diff --git a/.licenses/npm/semver.dep.yml b/.licenses/npm/semver.dep.yml index c2925a1..5de7b63 100644 --- a/.licenses/npm/semver.dep.yml +++ b/.licenses/npm/semver.dep.yml @@ -1,9 +1,9 @@ --- name: semver -version: 7.3.8 +version: 7.5.4 type: npm summary: The semantic version parser used by npm. -homepage: https://github.com/npm/node-semver#readme +homepage: license: isc licenses: - sources: LICENSE diff --git a/dist/index.js b/dist/index.js index 8835ed8..8f1bfd5 100644 --- a/dist/index.js +++ b/dist/index.js @@ -5,104 +5,104 @@ /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; - -var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); -}) : (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - o[k2] = m[k]; -})); -var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); -}) : function(o, v) { - o["default"] = v; -}); -var __importStar = (this && this.__importStar) || function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); - __setModuleDefault(result, mod); - return result; -}; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.postMessageToSlack = exports.updateTag = exports.validateIfReleaseIsPublished = void 0; -const core = __importStar(__nccwpck_require__(2186)); -const github_1 = __nccwpck_require__(5438); -const http_client_1 = __nccwpck_require__(9925); -async function findTag(tag, octokitClient) { - try { - const { data: foundTag } = await octokitClient.git.getRef({ - ...github_1.context.repo, - ref: `tags/${tag}` - }); - return foundTag; - } - catch (err) { - if (err.status === 404) { - return null; - } - else { - throw new Error(`Retrieving refs failed with the following error: ${err}`); - } - } -} -async function getTagSHA(tag, octokitClient) { - const foundTag = await findTag(tag, octokitClient); - if (!foundTag) { - throw new Error(`The '${tag}' tag does not exist in the remote repository`); - } - return foundTag.object.sha; -} -async function validateIfReleaseIsPublished(tag, octokitClient) { - try { - const { data: foundRelease } = await octokitClient.repos.getReleaseByTag({ - ...github_1.context.repo, - tag - }); - if (foundRelease.prerelease) { - throw new Error(`The '${foundRelease.name}' release is marked as pre-release. Updating tags for pre-release is not supported`); - } - } - catch (err) { - if (err.status === 404) { - throw new Error(`No GitHub release found for the ${tag} tag`); - } - else { - throw new Error(`Retrieving releases failed with the following error: ${err}`); - } - } -} -exports.validateIfReleaseIsPublished = validateIfReleaseIsPublished; -async function updateTag(sourceTag, targetTag, octokitClient) { - const sourceTagSHA = await getTagSHA(sourceTag, octokitClient); - const foundTargetTag = await findTag(targetTag, octokitClient); - const refName = `tags/${targetTag}`; - if (foundTargetTag) { - core.info(`Updating the '${targetTag}' tag to point to the '${sourceTag}' tag`); - await octokitClient.git.updateRef({ - ...github_1.context.repo, - ref: refName, - sha: sourceTagSHA, - force: true - }); - } - else { - core.info(`Creating the '${targetTag}' tag from the '${sourceTag}' tag`); - await octokitClient.git.createRef({ - ...github_1.context.repo, - ref: `refs/${refName}`, - sha: sourceTagSHA - }); - } -} -exports.updateTag = updateTag; -async function postMessageToSlack(slackWebhook, message) { - const jsonData = { text: message }; - const http = new http_client_1.HttpClient(); - await http.postJson(slackWebhook, jsonData); -} -exports.postMessageToSlack = postMessageToSlack; + +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); +var __importStar = (this && this.__importStar) || function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); + __setModuleDefault(result, mod); + return result; +}; +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.postMessageToSlack = exports.updateTag = exports.validateIfReleaseIsPublished = void 0; +const core = __importStar(__nccwpck_require__(2186)); +const github_1 = __nccwpck_require__(5438); +const http_client_1 = __nccwpck_require__(9925); +async function findTag(tag, octokitClient) { + try { + const { data: foundTag } = await octokitClient.git.getRef({ + ...github_1.context.repo, + ref: `tags/${tag}` + }); + return foundTag; + } + catch (err) { + if (err.status === 404) { + return null; + } + else { + throw new Error(`Retrieving refs failed with the following error: ${err}`); + } + } +} +async function getTagSHA(tag, octokitClient) { + const foundTag = await findTag(tag, octokitClient); + if (!foundTag) { + throw new Error(`The '${tag}' tag does not exist in the remote repository`); + } + return foundTag.object.sha; +} +async function validateIfReleaseIsPublished(tag, octokitClient) { + try { + const { data: foundRelease } = await octokitClient.repos.getReleaseByTag({ + ...github_1.context.repo, + tag + }); + if (foundRelease.prerelease) { + throw new Error(`The '${foundRelease.name}' release is marked as pre-release. Updating tags for pre-release is not supported`); + } + } + catch (err) { + if (err.status === 404) { + throw new Error(`No GitHub release found for the ${tag} tag`); + } + else { + throw new Error(`Retrieving releases failed with the following error: ${err}`); + } + } +} +exports.validateIfReleaseIsPublished = validateIfReleaseIsPublished; +async function updateTag(sourceTag, targetTag, octokitClient) { + const sourceTagSHA = await getTagSHA(sourceTag, octokitClient); + const foundTargetTag = await findTag(targetTag, octokitClient); + const refName = `tags/${targetTag}`; + if (foundTargetTag) { + core.info(`Updating the '${targetTag}' tag to point to the '${sourceTag}' tag`); + await octokitClient.git.updateRef({ + ...github_1.context.repo, + ref: refName, + sha: sourceTagSHA, + force: true + }); + } + else { + core.info(`Creating the '${targetTag}' tag from the '${sourceTag}' tag`); + await octokitClient.git.createRef({ + ...github_1.context.repo, + ref: `refs/${refName}`, + sha: sourceTagSHA + }); + } +} +exports.updateTag = updateTag; +async function postMessageToSlack(slackWebhook, message) { + const jsonData = { text: message }; + const http = new http_client_1.HttpClient(); + await http.postJson(slackWebhook, jsonData); +} +exports.postMessageToSlack = postMessageToSlack; /***/ }), @@ -111,59 +111,59 @@ exports.postMessageToSlack = postMessageToSlack; /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; - -var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); -}) : (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - o[k2] = m[k]; -})); -var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); -}) : function(o, v) { - o["default"] = v; -}); -var __importStar = (this && this.__importStar) || function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); - __setModuleDefault(result, mod); - return result; -}; -Object.defineProperty(exports, "__esModule", ({ value: true })); -const core = __importStar(__nccwpck_require__(2186)); -const github = __importStar(__nccwpck_require__(5438)); -const github_1 = __nccwpck_require__(5438); -const api_utils_1 = __nccwpck_require__(2430); -const version_utils_1 = __nccwpck_require__(1534); -async function run() { - try { - const token = core.getInput('token'); - const octokitClient = github.getOctokit(token); - const sourceTagName = core.getInput('source-tag'); - version_utils_1.validateSemverVersionFromTag(sourceTagName); - await api_utils_1.validateIfReleaseIsPublished(sourceTagName, octokitClient); - const majorTag = version_utils_1.getMajorTagFromFullTag(sourceTagName); - await api_utils_1.updateTag(sourceTagName, majorTag, octokitClient); - core.setOutput('major-tag', majorTag); - core.info(`The '${majorTag}' major tag now points to the '${sourceTagName}' tag`); - const slackMessage = `The ${majorTag} tag has been successfully updated for the ${github_1.context.repo.repo} action to include changes from ${sourceTagName}`; - await reportStatusToSlack(slackMessage); - } - catch (error) { - core.setFailed(error.message); - const slackMessage = `Failed to update a major tag for the ${github_1.context.repo.repo} action`; - await reportStatusToSlack(slackMessage); - } -} -async function reportStatusToSlack(message) { - const slackWebhook = core.getInput('slack-webhook'); - if (slackWebhook) { - await api_utils_1.postMessageToSlack(slackWebhook, message); - } -} -run(); + +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); +var __importStar = (this && this.__importStar) || function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); + __setModuleDefault(result, mod); + return result; +}; +Object.defineProperty(exports, "__esModule", ({ value: true })); +const core = __importStar(__nccwpck_require__(2186)); +const github = __importStar(__nccwpck_require__(5438)); +const github_1 = __nccwpck_require__(5438); +const api_utils_1 = __nccwpck_require__(2430); +const version_utils_1 = __nccwpck_require__(1534); +async function run() { + try { + const token = core.getInput('token'); + const octokitClient = github.getOctokit(token); + const sourceTagName = core.getInput('source-tag'); + version_utils_1.validateSemverVersionFromTag(sourceTagName); + await api_utils_1.validateIfReleaseIsPublished(sourceTagName, octokitClient); + const majorTag = version_utils_1.getMajorTagFromFullTag(sourceTagName); + await api_utils_1.updateTag(sourceTagName, majorTag, octokitClient); + core.setOutput('major-tag', majorTag); + core.info(`The '${majorTag}' major tag now points to the '${sourceTagName}' tag`); + const slackMessage = `The ${majorTag} tag has been successfully updated for the ${github_1.context.repo.repo} action to include changes from ${sourceTagName}`; + await reportStatusToSlack(slackMessage); + } + catch (error) { + core.setFailed(error.message); + const slackMessage = `Failed to update a major tag for the ${github_1.context.repo.repo} action`; + await reportStatusToSlack(slackMessage); + } +} +async function reportStatusToSlack(message) { + const slackWebhook = core.getInput('slack-webhook'); + if (slackWebhook) { + await api_utils_1.postMessageToSlack(slackWebhook, message); + } +} +run(); /***/ }), @@ -172,31 +172,31 @@ run(); /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; - -var __importDefault = (this && this.__importDefault) || function (mod) { - return (mod && mod.__esModule) ? mod : { "default": mod }; -}; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.validateSemverVersionFromTag = exports.getMajorTagFromFullTag = exports.isStableSemverVersion = void 0; -const parse_1 = __importDefault(__nccwpck_require__(5925)); -function isStableSemverVersion(version) { - return version.prerelease.length === 0; -} -exports.isStableSemverVersion = isStableSemverVersion; -function getMajorTagFromFullTag(fullTag) { - return fullTag.split('.')[0]; -} -exports.getMajorTagFromFullTag = getMajorTagFromFullTag; -function validateSemverVersionFromTag(tag) { - const semverVersion = parse_1.default(tag); - if (!semverVersion) { - throw new Error(`The '${tag}' doesn't satisfy semantic versioning specification`); - } - if (!isStableSemverVersion(semverVersion)) { - throw new Error('It is not allowed to specify pre-release version to update the major tag'); - } -} -exports.validateSemverVersionFromTag = validateSemverVersionFromTag; + +var __importDefault = (this && this.__importDefault) || function (mod) { + return (mod && mod.__esModule) ? mod : { "default": mod }; +}; +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.validateSemverVersionFromTag = exports.getMajorTagFromFullTag = exports.isStableSemverVersion = void 0; +const parse_1 = __importDefault(__nccwpck_require__(5925)); +function isStableSemverVersion(version) { + return version.prerelease.length === 0; +} +exports.isStableSemverVersion = isStableSemverVersion; +function getMajorTagFromFullTag(fullTag) { + return fullTag.split('.')[0]; +} +exports.getMajorTagFromFullTag = getMajorTagFromFullTag; +function validateSemverVersionFromTag(tag) { + const semverVersion = parse_1.default(tag); + if (!semverVersion) { + throw new Error(`The '${tag}' doesn't satisfy semantic versioning specification`); + } + if (!isStableSemverVersion(semverVersion)) { + throw new Error('It is not allowed to specify pre-release version to update the major tag'); + } +} +exports.validateSemverVersionFromTag = validateSemverVersionFromTag; /***/ }), @@ -9327,7 +9327,7 @@ function onceStrict (fn) { const debug = __nccwpck_require__(427) const { MAX_LENGTH, MAX_SAFE_INTEGER } = __nccwpck_require__(2293) -const { re, t } = __nccwpck_require__(9523) +const { safeRe: re, t } = __nccwpck_require__(9523) const parseOptions = __nccwpck_require__(785) const { compareIdentifiers } = __nccwpck_require__(2463) @@ -9343,7 +9343,7 @@ class SemVer { version = version.version } } else if (typeof version !== 'string') { - throw new TypeError(`Invalid Version: ${version}`) + throw new TypeError(`Invalid version. Must be a string. Got type "${typeof version}".`) } if (version.length > MAX_LENGTH) { @@ -9502,36 +9502,36 @@ class SemVer { // preminor will bump the version up to the next minor release, and immediately // down to pre-release. premajor and prepatch work the same way. - inc (release, identifier) { + inc (release, identifier, identifierBase) { switch (release) { case 'premajor': this.prerelease.length = 0 this.patch = 0 this.minor = 0 this.major++ - this.inc('pre', identifier) + this.inc('pre', identifier, identifierBase) break case 'preminor': this.prerelease.length = 0 this.patch = 0 this.minor++ - this.inc('pre', identifier) + this.inc('pre', identifier, identifierBase) break case 'prepatch': // If this is already a prerelease, it will bump to the next version // drop any prereleases that might already exist, since they are not // relevant at this point. this.prerelease.length = 0 - this.inc('patch', identifier) - this.inc('pre', identifier) + this.inc('patch', identifier, identifierBase) + this.inc('pre', identifier, identifierBase) break // If the input is a non-prerelease version, this acts the same as // prepatch. case 'prerelease': if (this.prerelease.length === 0) { - this.inc('patch', identifier) + this.inc('patch', identifier, identifierBase) } - this.inc('pre', identifier) + this.inc('pre', identifier, identifierBase) break case 'major': @@ -9573,9 +9573,15 @@ class SemVer { break // This probably shouldn't be used publicly. // 1.0.0 'pre' would become 1.0.0-0 which is the wrong direction. - case 'pre': + case 'pre': { + const base = Number(identifierBase) ? 1 : 0 + + if (!identifier && identifierBase === false) { + throw new Error('invalid increment argument: identifier is empty') + } + if (this.prerelease.length === 0) { - this.prerelease = [0] + this.prerelease = [base] } else { let i = this.prerelease.length while (--i >= 0) { @@ -9586,27 +9592,36 @@ class SemVer { } if (i === -1) { // didn't increment anything - this.prerelease.push(0) + if (identifier === this.prerelease.join('.') && identifierBase === false) { + throw new Error('invalid increment argument: identifier already exists') + } + this.prerelease.push(base) } } if (identifier) { // 1.2.0-beta.1 bumps to 1.2.0-beta.2, // 1.2.0-beta.fooblz or 1.2.0-beta bumps to 1.2.0-beta.0 + let prerelease = [identifier, base] + if (identifierBase === false) { + prerelease = [identifier] + } if (compareIdentifiers(this.prerelease[0], identifier) === 0) { if (isNaN(this.prerelease[1])) { - this.prerelease = [identifier, 0] + this.prerelease = prerelease } } else { - this.prerelease = [identifier, 0] + this.prerelease = prerelease } } break - + } default: throw new Error(`invalid increment argument: ${release}`) } - this.format() - this.raw = this.version + this.raw = this.format() + if (this.build.length) { + this.raw += `+${this.build.join('.')}` + } return this } } @@ -9619,35 +9634,18 @@ module.exports = SemVer /***/ 5925: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { -const { MAX_LENGTH } = __nccwpck_require__(2293) -const { re, t } = __nccwpck_require__(9523) const SemVer = __nccwpck_require__(8088) - -const parseOptions = __nccwpck_require__(785) -const parse = (version, options) => { - options = parseOptions(options) - +const parse = (version, options, throwErrors = false) => { if (version instanceof SemVer) { return version } - - if (typeof version !== 'string') { - return null - } - - if (version.length > MAX_LENGTH) { - return null - } - - const r = options.loose ? re[t.LOOSE] : re[t.FULL] - if (!r.test(version)) { - return null - } - try { return new SemVer(version, options) } catch (er) { - return null + if (!throwErrors) { + return null + } + throw er } } @@ -9670,11 +9668,29 @@ const MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER || // Max safe segment length for coercion. const MAX_SAFE_COMPONENT_LENGTH = 16 +// Max safe length for a build identifier. The max length minus 6 characters for +// the shortest version with a build 0.0.0+BUILD. +const MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6 + +const RELEASE_TYPES = [ + 'major', + 'premajor', + 'minor', + 'preminor', + 'patch', + 'prepatch', + 'prerelease', +] + module.exports = { - SEMVER_SPEC_VERSION, MAX_LENGTH, - MAX_SAFE_INTEGER, MAX_SAFE_COMPONENT_LENGTH, + MAX_SAFE_BUILD_LENGTH, + MAX_SAFE_INTEGER, + RELEASE_TYPES, + SEMVER_SPEC_VERSION, + FLAG_INCLUDE_PRERELEASE: 0b001, + FLAG_LOOSE: 0b010, } @@ -9729,16 +9745,20 @@ module.exports = { /***/ 785: /***/ ((module) => { -// parse out just the options we care about so we always get a consistent -// obj with keys in a consistent order. -const opts = ['includePrerelease', 'loose', 'rtl'] -const parseOptions = options => - !options ? {} - : typeof options !== 'object' ? { loose: true } - : opts.filter(k => options[k]).reduce((o, k) => { - o[k] = true - return o - }, {}) +// parse out just the options we care about +const looseOption = Object.freeze({ loose: true }) +const emptyOpts = Object.freeze({ }) +const parseOptions = options => { + if (!options) { + return emptyOpts + } + + if (typeof options !== 'object') { + return looseOption + } + + return options +} module.exports = parseOptions @@ -9747,22 +9767,52 @@ module.exports = parseOptions /***/ 9523: /***/ ((module, exports, __nccwpck_require__) => { -const { MAX_SAFE_COMPONENT_LENGTH } = __nccwpck_require__(2293) +const { + MAX_SAFE_COMPONENT_LENGTH, + MAX_SAFE_BUILD_LENGTH, + MAX_LENGTH, +} = __nccwpck_require__(2293) const debug = __nccwpck_require__(427) exports = module.exports = {} // The actual regexps go on exports.re const re = exports.re = [] +const safeRe = exports.safeRe = [] const src = exports.src = [] const t = exports.t = {} let R = 0 +const LETTERDASHNUMBER = '[a-zA-Z0-9-]' + +// Replace some greedy regex tokens to prevent regex dos issues. These regex are +// used internally via the safeRe object since all inputs in this library get +// normalized first to trim and collapse all extra whitespace. The original +// regexes are exported for userland consumption and lower level usage. A +// future breaking change could export the safer regex only with a note that +// all input should have extra whitespace removed. +const safeRegexReplacements = [ + ['\\s', 1], + ['\\d', MAX_LENGTH], + [LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH], +] + +const makeSafeRegex = (value) => { + for (const [token, max] of safeRegexReplacements) { + value = value + .split(`${token}*`).join(`${token}{0,${max}}`) + .split(`${token}+`).join(`${token}{1,${max}}`) + } + return value +} + const createToken = (name, value, isGlobal) => { + const safe = makeSafeRegex(value) const index = R++ debug(name, index, value) t[name] = index src[index] = value re[index] = new RegExp(value, isGlobal ? 'g' : undefined) + safeRe[index] = new RegExp(safe, isGlobal ? 'g' : undefined) } // The following Regular Expressions can be used for tokenizing, @@ -9772,13 +9822,13 @@ const createToken = (name, value, isGlobal) => { // A single `0`, or a non-zero digit followed by zero or more digits. createToken('NUMERICIDENTIFIER', '0|[1-9]\\d*') -createToken('NUMERICIDENTIFIERLOOSE', '[0-9]+') +createToken('NUMERICIDENTIFIERLOOSE', '\\d+') // ## Non-numeric Identifier // Zero or more digits, followed by a letter or hyphen, and then zero or // more letters, digits, or hyphens. -createToken('NONNUMERICIDENTIFIER', '\\d*[a-zA-Z-][a-zA-Z0-9-]*') +createToken('NONNUMERICIDENTIFIER', `\\d*[a-zA-Z-]${LETTERDASHNUMBER}*`) // ## Main Version // Three dot-separated numeric identifiers. @@ -9813,7 +9863,7 @@ createToken('PRERELEASELOOSE', `(?:-?(${src[t.PRERELEASEIDENTIFIERLOOSE] // ## Build Metadata Identifier // Any combination of digits, letters, or hyphens. -createToken('BUILDIDENTIFIER', '[0-9A-Za-z-]+') +createToken('BUILDIDENTIFIER', `${LETTERDASHNUMBER}+`) // ## Build Metadata // Plus sign, followed by one or more period-separated build metadata diff --git a/package-lock.json b/package-lock.json index a918955..573630e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@actions/core": "^1.2.7", "@actions/github": "^4.0.0", "@actions/http-client": "^1.0.11", - "semver": "^7.3.5" + "semver": "^7.5.2" }, "devDependencies": { "@types/jest": "^27.0.2", @@ -6598,9 +6598,9 @@ } }, "node_modules/semver": { - "version": "7.3.8", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz", - "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dependencies": { "lru-cache": "^6.0.0" }, @@ -12424,9 +12424,9 @@ } }, "semver": { - "version": "7.3.8", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz", - "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "requires": { "lru-cache": "^6.0.0" } diff --git a/package.json b/package.json index b73473c..cf7f7b8 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "@actions/core": "^1.2.7", "@actions/github": "^4.0.0", "@actions/http-client": "^1.0.11", - "semver": "^7.3.5" + "semver": "^7.5.2" }, "devDependencies": { "@types/jest": "^27.0.2",