Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix glob bug in package.json scripts section #475

Merged
merged 1 commit into from
Apr 3, 2023

Conversation

IvanZosimov
Copy link
Contributor

Description:
In the scope of this PR, we fix the bug related to the wrong interpretation of the glob patterns. Glob patterns that aren't wrapped by the quotes are opened and transformed into concrete paths by the shell used in the OS (e.g., PowerShell, bash. zsh, and so on). The behavior of this transformation is different for different shells, which can cause different behaviors of the tools. By wrapping glob patterns in double quotes, we prevent shell from opening and transforming them and instruct tool to do it instead.

Related issue:
https://github.com/actions/runner-images-internal/issues/4899

@IvanZosimov IvanZosimov requested a review from a team as a code owner March 28, 2023 12:07
@IvanZosimov IvanZosimov merged commit e42168c into actions:main Apr 3, 2023
fniephaus pushed a commit to graalvm/setup-java that referenced this pull request Jun 20, 2023
ianlewis referenced this pull request in slsa-framework/slsa-github-generator Aug 1, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| actions/setup-java | action | digest | `cd89f46` -> `b943a4e` |
| [actions/setup-java](https://togithub.com/actions/setup-java) | action
| minor | `v3.11.0` -> `v3.12.0` |
| [actions/setup-java](https://togithub.com/actions/setup-java) | action
| digest | `5ffc13f` -> `cd89f46` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v2.21.0` -> `v2.21.2` |
|
[gradle/gradle-build-action](https://togithub.com/gradle/gradle-build-action)
| action | minor | `v2.6.1` -> `v2.7.0` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/setup-java (actions/setup-java)</summary>

###
[`v3.12.0`](https://togithub.com/actions/setup-java/releases/tag/v3.12.0)

[Compare
Source](https://togithub.com/actions/setup-java/compare/v3.11.0...v3.12.0)

In scope of this release the following changes were made:

**Bug fixes:**

- Always check postfix "Contents/Home" on macOS by
[@&#8203;erwin1](https://togithub.com/erwin1) in
[https://github.com/actions/setup-java/pull/397](https://togithub.com/actions/setup-java/pull/397)
- Fix sbt/scala cache key by
[@&#8203;Dogacel](https://togithub.com/Dogacel) in
[https://github.com/actions/setup-java/pull/478](https://togithub.com/actions/setup-java/pull/478)
- Corretto toolcache folder name fix by
[@&#8203;IvanZosimov](https://togithub.com/IvanZosimov) in
[https://github.com/actions/setup-java/pull/480](https://togithub.com/actions/setup-java/pull/480)
- Update versions of Oracle JDK and Microsoft Build of OpenJDK by
[@&#8203;anishi1222](https://togithub.com/anishi1222) in
[https://github.com/actions/setup-java/pull/489](https://togithub.com/actions/setup-java/pull/489)
- Update Oracle JDK download URL calculation by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[https://github.com/actions/setup-java/pull/507](https://togithub.com/actions/setup-java/pull/507)

**Feature implementations:**

- Add versions properties to cache by
[@&#8203;Endi327](https://togithub.com/Endi327) in
[https://github.com/actions/setup-java/pull/280](https://togithub.com/actions/setup-java/pull/280)

**Resolving dependencies issues:**

- Remove implicit dependencies by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[https://github.com/actions/setup-java/pull/494](https://togithub.com/actions/setup-java/pull/494)
- Update xml2js by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[https://github.com/actions/setup-java/pull/484](https://togithub.com/actions/setup-java/pull/484)
- Update dependencies by
[@&#8203;IvanZosimov](https://togithub.com/IvanZosimov) in
[https://github.com/actions/setup-java/pull/511](https://togithub.com/actions/setup-java/pull/511)

**Infrastructure updates:**

- Fix glob bug in package.json scripts section by
[@&#8203;IvanZosimov](https://togithub.com/IvanZosimov) in
[https://github.com/actions/setup-java/pull/475](https://togithub.com/actions/setup-java/pull/475)
- Update mocks by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[https://github.com/actions/setup-java/pull/498](https://togithub.com/actions/setup-java/pull/498)

**Documentation changes:**

- Instruction to download custom distribution JDK and install by
[@&#8203;ragsmpl](https://togithub.com/ragsmpl) in
[https://github.com/actions/setup-java/pull/500](https://togithub.com/actions/setup-java/pull/500)

#### New Contributors

- [@&#8203;erwin1](https://togithub.com/erwin1) made their first
contribution in
[https://github.com/actions/setup-java/pull/397](https://togithub.com/actions/setup-java/pull/397)
- [@&#8203;Dogacel](https://togithub.com/Dogacel) made their first
contribution in
[https://github.com/actions/setup-java/pull/478](https://togithub.com/actions/setup-java/pull/478)
- [@&#8203;anishi1222](https://togithub.com/anishi1222) made their first
contribution in
[https://github.com/actions/setup-java/pull/489](https://togithub.com/actions/setup-java/pull/489)
- [@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) made
their first contribution in
[https://github.com/actions/setup-java/pull/498](https://togithub.com/actions/setup-java/pull/498)
- [@&#8203;ragsmpl](https://togithub.com/ragsmpl) made their first
contribution in
[https://github.com/actions/setup-java/pull/500](https://togithub.com/actions/setup-java/pull/500)
- [@&#8203;Endi327](https://togithub.com/Endi327) made their first
contribution in
[https://github.com/actions/setup-java/pull/280](https://togithub.com/actions/setup-java/pull/280)

**Full Changelog**:
actions/setup-java@v3...v3.12.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.21.2`](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

###
[`v2.21.1`](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

</details>

<details>
<summary>gradle/gradle-build-action
(gradle/gradle-build-action)</summary>

###
[`v2.7.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.7.0)

[Compare
Source](https://togithub.com/gradle/gradle-build-action/compare/v2.6.1...v2.7.0)

##### GitHub Dependency Graph support

In this release, the GitHub Dependency Graph support is no longer
considered "experimental", and should be considered ready for production
use. You can read more about the Dependency Graph support in [the README
chapter](https://togithub.com/gradle/gradle-build-action#github-dependency-graph-support).

##### Changes

- Update to
[`[email protected]`](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin/0.2.0)
- Dependency graph uses Gradle Settings file as manifest location (if
Settings file exists)
- Adds a `dependency-graph-file` output to any step that generates a
Dependency Graph file

##### Changelog

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yNC4yIiwidXBkYXRlZEluVmVyIjoiMzYuMjQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

---------

Signed-off-by: Mend Renovate <[email protected]>
Signed-off-by: Ian Lewis <[email protected]>
Co-authored-by: Ian Lewis <[email protected]>
enteraga6 referenced this pull request in enteraga6/slsa-github-generator Aug 8, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| actions/setup-java | action | digest | `cd89f46` -> `b943a4e` |
| [actions/setup-java](https://togithub.com/actions/setup-java) | action
| minor | `v3.11.0` -> `v3.12.0` |
| [actions/setup-java](https://togithub.com/actions/setup-java) | action
| digest | `5ffc13f` -> `cd89f46` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v2.21.0` -> `v2.21.2` |
|
[gradle/gradle-build-action](https://togithub.com/gradle/gradle-build-action)
| action | minor | `v2.6.1` -> `v2.7.0` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/setup-java (actions/setup-java)</summary>

###
[`v3.12.0`](https://togithub.com/actions/setup-java/releases/tag/v3.12.0)

[Compare
Source](https://togithub.com/actions/setup-java/compare/v3.11.0...v3.12.0)

In scope of this release the following changes were made:

**Bug fixes:**

- Always check postfix "Contents/Home" on macOS by
[@&#8203;erwin1](https://togithub.com/erwin1) in
[https://github.com/actions/setup-java/pull/397](https://togithub.com/actions/setup-java/pull/397)
- Fix sbt/scala cache key by
[@&#8203;Dogacel](https://togithub.com/Dogacel) in
[https://github.com/actions/setup-java/pull/478](https://togithub.com/actions/setup-java/pull/478)
- Corretto toolcache folder name fix by
[@&#8203;IvanZosimov](https://togithub.com/IvanZosimov) in
[https://github.com/actions/setup-java/pull/480](https://togithub.com/actions/setup-java/pull/480)
- Update versions of Oracle JDK and Microsoft Build of OpenJDK by
[@&#8203;anishi1222](https://togithub.com/anishi1222) in
[https://github.com/actions/setup-java/pull/489](https://togithub.com/actions/setup-java/pull/489)
- Update Oracle JDK download URL calculation by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[https://github.com/actions/setup-java/pull/507](https://togithub.com/actions/setup-java/pull/507)

**Feature implementations:**

- Add versions properties to cache by
[@&#8203;Endi327](https://togithub.com/Endi327) in
[https://github.com/actions/setup-java/pull/280](https://togithub.com/actions/setup-java/pull/280)

**Resolving dependencies issues:**

- Remove implicit dependencies by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[https://github.com/actions/setup-java/pull/494](https://togithub.com/actions/setup-java/pull/494)
- Update xml2js by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[https://github.com/actions/setup-java/pull/484](https://togithub.com/actions/setup-java/pull/484)
- Update dependencies by
[@&#8203;IvanZosimov](https://togithub.com/IvanZosimov) in
[https://github.com/actions/setup-java/pull/511](https://togithub.com/actions/setup-java/pull/511)

**Infrastructure updates:**

- Fix glob bug in package.json scripts section by
[@&#8203;IvanZosimov](https://togithub.com/IvanZosimov) in
[https://github.com/actions/setup-java/pull/475](https://togithub.com/actions/setup-java/pull/475)
- Update mocks by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[https://github.com/actions/setup-java/pull/498](https://togithub.com/actions/setup-java/pull/498)

**Documentation changes:**

- Instruction to download custom distribution JDK and install by
[@&#8203;ragsmpl](https://togithub.com/ragsmpl) in
[https://github.com/actions/setup-java/pull/500](https://togithub.com/actions/setup-java/pull/500)

#### New Contributors

- [@&#8203;erwin1](https://togithub.com/erwin1) made their first
contribution in
[https://github.com/actions/setup-java/pull/397](https://togithub.com/actions/setup-java/pull/397)
- [@&#8203;Dogacel](https://togithub.com/Dogacel) made their first
contribution in
[https://github.com/actions/setup-java/pull/478](https://togithub.com/actions/setup-java/pull/478)
- [@&#8203;anishi1222](https://togithub.com/anishi1222) made their first
contribution in
[https://github.com/actions/setup-java/pull/489](https://togithub.com/actions/setup-java/pull/489)
- [@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) made
their first contribution in
[https://github.com/actions/setup-java/pull/498](https://togithub.com/actions/setup-java/pull/498)
- [@&#8203;ragsmpl](https://togithub.com/ragsmpl) made their first
contribution in
[https://github.com/actions/setup-java/pull/500](https://togithub.com/actions/setup-java/pull/500)
- [@&#8203;Endi327](https://togithub.com/Endi327) made their first
contribution in
[https://github.com/actions/setup-java/pull/280](https://togithub.com/actions/setup-java/pull/280)

**Full Changelog**:
actions/setup-java@v3...v3.12.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.21.2`](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

###
[`v2.21.1`](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

</details>

<details>
<summary>gradle/gradle-build-action
(gradle/gradle-build-action)</summary>

###
[`v2.7.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.7.0)

[Compare
Source](https://togithub.com/gradle/gradle-build-action/compare/v2.6.1...v2.7.0)

##### GitHub Dependency Graph support

In this release, the GitHub Dependency Graph support is no longer
considered "experimental", and should be considered ready for production
use. You can read more about the Dependency Graph support in [the README
chapter](https://togithub.com/gradle/gradle-build-action#github-dependency-graph-support).

##### Changes

- Update to
[`[email protected]`](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin/0.2.0)
- Dependency graph uses Gradle Settings file as manifest location (if
Settings file exists)
- Adds a `dependency-graph-file` output to any step that generates a
Dependency Graph file

##### Changelog

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yNC4yIiwidXBkYXRlZEluVmVyIjoiMzYuMjQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

---------

Signed-off-by: Mend Renovate <[email protected]>
Signed-off-by: Ian Lewis <[email protected]>
Co-authored-by: Ian Lewis <[email protected]>
Signed-off-by: Noah Elzner <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants