From ea237964450673c10ad7b678a6aab37176b787a3 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 15:58:08 +0000 Subject: [PATCH 1/5] Update changelog for v3.28.2 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e9396160b..a2ffdd58b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## [UNRELEASED] +## 3.28.2 - 21 Jan 2025 No user facing changes. From 6fee807c9b3feba6fbe618b53a8d442ae6877001 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 17:05:34 +0000 Subject: [PATCH 2/5] Update changelog and version after v3.28.2 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a2ffdd58b..540baed19 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## [UNRELEASED] + +No user facing changes. + ## 3.28.2 - 21 Jan 2025 No user facing changes. diff --git a/package-lock.json b/package-lock.json index 0120b09db..f8179a025 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "3.28.2", + "version": "3.28.3", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "3.28.2", + "version": "3.28.3", "license": "MIT", "dependencies": { "@actions/artifact": "^2.1.9", diff --git a/package.json b/package.json index fc64f4ebc..185ae6891 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.28.2", + "version": "3.28.3", "private": true, "description": "CodeQL action", "scripts": { From 86400836d1b23ff713e657887c113b0b8220d731 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 17:07:17 +0000 Subject: [PATCH 3/5] Update checked-in dependencies --- node_modules/.package-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index 58af65496..a9ab271a4 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.28.2", + "version": "3.28.3", "lockfileVersion": 3, "requires": true, "packages": { From c34eb63970af33aa2fc41530a94c726b55a70813 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Jan 2025 13:20:50 +0000 Subject: [PATCH 4/5] build(deps): bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn group Bumps the npm_and_yarn group with 1 update: [undici](https://github.com/nodejs/undici). Updates `undici` from 5.28.4 to 5.28.5 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5) --- updated-dependencies: - dependency-name: undici dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] --- package-lock.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index f8179a025..6ac92424b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7636,9 +7636,10 @@ } }, "node_modules/undici": { - "version": "5.28.4", - "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz", - "integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==", + "version": "5.28.5", + "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz", + "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==", + "license": "MIT", "dependencies": { "@fastify/busboy": "^2.0.0" }, From 140c5ea762e1a2be830ca8428d936fb48671ba00 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 22 Jan 2025 13:22:06 +0000 Subject: [PATCH 5/5] Update checked-in dependencies --- node_modules/.package-lock.json | 7 ++++--- node_modules/undici/lib/fetch/body.js | 10 +++++++++- node_modules/undici/package.json | 2 +- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index a9ab271a4..3c008471e 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -7568,9 +7568,10 @@ } }, "node_modules/undici": { - "version": "5.28.4", - "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz", - "integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==", + "version": "5.28.5", + "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz", + "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==", + "license": "MIT", "dependencies": { "@fastify/busboy": "^2.0.0" }, diff --git a/node_modules/undici/lib/fetch/body.js b/node_modules/undici/lib/fetch/body.js index fd8481b79..4afcfdfbc 100644 --- a/node_modules/undici/lib/fetch/body.js +++ b/node_modules/undici/lib/fetch/body.js @@ -22,6 +22,14 @@ const { isUint8Array, isArrayBuffer } = require('util/types') const { File: UndiciFile } = require('./file') const { parseMIMEType, serializeAMimeType } = require('./dataURL') +let random +try { + const crypto = require('node:crypto') + random = (max) => crypto.randomInt(0, max) +} catch { + random = (max) => Math.floor(Math.random(max)) +} + let ReadableStream = globalThis.ReadableStream /** @type {globalThis['File']} */ @@ -107,7 +115,7 @@ function extractBody (object, keepalive = false) { // Set source to a copy of the bytes held by object. source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength)) } else if (util.isFormDataLike(object)) { - const boundary = `----formdata-undici-0${`${Math.floor(Math.random() * 1e11)}`.padStart(11, '0')}` + const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}` const prefix = `--${boundary}\r\nContent-Disposition: form-data` /*! formdata-polyfill. MIT License. Jimmy Wärting */ diff --git a/node_modules/undici/package.json b/node_modules/undici/package.json index 65a2d9833..0c6b71e17 100644 --- a/node_modules/undici/package.json +++ b/node_modules/undici/package.json @@ -1,6 +1,6 @@ { "name": "undici", - "version": "5.28.4", + "version": "5.28.5", "description": "An HTTP/1.1 client, written from scratch for Node.js", "homepage": "https://undici.nodejs.org", "bugs": {