From 873cb4d9a18d29bec94c2a9a592d1076cb552d5d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 30 Jan 2025 11:35:52 +0000
Subject: [PATCH 1/3] build(deps): bump semver from 7.6.3 to 7.7.0

Bumps [semver](https://github.com/npm/node-semver) from 7.6.3 to 7.7.0.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.6.3...v7.7.0)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 15 ++++++++-------
 package.json      |  2 +-
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e191ca0b..60291531 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "dependencies": {
         "@actions/core": "^1.11.1",
         "@actions/tool-cache": "^2.0.2",
-        "semver": "^7.6.3",
+        "semver": "^7.7.0",
         "typed-rest-client": "^2.1.0"
       },
       "devDependencies": {
@@ -9720,9 +9720,10 @@
       "dev": true
     },
     "node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "version": "7.7.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.0.tgz",
+      "integrity": "sha512-DrfFnPzblFmNrIZzg5RzHegbiRWg7KMR7btwi2yjHwx06zsUbO5g613sVwEV7FTwmzJu+Io0lJe2GJ3LxqpvBQ==",
+      "license": "ISC",
       "bin": {
         "semver": "bin/semver.js"
       },
@@ -17768,9 +17769,9 @@
       "dev": true
     },
     "semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A=="
+      "version": "7.7.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.0.tgz",
+      "integrity": "sha512-DrfFnPzblFmNrIZzg5RzHegbiRWg7KMR7btwi2yjHwx06zsUbO5g613sVwEV7FTwmzJu+Io0lJe2GJ3LxqpvBQ=="
     },
     "set-function-length": {
       "version": "1.2.2",
diff --git a/package.json b/package.json
index e26778fe..5cd0f554 100644
--- a/package.json
+++ b/package.json
@@ -18,7 +18,7 @@
   "dependencies": {
     "@actions/core": "^1.11.1",
     "@actions/tool-cache": "^2.0.2",
-    "semver": "^7.6.3",
+    "semver": "^7.7.0",
     "typed-rest-client": "^2.1.0"
   },
   "devDependencies": {

From 020be306778aa1b93bef9ed6d0b6ec8c6a1aef65 Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Thu, 30 Jan 2025 14:21:48 -0800
Subject: [PATCH 2/3] Repackage action following `semver` bump

GitHub downloads each action run in a workflow during runtime and executes it as a complete package of code before you
can use workflow commands like run to interact with the runner machine. This means that we must provide all JavaScript
package dependencies as part of the distributed action in order for it to be usable in workflows.

A naive approach to doing this is checking in the `node_modules` folder. However, this approach results in a huge amount
of frequently changing external content being included in the repository, much of which is not even part of the executed
program.

A far better approach is to use the excellent ncc tool to compile the program, including all the relevant code from the
dependencies, into a single file.

We use a "continuous packaging" approach, where the packaged action code that is generated via ncc is always kept in
sync with the development source code and dependencies. This allows a beta version of the action to be easily used in
workflows by beta testers or those who need changes not in the release simply by using the name of the branch as the
action ref (e.g., `uses: arduino/arduino-lint-action@main` will cause the version of the action from the tip of the
`main` branch to be used by the workflow run).

The update of the package dependency results in a change to the packaged code, so the packaging is here updated
accordingly.
---
 dist/index.js | 42 +++++++++++++++++++++++++-----------------
 1 file changed, 25 insertions(+), 17 deletions(-)

diff --git a/dist/index.js b/dist/index.js
index 18761037..48895d49 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -8980,7 +8980,7 @@ class SemVer {
 
     if (version instanceof SemVer) {
       if (version.loose === !!options.loose &&
-          version.includePrerelease === !!options.includePrerelease) {
+        version.includePrerelease === !!options.includePrerelease) {
         return version
       } else {
         version = version.version
@@ -9146,6 +9146,19 @@ class SemVer {
   // preminor will bump the version up to the next minor release, and immediately
   // down to pre-release. premajor and prepatch work the same way.
   inc (release, identifier, identifierBase) {
+    if (release.startsWith('pre')) {
+      if (!identifier && identifierBase === false) {
+        throw new Error('invalid increment argument: identifier is empty')
+      }
+      // Avoid an invalid semver results
+      if (identifier) {
+        const match = `-${identifier}`.match(this.options.loose ? re[t.PRERELEASELOOSE] : re[t.PRERELEASE])
+        if (!match || match[1] !== identifier) {
+          throw new Error(`invalid identifier: ${identifier}`)
+        }
+      }
+    }
+
     switch (release) {
       case 'premajor':
         this.prerelease.length = 0
@@ -9176,6 +9189,12 @@ class SemVer {
         }
         this.inc('pre', identifier, identifierBase)
         break
+      case 'release':
+        if (this.prerelease.length === 0) {
+          throw new Error(`version ${this.raw} is not a prerelease`)
+        }
+        this.prerelease.length = 0
+        break
 
       case 'major':
         // If this is a pre-major version, bump up to the same major version.
@@ -9219,10 +9238,6 @@ class SemVer {
       case 'pre': {
         const base = Number(identifierBase) ? 1 : 0
 
-        if (!identifier && identifierBase === false) {
-          throw new Error('invalid increment argument: identifier is empty')
-        }
-
         if (this.prerelease.length === 0) {
           this.prerelease = [base]
         } else {
@@ -9481,20 +9496,13 @@ const diff = (version1, version2) => {
       return 'major'
     }
 
-    // Otherwise it can be determined by checking the high version
-
-    if (highVersion.patch) {
-      // anything higher than a patch bump would result in the wrong version
+    // If the main part has no difference
+    if (lowVersion.compareMain(highVersion) === 0) {
+      if (lowVersion.minor && !lowVersion.patch) {
+        return 'minor'
+      }
       return 'patch'
     }
-
-    if (highVersion.minor) {
-      // anything higher than a minor bump would result in the wrong version
-      return 'minor'
-    }
-
-    // bumping major/minor/patch all have same result
-    return 'major'
   }
 
   // add the `pre` prefix if we are going to a prerelease version

From 6bec8fa6f858cf0996a61b8ee218ca459dc2df7e Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Thu, 30 Jan 2025 14:22:08 -0800
Subject: [PATCH 3/3] Update dependency license metadata cache for `semver`
 bump

---
 .licenses/npm/{semver-7.6.3.dep.yml => semver-7.7.0.dep.yml} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename .licenses/npm/{semver-7.6.3.dep.yml => semver-7.7.0.dep.yml} (98%)

diff --git a/.licenses/npm/semver-7.6.3.dep.yml b/.licenses/npm/semver-7.7.0.dep.yml
similarity index 98%
rename from .licenses/npm/semver-7.6.3.dep.yml
rename to .licenses/npm/semver-7.7.0.dep.yml
index c4ee3541..5bf680fa 100644
--- a/.licenses/npm/semver-7.6.3.dep.yml
+++ b/.licenses/npm/semver-7.7.0.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: semver
-version: 7.6.3
+version: 7.7.0
 type: npm
 summary: The semantic version parser used by npm.
 homepage: