From 286e2fdbe0026c0831260d3db340be05ea6dd287 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Nov 2023 13:46:19 +0000 Subject: [PATCH 1/2] Bump normalize-url from 4.5.1 to 8.0.0 Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.1 to 8.0.0. - [Release notes](https://github.com/sindresorhus/normalize-url/releases) - [Commits](https://github.com/sindresorhus/normalize-url/commits/v8.0.0) --- updated-dependencies: - dependency-name: normalize-url dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package-lock.json | 21 ++++++++++++++++----- package.json | 2 +- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2e7a1b79..69a30081 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,7 @@ "@actions/tool-cache": "^2.0.1", "get-hrefs": "^4.0.0", "js-yaml": "^4.1.0", - "normalize-url": "^4.2.0", + "normalize-url": "^8.0.0", "semver": "^7.5.4" }, "devDependencies": { @@ -1193,6 +1193,14 @@ "node": ">=8.6.0" } }, + "node_modules/get-hrefs/node_modules/normalize-url": { + "version": "4.5.1", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.1.tgz", + "integrity": "sha512-9UZCFRHQdNrfTpGg8+1INIg93B6zE0aXMVFkw1WFwvO4SlZywU6aLg5Of0Ap/PgcbSw4LNxvMWXMeugwMCX0AA==", + "engines": { + "node": ">=8" + } + }, "node_modules/get-stdin": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-6.0.0.tgz", @@ -1681,11 +1689,14 @@ "dev": true }, "node_modules/normalize-url": { - "version": "4.5.1", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.1.tgz", - "integrity": "sha512-9UZCFRHQdNrfTpGg8+1INIg93B6zE0aXMVFkw1WFwvO4SlZywU6aLg5Of0Ap/PgcbSw4LNxvMWXMeugwMCX0AA==", + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.0.tgz", + "integrity": "sha512-uVFpKhj5MheNBJRTiMZ9pE/7hD1QTeEvugSJW/OmLzAp78PB5O6adfMNTvmfKhXBkvCzC+rqifWcVYpGFwTjnw==", "engines": { - "node": ">=8" + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/nth-check": { diff --git a/package.json b/package.json index bd5ce5c4..2df31ef1 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ "@actions/tool-cache": "^2.0.1", "get-hrefs": "^4.0.0", "js-yaml": "^4.1.0", - "normalize-url": "^4.2.0", + "normalize-url": "^8.0.0", "semver": "^7.5.4" }, "devDependencies": { From ccf17a22d5ec381755a11dad8c928ca51b98de57 Mon Sep 17 00:00:00 2001 From: Daniel Bast <2790401+dbast@users.noreply.github.com> Date: Fri, 24 Nov 2023 15:00:30 +0100 Subject: [PATCH 2/2] npm run build --- dist/setup/index.js | 460 ++++++++++++++++++++++---------------------- 1 file changed, 230 insertions(+), 230 deletions(-) diff --git a/dist/setup/index.js b/dist/setup/index.js index bff6709d..e8ee5fb5 100644 --- a/dist/setup/index.js +++ b/dist/setup/index.js @@ -14859,6 +14859,235 @@ Object.defineProperty(exports, "decodeHTML5Strict", ({ enumerable: true, get: fu Object.defineProperty(exports, "decodeXMLStrict", ({ enumerable: true, get: function () { return decode_js_2.decodeXML; } })); //# sourceMappingURL=index.js.map +/***/ }), + +/***/ 5245: +/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { + +"use strict"; + +// TODO: Use the `URL` global when targeting Node.js 10 +const URLParser = typeof URL === 'undefined' ? (__nccwpck_require__(7310).URL) : URL; + +// https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs +const DATA_URL_DEFAULT_MIME_TYPE = 'text/plain'; +const DATA_URL_DEFAULT_CHARSET = 'us-ascii'; + +const testParameter = (name, filters) => { + return filters.some(filter => filter instanceof RegExp ? filter.test(name) : filter === name); +}; + +const normalizeDataURL = (urlString, {stripHash}) => { + const parts = urlString.match(/^data:([^,]*?),([^#]*?)(?:#(.*))?$/); + + if (!parts) { + throw new Error(`Invalid URL: ${urlString}`); + } + + const mediaType = parts[1].split(';'); + const body = parts[2]; + const hash = stripHash ? '' : parts[3]; + + let base64 = false; + + if (mediaType[mediaType.length - 1] === 'base64') { + mediaType.pop(); + base64 = true; + } + + // Lowercase MIME type + const mimeType = (mediaType.shift() || '').toLowerCase(); + const attributes = mediaType + .map(attribute => { + let [key, value = ''] = attribute.split('=').map(string => string.trim()); + + // Lowercase `charset` + if (key === 'charset') { + value = value.toLowerCase(); + + if (value === DATA_URL_DEFAULT_CHARSET) { + return ''; + } + } + + return `${key}${value ? `=${value}` : ''}`; + }) + .filter(Boolean); + + const normalizedMediaType = [ + ...attributes + ]; + + if (base64) { + normalizedMediaType.push('base64'); + } + + if (normalizedMediaType.length !== 0 || (mimeType && mimeType !== DATA_URL_DEFAULT_MIME_TYPE)) { + normalizedMediaType.unshift(mimeType); + } + + return `data:${normalizedMediaType.join(';')},${base64 ? body.trim() : body}${hash ? `#${hash}` : ''}`; +}; + +const normalizeUrl = (urlString, options) => { + options = { + defaultProtocol: 'http:', + normalizeProtocol: true, + forceHttp: false, + forceHttps: false, + stripAuthentication: true, + stripHash: false, + stripWWW: true, + removeQueryParameters: [/^utm_\w+/i], + removeTrailingSlash: true, + removeDirectoryIndex: false, + sortQueryParameters: true, + ...options + }; + + // TODO: Remove this at some point in the future + if (Reflect.has(options, 'normalizeHttps')) { + throw new Error('options.normalizeHttps is renamed to options.forceHttp'); + } + + if (Reflect.has(options, 'normalizeHttp')) { + throw new Error('options.normalizeHttp is renamed to options.forceHttps'); + } + + if (Reflect.has(options, 'stripFragment')) { + throw new Error('options.stripFragment is renamed to options.stripHash'); + } + + urlString = urlString.trim(); + + // Data URL + if (/^data:/i.test(urlString)) { + return normalizeDataURL(urlString, options); + } + + const hasRelativeProtocol = urlString.startsWith('//'); + const isRelativeUrl = !hasRelativeProtocol && /^\.*\//.test(urlString); + + // Prepend protocol + if (!isRelativeUrl) { + urlString = urlString.replace(/^(?!(?:\w+:)?\/\/)|^\/\//, options.defaultProtocol); + } + + const urlObj = new URLParser(urlString); + + if (options.forceHttp && options.forceHttps) { + throw new Error('The `forceHttp` and `forceHttps` options cannot be used together'); + } + + if (options.forceHttp && urlObj.protocol === 'https:') { + urlObj.protocol = 'http:'; + } + + if (options.forceHttps && urlObj.protocol === 'http:') { + urlObj.protocol = 'https:'; + } + + // Remove auth + if (options.stripAuthentication) { + urlObj.username = ''; + urlObj.password = ''; + } + + // Remove hash + if (options.stripHash) { + urlObj.hash = ''; + } + + // Remove duplicate slashes if not preceded by a protocol + if (urlObj.pathname) { + // TODO: Use the following instead when targeting Node.js 10 + // `urlObj.pathname = urlObj.pathname.replace(/(? { + if (/^(?!\/)/g.test(p1)) { + return `${p1}/`; + } + + return '/'; + }); + } + + // Decode URI octets + if (urlObj.pathname) { + urlObj.pathname = decodeURI(urlObj.pathname); + } + + // Remove directory index + if (options.removeDirectoryIndex === true) { + options.removeDirectoryIndex = [/^index\.[a-z]+$/]; + } + + if (Array.isArray(options.removeDirectoryIndex) && options.removeDirectoryIndex.length > 0) { + let pathComponents = urlObj.pathname.split('/'); + const lastComponent = pathComponents[pathComponents.length - 1]; + + if (testParameter(lastComponent, options.removeDirectoryIndex)) { + pathComponents = pathComponents.slice(0, pathComponents.length - 1); + urlObj.pathname = pathComponents.slice(1).join('/') + '/'; + } + } + + if (urlObj.hostname) { + // Remove trailing dot + urlObj.hostname = urlObj.hostname.replace(/\.$/, ''); + + // Remove `www.` + if (options.stripWWW && /^www\.([a-z\-\d]{2,63})\.([a-z.]{2,5})$/.test(urlObj.hostname)) { + // Each label should be max 63 at length (min: 2). + // The extension should be max 5 at length (min: 2). + // Source: https://en.wikipedia.org/wiki/Hostname#Restrictions_on_valid_host_names + urlObj.hostname = urlObj.hostname.replace(/^www\./, ''); + } + } + + // Remove query unwanted parameters + if (Array.isArray(options.removeQueryParameters)) { + for (const key of [...urlObj.searchParams.keys()]) { + if (testParameter(key, options.removeQueryParameters)) { + urlObj.searchParams.delete(key); + } + } + } + + // Sort query parameters + if (options.sortQueryParameters) { + urlObj.searchParams.sort(); + } + + if (options.removeTrailingSlash) { + urlObj.pathname = urlObj.pathname.replace(/\/$/, ''); + } + + // Take advantage of many of the Node `url` normalizations + urlString = urlObj.toString(); + + // Remove ending `/` + if ((options.removeTrailingSlash || urlObj.pathname === '/') && urlObj.hash === '') { + urlString = urlString.replace(/\/$/, ''); + } + + // Restore relative protocol, if applicable + if (hasRelativeProtocol && !options.normalizeProtocol) { + urlString = urlString.replace(/^http:\/\//, '//'); + } + + // Remove http/https + if (options.stripProtocol) { + urlString = urlString.replace(/^(?:https?:)?\/\//, ''); + } + + return urlString; +}; + +module.exports = normalizeUrl; +// TODO: Remove this for the next major release +module.exports["default"] = normalizeUrl; + + /***/ }), /***/ 5013: @@ -14868,7 +15097,7 @@ Object.defineProperty(exports, "decodeXMLStrict", ({ enumerable: true, get: func const {URL} = __nccwpck_require__(7310); const cheerio = __nccwpck_require__(4612); -const normalizeUrl = __nccwpck_require__(7952); +const normalizeUrl = __nccwpck_require__(5245); const FAKE_PROTOCOL = 'fake:'; const FAKE_HOSTNAME = 'base.url'; @@ -20977,235 +21206,6 @@ const forEachStep = (self, fn, node, thisp) => { module.exports = LRUCache -/***/ }), - -/***/ 7952: -/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { - -"use strict"; - -// TODO: Use the `URL` global when targeting Node.js 10 -const URLParser = typeof URL === 'undefined' ? (__nccwpck_require__(7310).URL) : URL; - -// https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs -const DATA_URL_DEFAULT_MIME_TYPE = 'text/plain'; -const DATA_URL_DEFAULT_CHARSET = 'us-ascii'; - -const testParameter = (name, filters) => { - return filters.some(filter => filter instanceof RegExp ? filter.test(name) : filter === name); -}; - -const normalizeDataURL = (urlString, {stripHash}) => { - const parts = urlString.match(/^data:([^,]*?),([^#]*?)(?:#(.*))?$/); - - if (!parts) { - throw new Error(`Invalid URL: ${urlString}`); - } - - const mediaType = parts[1].split(';'); - const body = parts[2]; - const hash = stripHash ? '' : parts[3]; - - let base64 = false; - - if (mediaType[mediaType.length - 1] === 'base64') { - mediaType.pop(); - base64 = true; - } - - // Lowercase MIME type - const mimeType = (mediaType.shift() || '').toLowerCase(); - const attributes = mediaType - .map(attribute => { - let [key, value = ''] = attribute.split('=').map(string => string.trim()); - - // Lowercase `charset` - if (key === 'charset') { - value = value.toLowerCase(); - - if (value === DATA_URL_DEFAULT_CHARSET) { - return ''; - } - } - - return `${key}${value ? `=${value}` : ''}`; - }) - .filter(Boolean); - - const normalizedMediaType = [ - ...attributes - ]; - - if (base64) { - normalizedMediaType.push('base64'); - } - - if (normalizedMediaType.length !== 0 || (mimeType && mimeType !== DATA_URL_DEFAULT_MIME_TYPE)) { - normalizedMediaType.unshift(mimeType); - } - - return `data:${normalizedMediaType.join(';')},${base64 ? body.trim() : body}${hash ? `#${hash}` : ''}`; -}; - -const normalizeUrl = (urlString, options) => { - options = { - defaultProtocol: 'http:', - normalizeProtocol: true, - forceHttp: false, - forceHttps: false, - stripAuthentication: true, - stripHash: false, - stripWWW: true, - removeQueryParameters: [/^utm_\w+/i], - removeTrailingSlash: true, - removeDirectoryIndex: false, - sortQueryParameters: true, - ...options - }; - - // TODO: Remove this at some point in the future - if (Reflect.has(options, 'normalizeHttps')) { - throw new Error('options.normalizeHttps is renamed to options.forceHttp'); - } - - if (Reflect.has(options, 'normalizeHttp')) { - throw new Error('options.normalizeHttp is renamed to options.forceHttps'); - } - - if (Reflect.has(options, 'stripFragment')) { - throw new Error('options.stripFragment is renamed to options.stripHash'); - } - - urlString = urlString.trim(); - - // Data URL - if (/^data:/i.test(urlString)) { - return normalizeDataURL(urlString, options); - } - - const hasRelativeProtocol = urlString.startsWith('//'); - const isRelativeUrl = !hasRelativeProtocol && /^\.*\//.test(urlString); - - // Prepend protocol - if (!isRelativeUrl) { - urlString = urlString.replace(/^(?!(?:\w+:)?\/\/)|^\/\//, options.defaultProtocol); - } - - const urlObj = new URLParser(urlString); - - if (options.forceHttp && options.forceHttps) { - throw new Error('The `forceHttp` and `forceHttps` options cannot be used together'); - } - - if (options.forceHttp && urlObj.protocol === 'https:') { - urlObj.protocol = 'http:'; - } - - if (options.forceHttps && urlObj.protocol === 'http:') { - urlObj.protocol = 'https:'; - } - - // Remove auth - if (options.stripAuthentication) { - urlObj.username = ''; - urlObj.password = ''; - } - - // Remove hash - if (options.stripHash) { - urlObj.hash = ''; - } - - // Remove duplicate slashes if not preceded by a protocol - if (urlObj.pathname) { - // TODO: Use the following instead when targeting Node.js 10 - // `urlObj.pathname = urlObj.pathname.replace(/(? { - if (/^(?!\/)/g.test(p1)) { - return `${p1}/`; - } - - return '/'; - }); - } - - // Decode URI octets - if (urlObj.pathname) { - urlObj.pathname = decodeURI(urlObj.pathname); - } - - // Remove directory index - if (options.removeDirectoryIndex === true) { - options.removeDirectoryIndex = [/^index\.[a-z]+$/]; - } - - if (Array.isArray(options.removeDirectoryIndex) && options.removeDirectoryIndex.length > 0) { - let pathComponents = urlObj.pathname.split('/'); - const lastComponent = pathComponents[pathComponents.length - 1]; - - if (testParameter(lastComponent, options.removeDirectoryIndex)) { - pathComponents = pathComponents.slice(0, pathComponents.length - 1); - urlObj.pathname = pathComponents.slice(1).join('/') + '/'; - } - } - - if (urlObj.hostname) { - // Remove trailing dot - urlObj.hostname = urlObj.hostname.replace(/\.$/, ''); - - // Remove `www.` - if (options.stripWWW && /^www\.([a-z\-\d]{2,63})\.([a-z.]{2,5})$/.test(urlObj.hostname)) { - // Each label should be max 63 at length (min: 2). - // The extension should be max 5 at length (min: 2). - // Source: https://en.wikipedia.org/wiki/Hostname#Restrictions_on_valid_host_names - urlObj.hostname = urlObj.hostname.replace(/^www\./, ''); - } - } - - // Remove query unwanted parameters - if (Array.isArray(options.removeQueryParameters)) { - for (const key of [...urlObj.searchParams.keys()]) { - if (testParameter(key, options.removeQueryParameters)) { - urlObj.searchParams.delete(key); - } - } - } - - // Sort query parameters - if (options.sortQueryParameters) { - urlObj.searchParams.sort(); - } - - if (options.removeTrailingSlash) { - urlObj.pathname = urlObj.pathname.replace(/\/$/, ''); - } - - // Take advantage of many of the Node `url` normalizations - urlString = urlObj.toString(); - - // Remove ending `/` - if ((options.removeTrailingSlash || urlObj.pathname === '/') && urlObj.hash === '') { - urlString = urlString.replace(/\/$/, ''); - } - - // Restore relative protocol, if applicable - if (hasRelativeProtocol && !options.normalizeProtocol) { - urlString = urlString.replace(/^http:\/\//, '//'); - } - - // Remove http/https - if (options.stripProtocol) { - urlString = urlString.replace(/^(?:https?:)?\/\//, ''); - } - - return urlString; -}; - -module.exports = normalizeUrl; -// TODO: Remove this for the next major release -module.exports["default"] = normalizeUrl; - - /***/ }), /***/ 9241: