robojerk/codeql-action

Fix security vulnerabilities

Browse source 
Ran `npm audit fix`.

Even though this fixes a "high" severity vulnerability, all affected
packages are dev packages only.
This commit is contained in:
Andrew Eisenberg 2021-05-10 10:07:58 -07:00
parent 224195bd22
commit 489dbb0e02
34 changed files with 528 additions and 214 deletions
Download patch file Download diff file Expand all files Collapse all files

4
node_modules/hosted-git-info/index.js generated vendored
View file

@ -41,7 +41,7 @@ function fromUrl (giturl, opts) {
isGitHubShorthand(giturl) ? 'github:' + giturl : giturl
)
var parsed = parseGitUrl(url)
var shortcutMatch = url.match(new RegExp('^([^:]+):(?:(?:[^@:]+(?:[^@]+)?@)?([^/]*))[/](.+?)(?:[.]git)?($|#)'))
var shortcutMatch = url.match(/^([^:]+):(?:[^@]+@)?(?:([^/]*)\/)?([^#]+)/)
var matches = Object.keys(gitHosts).map(function (gitHostName) {
try {
var gitHostInfo = gitHosts[gitHostName]
@ -55,7 +55,7 @@ function fromUrl (giturl, opts) {
var defaultRepresentation = null
if (shortcutMatch && shortcutMatch[1] === gitHostName) {
user = shortcutMatch[2] && decodeURIComponent(shortcutMatch[2])
project = decodeURIComponent(shortcutMatch[3])
project = decodeURIComponent(shortcutMatch[3].replace(/\.git$/, ''))
defaultRepresentation = 'shortcut'
} else {
if (parsed.host && parsed.host !== gitHostInfo.domain && parsed.host.replace(/^www[.]/, '') !== gitHostInfo.domain) return