mirror of
https://github.com/actions/setup-dotnet.git
synced 2025-02-03 17:36:42 -05:00
Revert audit fixes for heap memory failures
This commit is contained in:
HarithaVattikuti
parent
e64dab94d1
commit
e5b1cd3f78
3 changed files with 1616 additions and 16176 deletions
95
dist/cache-save/index.js
vendored
95
dist/cache-save/index.js
vendored
|
|
@ -50967,11 +50967,8 @@ var MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER ||
|
|||
// Max safe segment length for coercion.
|
||||
var MAX_SAFE_COMPONENT_LENGTH = 16
|
||||
|
||||
var MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6
|
||||
|
||||
// The actual regexps go on exports.re
|
||||
var re = exports.re = []
|
||||
var safeRe = exports.safeRe = []
|
||||
var src = exports.src = []
|
||||
var t = exports.tokens = {}
|
||||
var R = 0
|
||||
|
|
@ -50980,31 +50977,6 @@ function tok (n) {
|
|||
t[n] = R++
|
||||
}
|
||||
|
||||
var LETTERDASHNUMBER = '[a-zA-Z0-9-]'
|
||||
|
||||
// Replace some greedy regex tokens to prevent regex dos issues. These regex are
|
||||
// used internally via the safeRe object since all inputs in this library get
|
||||
// normalized first to trim and collapse all extra whitespace. The original
|
||||
// regexes are exported for userland consumption and lower level usage. A
|
||||
// future breaking change could export the safer regex only with a note that
|
||||
// all input should have extra whitespace removed.
|
||||
var safeRegexReplacements = [
|
||||
['\\s', 1],
|
||||
['\\d', MAX_LENGTH],
|
||||
[LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH],
|
||||
]
|
||||
|
||||
function makeSafeRe (value) {
|
||||
for (var i = 0; i < safeRegexReplacements.length; i++) {
|
||||
var token = safeRegexReplacements[i][0]
|
||||
var max = safeRegexReplacements[i][1]
|
||||
value = value
|
||||
.split(token + '*').join(token + '{0,' + max + '}')
|
||||
.split(token + '+').join(token + '{1,' + max + '}')
|
||||
}
|
||||
return value
|
||||
}
|
||||
|
||||
// The following Regular Expressions can be used for tokenizing,
|
||||
// validating, and parsing SemVer version strings.
|
||||
|
||||
|
|
@ -51014,14 +50986,14 @@ function makeSafeRe (value) {
|
|||
tok('NUMERICIDENTIFIER')
|
||||
src[t.NUMERICIDENTIFIER] = '0|[1-9]\\d*'
|
||||
tok('NUMERICIDENTIFIERLOOSE')
|
||||
src[t.NUMERICIDENTIFIERLOOSE] = '\\d+'
|
||||
src[t.NUMERICIDENTIFIERLOOSE] = '[0-9]+'
|
||||
|
||||
// ## Non-numeric Identifier
|
||||
// Zero or more digits, followed by a letter or hyphen, and then zero or
|
||||
// more letters, digits, or hyphens.
|
||||
|
||||
tok('NONNUMERICIDENTIFIER')
|
||||
src[t.NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-]' + LETTERDASHNUMBER + '*'
|
||||
src[t.NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-][a-zA-Z0-9-]*'
|
||||
|
||||
// ## Main Version
|
||||
// Three dot-separated numeric identifiers.
|
||||
|
|
@ -51063,7 +51035,7 @@ src[t.PRERELEASELOOSE] = '(?:-?(' + src[t.PRERELEASEIDENTIFIERLOOSE] +
|
|||
// Any combination of digits, letters, or hyphens.
|
||||
|
||||
tok('BUILDIDENTIFIER')
|
||||
src[t.BUILDIDENTIFIER] = LETTERDASHNUMBER + '+'
|
||||
src[t.BUILDIDENTIFIER] = '[0-9A-Za-z-]+'
|
||||
|
||||
// ## Build Metadata
|
||||
// Plus sign, followed by one or more period-separated build metadata
|
||||
|
|
@ -51143,7 +51115,6 @@ src[t.COERCE] = '(^|[^\\d])' +
|
|||
'(?:$|[^\\d])'
|
||||
tok('COERCERTL')
|
||||
re[t.COERCERTL] = new RegExp(src[t.COERCE], 'g')
|
||||
safeRe[t.COERCERTL] = new RegExp(makeSafeRe(src[t.COERCE]), 'g')
|
||||
|
||||
// Tilde ranges.
|
||||
// Meaning is "reasonably at or greater than"
|
||||
|
|
@ -51153,7 +51124,6 @@ src[t.LONETILDE] = '(?:~>?)'
|
|||
tok('TILDETRIM')
|
||||
src[t.TILDETRIM] = '(\\s*)' + src[t.LONETILDE] + '\\s+'
|
||||
re[t.TILDETRIM] = new RegExp(src[t.TILDETRIM], 'g')
|
||||
safeRe[t.TILDETRIM] = new RegExp(makeSafeRe(src[t.TILDETRIM]), 'g')
|
||||
var tildeTrimReplace = '$1~'
|
||||
|
||||
tok('TILDE')
|
||||
|
|
@ -51169,7 +51139,6 @@ src[t.LONECARET] = '(?:\\^)'
|
|||
tok('CARETTRIM')
|
||||
src[t.CARETTRIM] = '(\\s*)' + src[t.LONECARET] + '\\s+'
|
||||
re[t.CARETTRIM] = new RegExp(src[t.CARETTRIM], 'g')
|
||||
safeRe[t.CARETTRIM] = new RegExp(makeSafeRe(src[t.CARETTRIM]), 'g')
|
||||
var caretTrimReplace = '$1^'
|
||||
|
||||
tok('CARET')
|
||||
|
|
@ -51191,7 +51160,6 @@ src[t.COMPARATORTRIM] = '(\\s*)' + src[t.GTLT] +
|
|||
|
||||
// this one has to use the /g flag
|
||||
re[t.COMPARATORTRIM] = new RegExp(src[t.COMPARATORTRIM], 'g')
|
||||
safeRe[t.COMPARATORTRIM] = new RegExp(makeSafeRe(src[t.COMPARATORTRIM]), 'g')
|
||||
var comparatorTrimReplace = '$1$2$3'
|
||||
|
||||
// Something like `1.2.3 - 1.2.4`
|
||||
|
|
@ -51220,14 +51188,6 @@ for (var i = 0; i < R; i++) {
|
|||
debug(i, src[i])
|
||||
if (!re[i]) {
|
||||
re[i] = new RegExp(src[i])
|
||||
|
||||
// Replace all greedy whitespace to prevent regex dos issues. These regex are
|
||||
// used internally via the safeRe object since all inputs in this library get
|
||||
// normalized first to trim and collapse all extra whitespace. The original
|
||||
// regexes are exported for userland consumption and lower level usage. A
|
||||
// future breaking change could export the safer regex only with a note that
|
||||
// all input should have extra whitespace removed.
|
||||
safeRe[i] = new RegExp(makeSafeRe(src[i]))
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -51252,7 +51212,7 @@ function parse (version, options) {
|
|||
return null
|
||||
}
|
||||
|
||||
var r = options.loose ? safeRe[t.LOOSE] : safeRe[t.FULL]
|
||||
var r = options.loose ? re[t.LOOSE] : re[t.FULL]
|
||||
if (!r.test(version)) {
|
||||
return null
|
||||
}
|
||||
|
|
@ -51307,7 +51267,7 @@ function SemVer (version, options) {
|
|||
this.options = options
|
||||
this.loose = !!options.loose
|
||||
|
||||
var m = version.trim().match(options.loose ? safeRe[t.LOOSE] : safeRe[t.FULL])
|
||||
var m = version.trim().match(options.loose ? re[t.LOOSE] : re[t.FULL])
|
||||
|
||||
if (!m) {
|
||||
throw new TypeError('Invalid Version: ' + version)
|
||||
|
|
@ -51752,7 +51712,6 @@ function Comparator (comp, options) {
|
|||
return new Comparator(comp, options)
|
||||
}
|
||||
|
||||
comp = comp.trim().split(/\s+/).join(' ')
|
||||
debug('comparator', comp, options)
|
||||
this.options = options
|
||||
this.loose = !!options.loose
|
||||
|
|
@ -51769,7 +51728,7 @@ function Comparator (comp, options) {
|
|||
|
||||
var ANY = {}
|
||||
Comparator.prototype.parse = function (comp) {
|
||||
var r = this.options.loose ? safeRe[t.COMPARATORLOOSE] : safeRe[t.COMPARATOR]
|
||||
var r = this.options.loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR]
|
||||
var m = comp.match(r)
|
||||
|
||||
if (!m) {
|
||||
|
|
@ -51893,16 +51852,9 @@ function Range (range, options) {
|
|||
this.loose = !!options.loose
|
||||
this.includePrerelease = !!options.includePrerelease
|
||||
|
||||
// First reduce all whitespace as much as possible so we do not have to rely
|
||||
// on potentially slow regexes like \s*. This is then stored and used for
|
||||
// future error messages as well.
|
||||
this.raw = range
|
||||
.trim()
|
||||
.split(/\s+/)
|
||||
.join(' ')
|
||||
|
||||
// First, split based on boolean or ||
|
||||
this.set = this.raw.split('||').map(function (range) {
|
||||
this.raw = range
|
||||
this.set = range.split(/\s*\|\|\s*/).map(function (range) {
|
||||
return this.parseRange(range.trim())
|
||||
}, this).filter(function (c) {
|
||||
// throw out any that are not relevant for whatever reason
|
||||
|
|
@ -51910,7 +51862,7 @@ function Range (range, options) {
|
|||
})
|
||||
|
||||
if (!this.set.length) {
|
||||
throw new TypeError('Invalid SemVer Range: ' + this.raw)
|
||||
throw new TypeError('Invalid SemVer Range: ' + range)
|
||||
}
|
||||
|
||||
this.format()
|
||||
|
|
@ -51929,19 +51881,20 @@ Range.prototype.toString = function () {
|
|||
|
||||
Range.prototype.parseRange = function (range) {
|
||||
var loose = this.options.loose
|
||||
range = range.trim()
|
||||
// `1.2.3 - 1.2.4` => `>=1.2.3 <=1.2.4`
|
||||
var hr = loose ? safeRe[t.HYPHENRANGELOOSE] : safeRe[t.HYPHENRANGE]
|
||||
var hr = loose ? re[t.HYPHENRANGELOOSE] : re[t.HYPHENRANGE]
|
||||
range = range.replace(hr, hyphenReplace)
|
||||
debug('hyphen replace', range)
|
||||
// `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5`
|
||||
range = range.replace(safeRe[t.COMPARATORTRIM], comparatorTrimReplace)
|
||||
debug('comparator trim', range, safeRe[t.COMPARATORTRIM])
|
||||
range = range.replace(re[t.COMPARATORTRIM], comparatorTrimReplace)
|
||||
debug('comparator trim', range, re[t.COMPARATORTRIM])
|
||||
|
||||
// `~ 1.2.3` => `~1.2.3`
|
||||
range = range.replace(safeRe[t.TILDETRIM], tildeTrimReplace)
|
||||
range = range.replace(re[t.TILDETRIM], tildeTrimReplace)
|
||||
|
||||
// `^ 1.2.3` => `^1.2.3`
|
||||
range = range.replace(safeRe[t.CARETTRIM], caretTrimReplace)
|
||||
range = range.replace(re[t.CARETTRIM], caretTrimReplace)
|
||||
|
||||
// normalize spaces
|
||||
range = range.split(/\s+/).join(' ')
|
||||
|
|
@ -51949,7 +51902,7 @@ Range.prototype.parseRange = function (range) {
|
|||
// At this point, the range is completely trimmed and
|
||||
// ready to be split into comparators.
|
||||
|
||||
var compRe = loose ? safeRe[t.COMPARATORLOOSE] : safeRe[t.COMPARATOR]
|
||||
var compRe = loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR]
|
||||
var set = range.split(' ').map(function (comp) {
|
||||
return parseComparator(comp, this.options)
|
||||
}, this).join(' ').split(/\s+/)
|
||||
|
|
@ -52049,7 +52002,7 @@ function replaceTildes (comp, options) {
|
|||
}
|
||||
|
||||
function replaceTilde (comp, options) {
|
||||
var r = options.loose ? safeRe[t.TILDELOOSE] : safeRe[t.TILDE]
|
||||
var r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE]
|
||||
return comp.replace(r, function (_, M, m, p, pr) {
|
||||
debug('tilde', comp, _, M, m, p, pr)
|
||||
var ret
|
||||
|
|
@ -52090,7 +52043,7 @@ function replaceCarets (comp, options) {
|
|||
|
||||
function replaceCaret (comp, options) {
|
||||
debug('caret', comp, options)
|
||||
var r = options.loose ? safeRe[t.CARETLOOSE] : safeRe[t.CARET]
|
||||
var r = options.loose ? re[t.CARETLOOSE] : re[t.CARET]
|
||||
return comp.replace(r, function (_, M, m, p, pr) {
|
||||
debug('caret', comp, _, M, m, p, pr)
|
||||
var ret
|
||||
|
|
@ -52149,7 +52102,7 @@ function replaceXRanges (comp, options) {
|
|||
|
||||
function replaceXRange (comp, options) {
|
||||
comp = comp.trim()
|
||||
var r = options.loose ? safeRe[t.XRANGELOOSE] : safeRe[t.XRANGE]
|
||||
var r = options.loose ? re[t.XRANGELOOSE] : re[t.XRANGE]
|
||||
return comp.replace(r, function (ret, gtlt, M, m, p, pr) {
|
||||
debug('xRange', comp, ret, gtlt, M, m, p, pr)
|
||||
var xM = isX(M)
|
||||
|
|
@ -52224,7 +52177,7 @@ function replaceXRange (comp, options) {
|
|||
function replaceStars (comp, options) {
|
||||
debug('replaceStars', comp, options)
|
||||
// Looseness is ignored here. star is always as loose as it gets!
|
||||
return comp.trim().replace(safeRe[t.STAR], '')
|
||||
return comp.trim().replace(re[t.STAR], '')
|
||||
}
|
||||
|
||||
// This function is passed to string.replace(re[t.HYPHENRANGE])
|
||||
|
|
@ -52550,7 +52503,7 @@ function coerce (version, options) {
|
|||
|
||||
var match = null
|
||||
if (!options.rtl) {
|
||||
match = version.match(safeRe[t.COERCE])
|
||||
match = version.match(re[t.COERCE])
|
||||
} else {
|
||||
// Find the right-most coercible string that does not share
|
||||
// a terminus with a more left-ward coercible string.
|
||||
|
|
@ -52561,17 +52514,17 @@ function coerce (version, options) {
|
|||
// Stop when we get a match that ends at the string end, since no
|
||||
// coercible string can be more right-ward without the same terminus.
|
||||
var next
|
||||
while ((next = safeRe[t.COERCERTL].exec(version)) &&
|
||||
while ((next = re[t.COERCERTL].exec(version)) &&
|
||||
(!match || match.index + match[0].length !== version.length)
|
||||
) {
|
||||
if (!match ||
|
||||
next.index + next[0].length !== match.index + match[0].length) {
|
||||
match = next
|
||||
}
|
||||
safeRe[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length
|
||||
re[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length
|
||||
}
|
||||
// leave it in a clean state
|
||||
safeRe[t.COERCERTL].lastIndex = -1
|
||||
re[t.COERCERTL].lastIndex = -1
|
||||
}
|
||||
|
||||
if (match === null) {
|
||||
|
|
|
|||
16269
dist/setup/index.js
vendored
16269
dist/setup/index.js
vendored
File diff suppressed because one or more lines are too long
1428
package-lock.json
generated
1428
package-lock.json
generated
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue