW2Ckr/7mWE5vrC1ZTiJlD9g19jWszTmJsB+oEpFQ==" - }, "pvtsutils": { "version": "1.3.5", "resolved": "https://registry.npmjs.org/pvtsutils/-/pvtsutils-1.3.5.tgz", @@ -3214,11 +2765,6 @@ "resolved": "https://registry.npmjs.org/retry/-/retry-0.12.0.tgz", "integrity": "sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow==" }, - "safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" - }, "safer-buffer": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", @@ -3267,20 +2813,20 @@ "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==" }, "socks": { - "version": "2.7.3", - "resolved": "https://registry.npmjs.org/socks/-/socks-2.7.3.tgz", - "integrity": "sha512-vfuYK48HXCTFD03G/1/zkIls3Ebr2YNa4qU9gHDZdblHLiqhJrJGkY3+0Nx0JpN9qBhJbVObc1CNciT1bIZJxw==", + "version": "2.8.3", + "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.3.tgz", + "integrity": "sha512-l5x7VUUWbjVFbafGLxPWkYsHIhEvmF85tbIeFZWc8ZPtoMyybuEhL7Jye/ooC4/d48FgOjSJXgsF/AJPYCW8Zw==", "requires": { "ip-address": "^9.0.5", "smart-buffer": "^4.2.0" } }, "socks-proxy-agent": { - "version": "8.0.2", - "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.2.tgz", - "integrity": "sha512-8zuqoLv1aP/66PHF5TqwJ7Czm3Yv32urJQHrVyhD7mmA6d61Zv8cIXQYPTWwmg6qlupnPvs/QKDmfa4P/qct2g==", + "version": "8.0.3", + "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.3.tgz", + "integrity": "sha512-VNegTZKhuGq5vSD6XNKlbqWhyt/40CgoEw8XxD6dhnm8Jq9IEa3nIa4HwnM8XOqU0CdB0BwWVXusqiFXfHB3+A==", "requires": { - "agent-base": "^7.0.2", + "agent-base": "^7.1.1", "debug": "^4.3.4", "socks": "^2.7.1" } @@ -3291,9 +2837,9 @@ "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==" }, "ssri": { - "version": "10.0.5", - "resolved": "https://registry.npmjs.org/ssri/-/ssri-10.0.5.tgz", - "integrity": "sha512-bSf16tAFkGeRlUNDjXu8FzaMQt6g2HZJrun7mtMbIPOddxt3GLMSz5VWUWcqTJUPfLEaDIepGxv+bYQW49596A==", + "version": "10.0.6", + "resolved": "https://registry.npmjs.org/ssri/-/ssri-10.0.6.tgz", + "integrity": "sha512-MGrFH9Z4NP9Iyhqn16sDtBpRRNJ0Y2hNa6D65h736fVSaPCHr4DM4sWUNvVaSuC+0OBGhwsrydQwmgfg5LncqQ==", "requires": { "minipass": "^7.0.3" } @@ -3438,7 +2984,8 @@ "undici-types": { "version": "5.26.5", "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", - "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==" + "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==", + "dev": true }, "unique-filename": { "version": "3.0.0", @@ -3467,9 +3014,9 @@ "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" }, "webcrypto-core": { - "version": "1.7.8", - "resolved": "https://registry.npmjs.org/webcrypto-core/-/webcrypto-core-1.7.8.tgz", - "integrity": "sha512-eBR98r9nQXTqXt/yDRtInszPMjTaSAMJAFDg2AHsgrnczawT1asx9YNBX6k5p+MekbPF4+s/UJJrr88zsTqkSg==", + "version": "1.7.9", + "resolved": "https://registry.npmjs.org/webcrypto-core/-/webcrypto-core-1.7.9.tgz", + "integrity": "sha512-FE+a4PPkOmBbgNDIyRmcHhgXn+2ClRl3JzJdDu/P4+B8y81LqKe6RAsI9b3lAOHe1T1BMkSjsRHTYRikImZnVA==", "dev": true, "requires": { "@peculiar/asn1-schema": "^2.3.8", @@ -3556,4 +3103,4 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" } } -} +} \ No newline at end of file diff --git a/packages/attest/package.json b/packages/attest/package.json index aa4d0cab..22f01f4d 100644 --- a/packages/attest/package.json +++ b/packages/attest/package.json @@ -1,6 +1,6 @@ { "name": "@actions/attest", - "version": "1.2.1", + "version": "1.4.2", "description": "Actions attestation lib", "keywords": [ "github", @@ -35,22 +35,20 @@ "url": "https://github.com/actions/toolkit/issues" }, "devDependencies": { - "@sigstore/mock": "^0.6.5", + "@sigstore/mock": "^0.7.4", "@sigstore/rekor-types": "^2.0.0", "@types/jsonwebtoken": "^9.0.6", - "jose": "^5.2.3", "nock": "^13.5.1", "undici": "^5.28.4" }, "dependencies": { "@actions/core": "^1.10.1", "@actions/github": "^6.0.0", - "@actions/http-client": "^2.2.1", + "@actions/http-client": "^2.2.3", "@octokit/plugin-retry": "^6.0.1", - "@sigstore/bundle": "^2.3.0", - "@sigstore/sign": "^2.3.0", - "jsonwebtoken": "^9.0.2", - "jwks-rsa": "^3.1.0" + "@sigstore/bundle": "^2.3.2", + "@sigstore/sign": "^2.3.2", + "jose": "^5.2.3" }, "overrides": { "@octokit/plugin-retry": { diff --git a/packages/attest/src/attest.ts b/packages/attest/src/attest.ts index 430f2413..85c63013 100644 --- a/packages/attest/src/attest.ts +++ b/packages/attest/src/attest.ts @@ -28,6 +28,8 @@ export type AttestOptions = { // Sigstore instance to use for signing. Must be one of "public-good" or // "github". sigstore?: SigstoreInstance + // HTTP headers to include in request to attestations API. + headers?: {[header: string]: string | number | undefined} // Whether to skip writing the attestation to the GH attestations API. skipWrite?: boolean } @@ -61,7 +63,11 @@ export async function attest(options: AttestOptions): Promise { // Store the attestation let attestationID: string | undefined if (options.skipWrite !== true) { - attestationID = await writeAttestation(bundleToJSON(bundle), options.token) + attestationID = await writeAttestation( + bundleToJSON(bundle), + options.token, + {headers: options.headers} + ) } return toAttestation(bundle, attestationID) diff --git a/packages/attest/src/oidc.ts b/packages/attest/src/oidc.ts index 51ebad42..736716be 100644 --- a/packages/attest/src/oidc.ts +++ b/packages/attest/src/oidc.ts @@ -1,16 +1,21 @@ import {getIDToken} from '@actions/core' import {HttpClient} from '@actions/http-client' -import * as jwt from 'jsonwebtoken' -import jwks from 'jwks-rsa' +import * as jose from 'jose' const OIDC_AUDIENCE = 'nobody' +const VALID_SERVER_URLS = [ + 'https://github.com', + new RegExp('^https://[a-z0-9-]+\\.ghe\\.com$') +] as const + const REQUIRED_CLAIMS = [ 'iss', 'ref', 'sha', 'repository', 'event_name', + 'job_workflow_ref', 'workflow_ref', 'repository_id', 'repository_owner_id', @@ -25,7 +30,8 @@ type OIDCConfig = { jwks_uri: string } -export const getIDTokenClaims = async (issuer: string): Promise => { +export const getIDTokenClaims = async (issuer?: string): Promise => { + issuer = issuer || getIssuer() try { const token = await getIDToken(OIDC_AUDIENCE) const claims = await decodeOIDCToken(token, issuer) @@ -39,55 +45,46 @@ export const getIDTokenClaims = async (issuer: string): Promise => { const decodeOIDCToken = async ( token: string, issuer: string -): Promise => { +): Promise => { // Verify and decode token - return new Promise((resolve, reject) => { - jwt.verify( - token, - getPublicKey(issuer), - {audience: OIDC_AUDIENCE, issuer}, - (err, decoded) => { - if (err) { - reject(err) - } else if (!decoded || typeof decoded === 'string') { - reject(new Error('No decoded token')) - } else { - resolve(decoded) - } - } - ) + const jwks = jose.createLocalJWKSet(await getJWKS(issuer)) + const {payload} = await jose.jwtVerify(token, jwks, { + audience: OIDC_AUDIENCE }) -} -// Returns a callback to locate the public key for the given JWT header. This -// involves two calls: -// 1. Fetch the OpenID configuration to get the JWKS URI. -// 2. Fetch the public key from the JWKS URI. -const getPublicKey = - (issuer: string): jwt.GetPublicKeyOrSecret => - (header: jwt.JwtHeader, callback: jwt.SigningKeyCallback) => { - // Look up the JWKS URI from the issuer's OpenID configuration - new HttpClient('actions/attest') - .getJson(`${issuer}/.well-known/openid-configuration`) - .then(data => { - if (!data.result) { - callback(new Error('No OpenID configuration found')) - } else { - // Fetch the public key from the JWKS URI - jwks({jwksUri: data.result.jwks_uri}).getSigningKey( - header.kid, - (err, key) => { - callback(err, key?.getPublicKey()) - } - ) - } - }) - .catch(err => { - callback(err) - }) + if (!payload.iss) { + throw new Error('Missing "iss" claim') } -function assertClaimSet(claims: jwt.JwtPayload): asserts claims is ClaimSet { + // Check that the issuer STARTS WITH the expected issuer URL to account for + // the fact that the value may include an enterprise-specific slug + if (!payload.iss.startsWith(issuer)) { + throw new Error(`Unexpected "iss" claim: ${payload.iss}`) + } + + return payload +} + +const getJWKS = async (issuer: string): Promise => { + const client = new HttpClient('@actions/attest') + const config = await client.getJson( + `${issuer}/.well-known/openid-configuration` + ) + + if (!config.result) { + throw new Error('No OpenID configuration found') + } + + const jwks = await client.getJson(config.result.jwks_uri) + + if (!jwks.result) { + throw new Error('No JWKS found for issuer') + } + + return jwks.result +} + +function assertClaimSet(claims: jose.JWTPayload): asserts claims is ClaimSet { const missingClaims: string[] = [] for (const claim of REQUIRED_CLAIMS) { @@ -100,3 +97,21 @@ function assertClaimSet(claims: jwt.JwtPayload): asserts claims is ClaimSet { throw new Error(`Missing claims: ${missingClaims.join(', ')}`) } } + +// Derive the current OIDC issuer based on the server URL +function getIssuer(): string { + const serverURL = process.env.GITHUB_SERVER_URL || 'https://github.com' + + // Ensure the server URL is a valid GitHub server URL + if (!VALID_SERVER_URLS.some(valid_url => serverURL.match(valid_url))) { + throw new Error(`Invalid server URL: ${serverURL}`) + } + + let host = new URL(serverURL).hostname + + if (host === 'github.com') { + host = 'githubusercontent.com' + } + + return `https://token.actions.${host}` +} diff --git a/packages/attest/src/provenance.ts b/packages/attest/src/provenance.ts index 29d7c92a..09aa64f7 100644 --- a/packages/attest/src/provenance.ts +++ b/packages/attest/src/provenance.ts @@ -3,12 +3,7 @@ import {getIDTokenClaims} from './oidc' import type {Attestation, Predicate} from './shared.types' const SLSA_PREDICATE_V1_TYPE = 'https://slsa.dev/provenance/v1' - -const GITHUB_BUILDER_ID_PREFIX = 'https://github.com/actions/runner' -const GITHUB_BUILD_TYPE = - 'https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1' - -const DEFAULT_ISSUER = 'https://token.actions.githubusercontent.com' +const GITHUB_BUILD_TYPE = 'https://actions.github.io/buildtypes/workflow/v1' export type AttestProvenanceOptions = Omit< AttestOptions, @@ -27,7 +22,7 @@ export type AttestProvenanceOptions = Omit< * @returns The SLSA provenance predicate. */ export const buildSLSAProvenancePredicate = async ( - issuer: string = DEFAULT_ISSUER + issuer?: string ): Promise => { const serverURL = process.env.GITHUB_SERVER_URL const claims = await getIDTokenClaims(issuer) @@ -55,7 +50,8 @@ export const buildSLSAProvenancePredicate = async ( github: { event_name: claims.event_name, repository_id: claims.repository_id, - repository_owner_id: claims.repository_owner_id + repository_owner_id: claims.repository_owner_id, + runner_environment: claims.runner_environment } }, resolvedDependencies: [ @@ -69,7 +65,7 @@ export const buildSLSAProvenancePredicate = async ( }, runDetails: { builder: { - id: `${GITHUB_BUILDER_ID_PREFIX}/${claims.runner_environment}` + id: `${serverURL}/${claims.job_workflow_ref}` }, metadata: { invocationId: `${serverURL}/${claims.repository}/actions/runs/${claims.run_id}/attempts/${claims.run_attempt}` diff --git a/packages/attest/src/sign.ts b/packages/attest/src/sign.ts index aad916f7..cb7119dc 100644 --- a/packages/attest/src/sign.ts +++ b/packages/attest/src/sign.ts @@ -87,6 +87,7 @@ const initBundleBuilder = (opts: SignOptions): BundleBuilder => { new RekorWitness({ rekorBaseURL: opts.rekorURL, entryType: 'dsse', + fetchOnConflict: true, timeout, retry }) diff --git a/packages/attest/src/store.ts b/packages/attest/src/store.ts index 20c7666d..71fdf53c 100644 --- a/packages/attest/src/store.ts +++ b/packages/attest/src/store.ts @@ -1,11 +1,13 @@ import * as github from '@actions/github' import {retry} from '@octokit/plugin-retry' +import {RequestHeaders} from '@octokit/types' const CREATE_ATTESTATION_REQUEST = 'POST /repos/{owner}/{repo}/attestations' const DEFAULT_RETRY_COUNT = 5 export type WriteOptions = { retry?: number + headers?: RequestHeaders } /** * Writes an attestation to the repository's attestations endpoint. @@ -26,6 +28,7 @@ export const writeAttestation = async ( const response = await octokit.request(CREATE_ATTESTATION_REQUEST, { owner: github.context.repo.owner, repo: github.context.repo.repo, + headers: options.headers, data: {bundle: attestation} }) diff --git a/packages/glob/RELEASES.md b/packages/glob/RELEASES.md index 84aa06be..142cae8d 100644 --- a/packages/glob/RELEASES.md +++ b/packages/glob/RELEASES.md @@ -1,5 +1,8 @@ # @actions/glob Releases +### 0.5.0 +- Added `excludeHiddenFiles` option, which is disabled by default to preserve existing behavior [#1791: Add glob option to ignore hidden files](https://github.com/actions/toolkit/pull/1791) + ### 0.4.0 - Pass in the current workspace as a parameter to HashFiles [#1318](https://github.com/actions/toolkit/pull/1318) diff --git a/packages/glob/__tests__/internal-globber.test.ts b/packages/glob/__tests__/internal-globber.test.ts index 4ae670fe..4b9d22ad 100644 --- a/packages/glob/__tests__/internal-globber.test.ts +++ b/packages/glob/__tests__/internal-globber.test.ts @@ -708,7 +708,7 @@ describe('globber', () => { expect(itemPaths).toEqual([]) }) - it('returns hidden files', async () => { + it('returns hidden files by default', async () => { // Create the following layout: // // /.emptyFolder @@ -734,6 +734,26 @@ describe('globber', () => { ]) }) + it('ignores hidden files when excludeHiddenFiles is set', async () => { + // Create the following layout: + // + // /.emptyFolder + // /.file + // /.folder + // /.folder/file + const root = path.join(getTestTemp(), 'ignores-hidden-files') + await createHiddenDirectory(path.join(root, '.emptyFolder')) + await createHiddenDirectory(path.join(root, '.folder')) + await createHiddenFile(path.join(root, '.file'), 'test .file content') + await fs.writeFile( + path.join(root, '.folder', 'file'), + 'test .folder/file content' + ) + + const itemPaths = await glob(root, {excludeHiddenFiles: true}) + expect(itemPaths).toEqual([root]) + }) + it('returns normalized paths', async () => { // Create the following layout: // /hello/world.txt diff --git a/packages/glob/package-lock.json b/packages/glob/package-lock.json index 7b954259..17817543 100644 --- a/packages/glob/package-lock.json +++ b/packages/glob/package-lock.json @@ -1,6 +1,6 @@ { "name": "@actions/glob", - "version": "0.4.0", + "version": "0.5.0", "lockfileVersion": 3, "requires": true, "description": "Actions glob lib", diff --git a/packages/glob/package.json b/packages/glob/package.json index 62e6bd29..637f9c6a 100644 --- a/packages/glob/package.json +++ b/packages/glob/package.json @@ -1,6 +1,6 @@ { "name": "@actions/glob", - "version": "0.4.0", + "version": "0.5.0", "preview": true, "description": "Actions glob lib", "keywords": [ diff --git a/packages/glob/src/internal-glob-options-helper.ts b/packages/glob/src/internal-glob-options-helper.ts index c798b165..f1dd5fe9 100644 --- a/packages/glob/src/internal-glob-options-helper.ts +++ b/packages/glob/src/internal-glob-options-helper.ts @@ -9,7 +9,8 @@ export function getOptions(copy?: GlobOptions): GlobOptions { followSymbolicLinks: true, implicitDescendants: true, matchDirectories: true, - omitBrokenSymbolicLinks: true + omitBrokenSymbolicLinks: true, + excludeHiddenFiles: false } if (copy) { @@ -32,6 +33,11 @@ export function getOptions(copy?: GlobOptions): GlobOptions { result.omitBrokenSymbolicLinks = copy.omitBrokenSymbolicLinks core.debug(`omitBrokenSymbolicLinks '${result.omitBrokenSymbolicLinks}'`) } + + if (typeof copy.excludeHiddenFiles === 'boolean') { + result.excludeHiddenFiles = copy.excludeHiddenFiles + core.debug(`excludeHiddenFiles '${result.excludeHiddenFiles}'`) + } } return result diff --git a/packages/glob/src/internal-glob-options.ts b/packages/glob/src/internal-glob-options.ts index ac1e93f1..8b721550 100644 --- a/packages/glob/src/internal-glob-options.ts +++ b/packages/glob/src/internal-glob-options.ts @@ -36,4 +36,13 @@ export interface GlobOptions { * @default true */ omitBrokenSymbolicLinks?: boolean + + /** + * Indicates whether to exclude hidden files (files and directories starting with a `.`). + * This does not apply to Windows files and directories with the hidden attribute unless + * they are also prefixed with a `.`. + * + * @default false + */ + excludeHiddenFiles?: boolean } diff --git a/packages/glob/src/internal-globber.ts b/packages/glob/src/internal-globber.ts index 3978d625..7f56b9b5 100644 --- a/packages/glob/src/internal-globber.ts +++ b/packages/glob/src/internal-globber.ts @@ -128,6 +128,11 @@ export class DefaultGlobber implements Globber { continue } + // Hidden file or directory? + if (options.excludeHiddenFiles && path.basename(item.path).match(/^\./)) { + continue + } + // Directory if (stats.isDirectory()) { // Matched diff --git a/packages/http-client/RELEASES.md b/packages/http-client/RELEASES.md index be4ce085..6d9ccf5d 100644 --- a/packages/http-client/RELEASES.md +++ b/packages/http-client/RELEASES.md @@ -1,5 +1,14 @@ ## Releases +## 2.2.3 +- Fixed an issue where proxy username and password were not handled correctly [#1799](https://github.com/actions/toolkit/pull/1799) + +## 2.2.2 +- Better handling of url encoded usernames and passwords in proxy config [#1782](https://github.com/actions/toolkit/pull/1782) + +## 2.2.1 +- Make sure RequestOptions.keepAlive is applied properly on node20 runtime [#1572](https://github.com/actions/toolkit/pull/1572) + ## 2.2.0 - Add function to return proxy agent dispatcher for compatibility with latest octokit packages [#1547](https://github.com/actions/toolkit/pull/1547) diff --git a/packages/http-client/__tests__/basics.test.ts b/packages/http-client/__tests__/basics.test.ts index 1e715ce9..8d93abb3 100644 --- a/packages/http-client/__tests__/basics.test.ts +++ b/packages/http-client/__tests__/basics.test.ts @@ -37,7 +37,7 @@ describe('basics', () => { // "user-agent": "typed-test-client-tests" // }, // "origin": "173.95.152.44", - // "url": "https://postman-echo.com/get" + // "url": "http://postman-echo.com/get" // } it('does basic http get request', async () => { @@ -63,16 +63,17 @@ describe('basics', () => { expect(obj.headers['user-agent']).toBeFalsy() }) + /* TODO write a mock rather then relying on a third party it('does basic https get request', async () => { const res: httpm.HttpClientResponse = await _http.get( - 'https://postman-echo.com/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('https://postman-echo.com/get') + expect(obj.url).toBe('http://postman-echo.com/get') }) - +*/ it('does basic http get request with default headers', async () => { const http: httpm.HttpClient = new httpm.HttpClient( 'http-client-tests', @@ -125,12 +126,12 @@ describe('basics', () => { it('pipes a get request', async () => { return new Promise(async resolve => { const file = fs.createWriteStream(sampleFilePath) - ;(await _http.get('https://postman-echo.com/get')).message + ;(await _http.get('http://postman-echo.com/get')).message .pipe(file) .on('close', () => { const body: string = fs.readFileSync(sampleFilePath).toString() const obj = JSON.parse(body) - expect(obj.url).toBe('https://postman-echo.com/get') + expect(obj.url).toBe('http://postman-echo.com/get') resolve() }) }) @@ -138,32 +139,32 @@ describe('basics', () => { it('does basic get request with redirects', async () => { const res: httpm.HttpClientResponse = await _http.get( - `https://postman-echo.com/redirect-to?url=${encodeURIComponent( - 'https://postman-echo.com/get' + `http://postman-echo.com/redirect-to?url=${encodeURIComponent( + 'http://postman-echo.com/get' )}` ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('https://postman-echo.com/get') + expect(obj.url).toBe('http://postman-echo.com/get') }) it('does basic get request with redirects (303)', async () => { const res: httpm.HttpClientResponse = await _http.get( - `https://postman-echo.com/redirect-to?url=${encodeURIComponent( - 'https://postman-echo.com/get' + `http://postman-echo.com/redirect-to?url=${encodeURIComponent( + 'http://postman-echo.com/get' )}&status_code=303` ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('https://postman-echo.com/get') + expect(obj.url).toBe('http://postman-echo.com/get') }) it('returns 404 for not found get request on redirect', async () => { const res: httpm.HttpClientResponse = await _http.get( - `https://postman-echo.com/redirect-to?url=${encodeURIComponent( - 'https://postman-echo.com/status/404' + `http://postman-echo.com/redirect-to?url=${encodeURIComponent( + 'http://postman-echo.com/status/404' )}&status_code=303` ) expect(res.message.statusCode).toBe(404) @@ -177,8 +178,8 @@ describe('basics', () => { {allowRedirects: false} ) const res: httpm.HttpClientResponse = await http.get( - `https://postman-echo.com/redirect-to?url=${encodeURIComponent( - 'https://postman-echo.com/get' + `http://postman-echo.com/redirect-to?url=${encodeURIComponent( + 'http://postman-echo.com/get' )}` ) expect(res.message.statusCode).toBe(302) @@ -191,8 +192,8 @@ describe('basics', () => { authorization: 'shhh' } const res: httpm.HttpClientResponse = await _http.get( - `https://postman-echo.com/redirect-to?url=${encodeURIComponent( - 'https://www.postman-echo.com/get' + `http://postman-echo.com/redirect-to?url=${encodeURIComponent( + 'http://www.postman-echo.com/get' )}`, headers ) @@ -204,7 +205,7 @@ describe('basics', () => { expect(obj.headers[httpm.Headers.Accept]).toBe('application/json') expect(obj.headers['Authorization']).toBeUndefined() expect(obj.headers['authorization']).toBeUndefined() - expect(obj.url).toBe('https://www.postman-echo.com/get') + expect(obj.url).toBe('http://www.postman-echo.com/get') }) it('does not pass Auth with diff hostname redirects', async () => { @@ -213,8 +214,8 @@ describe('basics', () => { Authorization: 'shhh' } const res: httpm.HttpClientResponse = await _http.get( - `https://postman-echo.com/redirect-to?url=${encodeURIComponent( - 'https://www.postman-echo.com/get' + `http://postman-echo.com/redirect-to?url=${encodeURIComponent( + 'http://www.postman-echo.com/get' )}`, headers ) @@ -226,7 +227,7 @@ describe('basics', () => { expect(obj.headers[httpm.Headers.Accept]).toBe('application/json') expect(obj.headers['Authorization']).toBeUndefined() expect(obj.headers['authorization']).toBeUndefined() - expect(obj.url).toBe('https://www.postman-echo.com/get') + expect(obj.url).toBe('http://www.postman-echo.com/get') }) it('does basic head request', async () => { @@ -289,11 +290,11 @@ describe('basics', () => { it('gets a json object', async () => { const jsonObj = await _http.getJson( - 'https://postman-echo.com/get' + 'http://postman-echo.com/get' ) expect(jsonObj.statusCode).toBe(200) expect(jsonObj.result).toBeDefined() - expect(jsonObj.result?.url).toBe('https://postman-echo.com/get') + expect(jsonObj.result?.url).toBe('http://postman-echo.com/get') expect(jsonObj.result?.headers[httpm.Headers.Accept]).toBe( httpm.MediaTypes.ApplicationJson ) @@ -304,7 +305,7 @@ describe('basics', () => { it('getting a non existent json object returns null', async () => { const jsonObj = await _http.getJson( - 'https://postman-echo.com/status/404' + 'http://postman-echo.com/status/404' ) expect(jsonObj.statusCode).toBe(404) expect(jsonObj.result).toBeNull() @@ -313,12 +314,12 @@ describe('basics', () => { it('posts a json object', async () => { const res = {name: 'foo'} const restRes = await _http.postJson( - 'https://postman-echo.com/post', + 'http://postman-echo.com/post', res ) expect(restRes.statusCode).toBe(200) expect(restRes.result).toBeDefined() - expect(restRes.result?.url).toBe('https://postman-echo.com/post') + expect(restRes.result?.url).toBe('http://postman-echo.com/post') expect(restRes.result?.json.name).toBe('foo') expect(restRes.result?.headers[httpm.Headers.Accept]).toBe( httpm.MediaTypes.ApplicationJson @@ -334,12 +335,12 @@ describe('basics', () => { it('puts a json object', async () => { const res = {name: 'foo'} const restRes = await _http.putJson( - 'https://postman-echo.com/put', + 'http://postman-echo.com/put', res ) expect(restRes.statusCode).toBe(200) expect(restRes.result).toBeDefined() - expect(restRes.result?.url).toBe('https://postman-echo.com/put') + expect(restRes.result?.url).toBe('http://postman-echo.com/put') expect(restRes.result?.json.name).toBe('foo') expect(restRes.result?.headers[httpm.Headers.Accept]).toBe( @@ -356,12 +357,12 @@ describe('basics', () => { it('patch a json object', async () => { const res = {name: 'foo'} const restRes = await _http.patchJson( - 'https://postman-echo.com/patch', + 'http://postman-echo.com/patch', res ) expect(restRes.statusCode).toBe(200) expect(restRes.result).toBeDefined() - expect(restRes.result?.url).toBe('https://postman-echo.com/patch') + expect(restRes.result?.url).toBe('http://postman-echo.com/patch') expect(restRes.result?.json.name).toBe('foo') expect(restRes.result?.headers[httpm.Headers.Accept]).toBe( httpm.MediaTypes.ApplicationJson diff --git a/packages/http-client/__tests__/headers.test.ts b/packages/http-client/__tests__/headers.test.ts index c1ca0ec3..887d9333 100644 --- a/packages/http-client/__tests__/headers.test.ts +++ b/packages/http-client/__tests__/headers.test.ts @@ -12,7 +12,7 @@ describe('headers', () => { it('preserves existing headers on getJson', async () => { const additionalHeaders = {[httpm.Headers.Accept]: 'foo'} let jsonObj = await _http.getJson( - 'https://postman-echo.com/get', + 'http://postman-echo.com/get', additionalHeaders ) expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('foo') @@ -26,7 +26,7 @@ describe('headers', () => { [httpm.Headers.Accept]: 'baz' } } - jsonObj = await httpWithHeaders.getJson('https://postman-echo.com/get') + jsonObj = await httpWithHeaders.getJson('http://postman-echo.com/get') expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('baz') expect(jsonObj.headers[httpm.Headers.ContentType]).toContain( httpm.MediaTypes.ApplicationJson @@ -36,7 +36,7 @@ describe('headers', () => { it('preserves existing headers on postJson', async () => { const additionalHeaders = {[httpm.Headers.Accept]: 'foo'} let jsonObj = await _http.postJson( - 'https://postman-echo.com/post', + 'http://postman-echo.com/post', {}, additionalHeaders ) @@ -52,7 +52,7 @@ describe('headers', () => { } } jsonObj = await httpWithHeaders.postJson( - 'https://postman-echo.com/post', + 'http://postman-echo.com/post', {} ) expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('baz') @@ -64,7 +64,7 @@ describe('headers', () => { it('preserves existing headers on putJson', async () => { const additionalHeaders = {[httpm.Headers.Accept]: 'foo'} let jsonObj = await _http.putJson( - 'https://postman-echo.com/put', + 'http://postman-echo.com/put', {}, additionalHeaders ) @@ -80,7 +80,7 @@ describe('headers', () => { } } jsonObj = await httpWithHeaders.putJson( - 'https://postman-echo.com/put', + 'http://postman-echo.com/put', {} ) expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('baz') @@ -92,7 +92,7 @@ describe('headers', () => { it('preserves existing headers on patchJson', async () => { const additionalHeaders = {[httpm.Headers.Accept]: 'foo'} let jsonObj = await _http.patchJson( - 'https://postman-echo.com/patch', + 'http://postman-echo.com/patch', {}, additionalHeaders ) @@ -108,7 +108,7 @@ describe('headers', () => { } } jsonObj = await httpWithHeaders.patchJson( - 'https://postman-echo.com/patch', + 'http://postman-echo.com/patch', {} ) expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('baz') diff --git a/packages/http-client/__tests__/proxy.test.ts b/packages/http-client/__tests__/proxy.test.ts index c921b4bc..fe29b6b1 100644 --- a/packages/http-client/__tests__/proxy.test.ts +++ b/packages/http-client/__tests__/proxy.test.ts @@ -222,30 +222,33 @@ describe('proxy', () => { expect(_proxyConnects).toHaveLength(0) }) + // TODO mock this out so we don't rely on a third party + /* it('HttpClient does basic https get request through proxy', async () => { process.env['https_proxy'] = _proxyUrl const httpClient = new httpm.HttpClient() const res: httpm.HttpClientResponse = await httpClient.get( - 'https://postman-echo.com/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('https://postman-echo.com/get') + expect(obj.url).toBe('http://postman-echo.com/get') expect(_proxyConnects).toEqual(['postman-echo.com:443']) }) + */ - it('HttpClient does basic https get request when bypass proxy', async () => { - process.env['https_proxy'] = _proxyUrl + it('HttpClient does basic http get request when bypass proxy', async () => { + process.env['http_proxy'] = _proxyUrl process.env['no_proxy'] = 'postman-echo.com' const httpClient = new httpm.HttpClient() const res: httpm.HttpClientResponse = await httpClient.get( - 'https://postman-echo.com/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('https://postman-echo.com/get') + expect(obj.url).toBe('http://postman-echo.com/get') expect(_proxyConnects).toHaveLength(0) }) @@ -304,6 +307,18 @@ describe('proxy', () => { console.log(agent) expect(agent instanceof ProxyAgent).toBe(true) }) + + it('proxyAuth is set in tunnel agent when authentication is provided with URIencoding', async () => { + process.env['https_proxy'] = + 'http://user%40github.com:p%40ssword@127.0.0.1:8080' + const httpClient = new httpm.HttpClient() + const agent: any = httpClient.getAgent('https://some-url') + // eslint-disable-next-line no-console + console.log(agent) + expect(agent.proxyOptions.host).toBe('127.0.0.1') + expect(agent.proxyOptions.port).toBe('8080') + expect(agent.proxyOptions.proxyAuth).toBe('user@github.com:p@ssword') + }) }) function _clearVars(): void { diff --git a/packages/http-client/package-lock.json b/packages/http-client/package-lock.json index 52038ad3..823b38b7 100644 --- a/packages/http-client/package-lock.json +++ b/packages/http-client/package-lock.json @@ -1,6 +1,6 @@ { "name": "@actions/http-client", - "version": "2.2.1", + "version": "2.2.3", "lockfileVersion": 2, "requires": true, "packages": { diff --git a/packages/http-client/package.json b/packages/http-client/package.json index 0ae89c34..3960a83a 100644 --- a/packages/http-client/package.json +++ b/packages/http-client/package.json @@ -1,6 +1,6 @@ { "name": "@actions/http-client", - "version": "2.2.1", + "version": "2.2.3", "description": "Actions Http Client", "keywords": [ "github", diff --git a/packages/http-client/src/index.ts b/packages/http-client/src/index.ts index 6f575f7d..6ee9ae43 100644 --- a/packages/http-client/src/index.ts +++ b/packages/http-client/src/index.ts @@ -726,7 +726,9 @@ export class HttpClient { uri: proxyUrl.href, pipelining: !this._keepAlive ? 0 : 1, ...((proxyUrl.username || proxyUrl.password) && { - token: `${proxyUrl.username}:${proxyUrl.password}` + token: `Basic ${Buffer.from( + `${proxyUrl.username}:${proxyUrl.password}` + ).toString('base64')}` }) }) this._proxyAgentDispatcher = proxyAgent diff --git a/packages/http-client/src/proxy.ts b/packages/http-client/src/proxy.ts index 32afce6a..3a9c6834 100644 --- a/packages/http-client/src/proxy.ts +++ b/packages/http-client/src/proxy.ts @@ -15,10 +15,10 @@ export function getProxyUrl(reqUrl: URL): URL | undefined { if (proxyVar) { try { - return new URL(proxyVar) + return new DecodedURL(proxyVar) } catch { if (!proxyVar.startsWith('http://') && !proxyVar.startsWith('https://')) - return new URL(`http://${proxyVar}`) + return new DecodedURL(`http://${proxyVar}`) } } else { return undefined @@ -87,3 +87,22 @@ function isLoopbackAddress(host: string): boolean { hostLower.startsWith('[0:0:0:0:0:0:0:1]') ) } + +class DecodedURL extends URL { + private _decodedUsername: string + private _decodedPassword: string + + constructor(url: string | URL, base?: string | URL) { + super(url, base) + this._decodedUsername = decodeURIComponent(super.username) + this._decodedPassword = decodeURIComponent(super.password) + } + + get username(): string { + return this._decodedUsername + } + + get password(): string { + return this._decodedPassword + } +}