diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml new file mode 100644 index 0000000000..740c2ee988 --- /dev/null +++ b/.github/workflows/android.yml @@ -0,0 +1,26 @@ +name: Android CI + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: set up JDK 11 + uses: actions/setup-java@v3 + with: + java-version: '11' + distribution: 'temurin' + cache: gradle + + - name: Grant execute permission for gradlew + run: chmod +x gradlew + - name: Build with Gradle + run: ./gradlew build diff --git a/.github/workflows/generator-generic-ossf-slsa3-publish.yml b/.github/workflows/generator-generic-ossf-slsa3-publish.yml new file mode 100644 index 0000000000..a36e782cbf --- /dev/null +++ b/.github/workflows/generator-generic-ossf-slsa3-publish.yml @@ -0,0 +1,66 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow lets you generate SLSA provenance file for your project. +# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements +# The project is an initiative of the OpenSSF (openssf.org) and is developed at +# https://github.com/slsa-framework/slsa-github-generator. +# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. +# For more information about SLSA and how it improves the supply-chain, visit slsa.dev. + +name: SLSA generic generator +on: + workflow_dispatch: + release: + types: [created] + +jobs: + build: + runs-on: ubuntu-latest + outputs: + digests: ${{ steps.hash.outputs.digests }} + + steps: + - uses: actions/checkout@v3 + + # ======================================================== + # + # Step 1: Build your artifacts. + # + # ======================================================== + - name: Build artifacts + run: | + # These are some amazing artifacts. + echo "artifact1" > artifact1 + echo "artifact2" > artifact2 + + # ======================================================== + # + # Step 2: Add a step to generate the provenance subjects + # as shown below. Update the sha256 sum arguments + # to include all binaries that you generate + # provenance for. + # + # ======================================================== + - name: Generate subject for provenance + id: hash + run: | + set -euo pipefail + + # List the artifacts the provenance will refer to. + files=$(ls artifact*) + # Generate the subjects (base64 encoded). + echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}" + + provenance: + needs: [build] + permissions: + actions: read # To read the workflow path. + id-token: write # To sign the provenance. + contents: write # To add assets to a release. + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0 + with: + base64-subjects: "${{ needs.build.outputs.digests }}" + upload-assets: true # Optional: Upload to a new release diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml new file mode 100644 index 0000000000..eb4d9d56e0 --- /dev/null +++ b/.github/workflows/node.js.yml @@ -0,0 +1,31 @@ +# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node +# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs + +name: Node.js CI + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +jobs: + build: + + runs-on: ubuntu-latest + + strategy: + matrix: + node-version: [14.x, 16.x, 18.x] + # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ + + steps: + - uses: actions/checkout@v3 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node-version }} + cache: 'npm' + - run: npm ci + - run: npm run build --if-present + - run: npm test diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml new file mode 100644 index 0000000000..bdaab28a48 --- /dev/null +++ b/.github/workflows/python-publish.yml @@ -0,0 +1,39 @@ +# This workflow will upload a Python Package using Twine when a release is created +# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Upload Python Package + +on: + release: + types: [published] + +permissions: + contents: read + +jobs: + deploy: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Set up Python + uses: actions/setup-python@v3 + with: + python-version: '3.x' + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install build + - name: Build package + run: python -m build + - name: Publish package + uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 + with: + user: __token__ + password: ${{ secrets.PYPI_API_TOKEN }} diff --git a/.pnp.cjs b/.pnp.cjs index 6c86c1d9b1..43145b3fda 100644 --- a/.pnp.cjs +++ b/.pnp.cjs @@ -1112,7 +1112,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { "packageDependencies": [\ ["@npmcli/fs", "npm:2.1.0"],\ ["@gar/promisify", "npm:1.1.3"],\ - ["semver", "npm:7.3.7"]\ + ["semver", "npm:7.5.4"]\ ],\ "linkType": "HARD"\ }]\ @@ -1316,7 +1316,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["json5", "npm:2.2.1"],\ ["msgpackr", "npm:1.6.0"],\ ["nullthrows", "npm:1.1.1"],\ - ["semver", "npm:5.7.1"]\ + ["semver", "npm:5.7.2"]\ ],\ "linkType": "HARD"\ }],\ @@ -1701,7 +1701,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["@parcel/utils", "npm:2.6.2"],\ ["@parcel/workers", "virtual:aa1797faca4a934b86d07dfa52e0db4db288b85fed415e745782ef9bd4bd39771970f9017a79cb7ed092d23d2539cea12a1cec949dfa0bb86e0fda2290caa70e#npm:2.6.2"],\ ["@types/parcel__core", null],\ - ["semver", "npm:5.7.1"]\ + ["semver", "npm:5.7.2"]\ ],\ "packagePeers": [\ "@types/parcel__core"\ @@ -3301,7 +3301,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { "packageLocation": "./.yarn/cache/builtins-npm-5.0.1-6d4820dd76-66d204657f.zip/node_modules/builtins/",\ "packageDependencies": [\ ["builtins", "npm:5.0.1"],\ - ["semver", "npm:7.3.7"]\ + ["semver", "npm:7.5.4"]\ ],\ "linkType": "HARD"\ }]\ @@ -4895,7 +4895,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["is-core-module", "npm:2.12.1"],\ ["minimatch", "npm:3.1.2"],\ ["resolve", "patch:resolve@npm%3A1.22.3#~builtin::version=1.22.3&hash=07638b"],\ - ["semver", "npm:7.5.3"]\ + ["semver", "npm:7.5.4"]\ ],\ "packagePeers": [\ "@types/eslint",\ @@ -4923,7 +4923,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["ignore", "npm:5.2.0"],\ ["minimatch", "npm:3.1.2"],\ ["resolve", "patch:resolve@npm%3A1.22.0#~builtin::version=1.22.0&hash=07638b"],\ - ["semver", "npm:6.3.0"]\ + ["semver", "npm:6.3.1"]\ ],\ "packagePeers": [\ "@types/eslint",\ @@ -5678,7 +5678,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["kleur", "npm:4.1.4"],\ ["minimist", "npm:1.2.6"],\ ["prompts", "npm:2.4.2"],\ - ["semver", "npm:7.3.7"]\ + ["semver", "npm:7.5.4"]\ ],\ "packagePeers": [\ "@types/jest-diff",\ @@ -6724,7 +6724,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { "packageLocation": "./.yarn/cache/make-dir-npm-3.1.0-d1d7505142-484200020a.zip/node_modules/make-dir/",\ "packageDependencies": [\ ["make-dir", "npm:3.1.0"],\ - ["semver", "npm:6.3.0"]\ + ["semver", "npm:6.3.1"]\ ],\ "linkType": "HARD"\ }],\ @@ -6732,7 +6732,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { "packageLocation": "./.yarn/cache/make-dir-npm-4.0.0-ec3cd921cc-bf0731a2dd.zip/node_modules/make-dir/",\ "packageDependencies": [\ ["make-dir", "npm:4.0.0"],\ - ["semver", "npm:7.5.3"]\ + ["semver", "npm:7.5.4"]\ ],\ "linkType": "HARD"\ }]\ @@ -7117,7 +7117,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["nopt", "npm:5.0.0"],\ ["npmlog", "npm:6.0.2"],\ ["rimraf", "npm:3.0.2"],\ - ["semver", "npm:7.3.7"],\ + ["semver", "npm:7.5.4"],\ ["tar", "npm:6.1.11"],\ ["which", "npm:2.0.2"]\ ],\ @@ -8293,17 +8293,10 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { }]\ ]],\ ["semver", [\ - ["npm:5.7.1", {\ - "packageLocation": "./.yarn/cache/semver-npm-5.7.1-40bcea106b-57fd0acfd0.zip/node_modules/semver/",\ - "packageDependencies": [\ - ["semver", "npm:5.7.1"]\ - ],\ - "linkType": "HARD"\ - }],\ - ["npm:6.3.0", {\ - "packageLocation": "./.yarn/cache/semver-npm-6.3.0-b3eace8bfd-1b26ecf6db.zip/node_modules/semver/",\ + ["npm:5.7.2", {\ + "packageLocation": "./.yarn/cache/semver-npm-5.7.2-938ee91eaa-fb4ab5e0dd.zip/node_modules/semver/",\ "packageDependencies": [\ - ["semver", "npm:6.3.0"]\ + ["semver", "npm:5.7.2"]\ ],\ "linkType": "HARD"\ }],\ @@ -8314,22 +8307,6 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ],\ "linkType": "HARD"\ }],\ - ["npm:7.3.7", {\ - "packageLocation": "./.yarn/cache/semver-npm-7.3.7-3bfe704194-2fa3e87756.zip/node_modules/semver/",\ - "packageDependencies": [\ - ["semver", "npm:7.3.7"],\ - ["lru-cache", "npm:6.0.0"]\ - ],\ - "linkType": "HARD"\ - }],\ - ["npm:7.5.3", {\ - "packageLocation": "./.yarn/cache/semver-npm-7.5.3-275095dbf3-9d58db1652.zip/node_modules/semver/",\ - "packageDependencies": [\ - ["semver", "npm:7.5.3"],\ - ["lru-cache", "npm:6.0.0"]\ - ],\ - "linkType": "HARD"\ - }],\ ["npm:7.5.4", {\ "packageLocation": "./.yarn/cache/semver-npm-7.5.4-c4ad957fcd-12d8ad952f.zip/node_modules/semver/",\ "packageDependencies": [\ @@ -9168,7 +9145,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["espree", "npm:9.3.2"],\ ["esquery", "npm:1.4.0"],\ ["lodash", "npm:4.17.21"],\ - ["semver", "npm:7.3.7"]\ + ["semver", "npm:7.5.4"]\ ],\ "packagePeers": [\ "@types/eslint",\ diff --git a/.yarn/cache/semver-npm-5.7.1-40bcea106b-57fd0acfd0.zip b/.yarn/cache/semver-npm-5.7.1-40bcea106b-57fd0acfd0.zip deleted file mode 100644 index 68795d8776..0000000000 Binary files a/.yarn/cache/semver-npm-5.7.1-40bcea106b-57fd0acfd0.zip and /dev/null differ diff --git a/.yarn/cache/semver-npm-5.7.2-938ee91eaa-fb4ab5e0dd.zip b/.yarn/cache/semver-npm-5.7.2-938ee91eaa-fb4ab5e0dd.zip new file mode 100644 index 0000000000..1a2673b793 Binary files /dev/null and b/.yarn/cache/semver-npm-5.7.2-938ee91eaa-fb4ab5e0dd.zip differ diff --git a/.yarn/cache/semver-npm-6.3.0-b3eace8bfd-1b26ecf6db.zip b/.yarn/cache/semver-npm-6.3.0-b3eace8bfd-1b26ecf6db.zip deleted file mode 100644 index 6320ec2b1b..0000000000 Binary files a/.yarn/cache/semver-npm-6.3.0-b3eace8bfd-1b26ecf6db.zip and /dev/null differ diff --git a/.yarn/cache/semver-npm-7.3.7-3bfe704194-2fa3e87756.zip b/.yarn/cache/semver-npm-7.3.7-3bfe704194-2fa3e87756.zip deleted file mode 100644 index 38aca8db9d..0000000000 Binary files a/.yarn/cache/semver-npm-7.3.7-3bfe704194-2fa3e87756.zip and /dev/null differ diff --git a/.yarn/cache/semver-npm-7.5.3-275095dbf3-9d58db1652.zip b/.yarn/cache/semver-npm-7.5.3-275095dbf3-9d58db1652.zip deleted file mode 100644 index 79b7d4718c..0000000000 Binary files a/.yarn/cache/semver-npm-7.5.3-275095dbf3-9d58db1652.zip and /dev/null differ diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..034e848032 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. diff --git a/dev/coverage-action/package-lock.json b/dev/coverage-action/package-lock.json index 130131beb3..aac25f7d4f 100644 --- a/dev/coverage-action/package-lock.json +++ b/dev/coverage-action/package-lock.json @@ -2095,9 +2095,9 @@ } }, "node_modules/eslint-plugin-node/node_modules/semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", "dev": true, "bin": { "semver": "bin/semver.js" @@ -3572,9 +3572,9 @@ } }, "node_modules/make-dir/node_modules/semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", "bin": { "semver": "bin/semver.js" } @@ -7619,9 +7619,9 @@ }, "dependencies": { "semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", "dev": true } } @@ -8671,9 +8671,9 @@ }, "dependencies": { "semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==" + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" } } }, diff --git a/yarn.lock b/yarn.lock index b3b401d115..69b6b05a7a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7027,24 +7027,15 @@ browserlist@latest: linkType: hard "semver@npm:^5.7.1": - version: 5.7.1 - resolution: "semver@npm:5.7.1" + version: 5.7.2 + resolution: "semver@npm:5.7.2" bin: - semver: ./bin/semver - checksum: 57fd0acfd0bac382ee87cd52cd0aaa5af086a7dc8d60379dfe65fea491fb2489b6016400813930ecd61fd0952dae75c115287a1b16c234b1550887117744dfaf + semver: bin/semver + checksum: fb4ab5e0dd1c22ce0c937ea390b4a822147a9c53dbd2a9a0132f12fe382902beef4fbf12cf51bb955248d8d15874ce8cd89532569756384f994309825f10b686 languageName: node linkType: hard -"semver@npm:^6.0.0, semver@npm:^6.1.0, semver@npm:^6.3.0": - version: 6.3.0 - resolution: "semver@npm:6.3.0" - bin: - semver: ./bin/semver.js - checksum: 1b26ecf6db9e8292dd90df4e781d91875c0dcc1b1909e70f5d12959a23c7eebb8f01ea581c00783bbee72ceeaad9505797c381756326073850dc36ed284b21b9 - languageName: node - linkType: hard - -"semver@npm:^6.3.1": +"semver@npm:^6.0.0, semver@npm:^6.1.0, semver@npm:^6.3.0, semver@npm:^6.3.1": version: 6.3.1 resolution: "semver@npm:6.3.1" bin: @@ -7053,18 +7044,7 @@ browserlist@latest: languageName: node linkType: hard -"semver@npm:^7.0.0, semver@npm:^7.3.5, semver@npm:^7.3.6": - version: 7.3.7 - resolution: "semver@npm:7.3.7" - dependencies: - lru-cache: ^6.0.0 - bin: - semver: bin/semver.js - checksum: 2fa3e877568cd6ce769c75c211beaed1f9fce80b28338cadd9d0b6c40f2e2862bafd62c19a6cff42f3d54292b7c623277bcab8816a2b5521cf15210d43e75232 - languageName: node - linkType: hard - -"semver@npm:^7.5.2, semver@npm:^7.5.4": +"semver@npm:^7.0.0, semver@npm:^7.3.5, semver@npm:^7.3.6, semver@npm:^7.5.2, semver@npm:^7.5.3, semver@npm:^7.5.4": version: 7.5.4 resolution: "semver@npm:7.5.4" dependencies: @@ -7075,17 +7055,6 @@ browserlist@latest: languageName: node linkType: hard -"semver@npm:^7.5.3": - version: 7.5.3 - resolution: "semver@npm:7.5.3" - dependencies: - lru-cache: ^6.0.0 - bin: - semver: bin/semver.js - checksum: 9d58db16525e9f749ad0a696a1f27deabaa51f66e91d2fa2b0db3de3e9644e8677de3b7d7a03f4c15bc81521e0c3916d7369e0572dbde250d9bedf5194e2a8a7 - languageName: node - linkType: hard - "send@npm:0.18.0": version: 0.18.0 resolution: "send@npm:0.18.0"