From fbfef25913ae2696ce9fa8da5b685d1b6bacab5b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 03:22:59 +0000
Subject: [PATCH 1/3] build(deps): bump semver from 7.7.0 to 7.7.1

Bumps [semver](https://github.com/npm/node-semver) from 7.7.0 to 7.7.1.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.7.0...v7.7.1)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 14 +++++++-------
 package.json      |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 90deebb7..b4134b16 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "dependencies": {
         "@actions/core": "^1.11.1",
         "@actions/tool-cache": "^2.0.2",
-        "semver": "^7.7.0",
+        "semver": "^7.7.1",
         "typed-rest-client": "^2.1.0"
       },
       "devDependencies": {
@@ -9720,9 +9720,9 @@
       "dev": true
     },
     "node_modules/semver": {
-      "version": "7.7.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.0.tgz",
-      "integrity": "sha512-DrfFnPzblFmNrIZzg5RzHegbiRWg7KMR7btwi2yjHwx06zsUbO5g613sVwEV7FTwmzJu+Io0lJe2GJ3LxqpvBQ==",
+      "version": "7.7.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz",
+      "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==",
       "license": "ISC",
       "bin": {
         "semver": "bin/semver.js"
@@ -17769,9 +17769,9 @@
       "dev": true
     },
     "semver": {
-      "version": "7.7.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.0.tgz",
-      "integrity": "sha512-DrfFnPzblFmNrIZzg5RzHegbiRWg7KMR7btwi2yjHwx06zsUbO5g613sVwEV7FTwmzJu+Io0lJe2GJ3LxqpvBQ=="
+      "version": "7.7.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz",
+      "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA=="
     },
     "set-function-length": {
       "version": "1.2.2",
diff --git a/package.json b/package.json
index f4c67bc0..d0b9bc85 100644
--- a/package.json
+++ b/package.json
@@ -18,7 +18,7 @@
   "dependencies": {
     "@actions/core": "^1.11.1",
     "@actions/tool-cache": "^2.0.2",
-    "semver": "^7.7.0",
+    "semver": "^7.7.1",
     "typed-rest-client": "^2.1.0"
   },
   "devDependencies": {

From 80ae545d188d3e946bb4f9ef87ccdc5d9816430b Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Tue, 4 Feb 2025 19:32:21 -0800
Subject: [PATCH 2/3] Repackage action following `semver` bump

GitHub downloads each action run in a workflow during runtime and executes it as a complete package of code before you
can use workflow commands like run to interact with the runner machine. This means that we must provide all JavaScript
package dependencies as part of the distributed action in order for it to be usable in workflows.

A naive approach to doing this is checking in the `node_modules` folder. However, this approach results in a huge amount
of frequently changing external content being included in the repository, much of which is not even part of the executed
program.

A far better approach is to use the excellent ncc tool to compile the program, including all the relevant code from the
dependencies, into a single file.

We use a "continuous packaging" approach, where the packaged action code that is generated via ncc is always kept in
sync with the development source code and dependencies. This allows a beta version of the action to be easily used in
workflows by beta testers or those who need changes not in the release simply by using the name of the branch as the
action ref (e.g., `uses: arduino/arduino-lint-action@main` will cause the version of the action from the tip of the
`main` branch to be used by the workflow run).

The update of the package dependency results in a change to the packaged code, so the packaging is here updated
accordingly.
---
 dist/index.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/dist/index.js b/dist/index.js
index 48895d49..494d3eb2 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -8970,7 +8970,7 @@ const testSet = (set, version, options) => {
 
 const debug = __nccwpck_require__(1159)
 const { MAX_LENGTH, MAX_SAFE_INTEGER } = __nccwpck_require__(5101)
-const { safeRe: re, t } = __nccwpck_require__(5471)
+const { safeRe: re, safeSrc: src, t } = __nccwpck_require__(5471)
 
 const parseOptions = __nccwpck_require__(356)
 const { compareIdentifiers } = __nccwpck_require__(3348)
@@ -9152,7 +9152,8 @@ class SemVer {
       }
       // Avoid an invalid semver results
       if (identifier) {
-        const match = `-${identifier}`.match(this.options.loose ? re[t.PRERELEASELOOSE] : re[t.PRERELEASE])
+        const r = new RegExp(`^${this.options.loose ? src[t.PRERELEASELOOSE] : src[t.PRERELEASE]}$`)
+        const match = `-${identifier}`.match(r)
         if (!match || match[1] !== identifier) {
           throw new Error(`invalid identifier: ${identifier}`)
         }
@@ -10009,6 +10010,7 @@ exports = module.exports = {}
 const re = exports.re = []
 const safeRe = exports.safeRe = []
 const src = exports.src = []
+const safeSrc = exports.safeSrc = []
 const t = exports.t = {}
 let R = 0
 
@@ -10041,6 +10043,7 @@ const createToken = (name, value, isGlobal) => {
   debug(name, index, value)
   t[name] = index
   src[index] = value
+  safeSrc[index] = safe
   re[index] = new RegExp(value, isGlobal ? 'g' : undefined)
   safeRe[index] = new RegExp(safe, isGlobal ? 'g' : undefined)
 }

From 84b8de029e61a6054b60eb18e0fcbb1b8bf0e71d Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Tue, 4 Feb 2025 19:32:40 -0800
Subject: [PATCH 3/3] Update dependency license metadata cache for `semver`
 bump

---
 .licenses/npm/{semver-7.7.0.dep.yml => semver-7.7.1.dep.yml} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename .licenses/npm/{semver-7.7.0.dep.yml => semver-7.7.1.dep.yml} (98%)

diff --git a/.licenses/npm/semver-7.7.0.dep.yml b/.licenses/npm/semver-7.7.1.dep.yml
similarity index 98%
rename from .licenses/npm/semver-7.7.0.dep.yml
rename to .licenses/npm/semver-7.7.1.dep.yml
index 5bf680fa..45cb1909 100644
--- a/.licenses/npm/semver-7.7.0.dep.yml
+++ b/.licenses/npm/semver-7.7.1.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: semver
-version: 7.7.0
+version: 7.7.1
 type: npm
 summary: The semantic version parser used by npm.
 homepage: