fix: use_oidc shoudl be required false (#1353)

* fix: allow for oidc token

* chore(docs): update docs with use_oidc argument

* Update action.yml

Co-authored-by: Cristian Le <github@lecris.me>

* chore(release): 4.2.0

---------

Co-authored-by: Cristian Le <github@lecris.me>

.eslintrc.json

@@ -17,6 +17,7 @@
         "@typescript-eslint"
     ],
     "rules": {
+        "max-len": ["error", { "code": 120 }],
         "linebreak-style": 0
     }
 }

.github/dependabot.yml

@@ -1,7 +1,12 @@
 version: 2
 updates:
 - package-ecosystem: npm
-  directory: "/"
+  directory: /
   schedule:
     interval: daily
   open-pull-requests-limit: 10
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 10

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,69 @@
+
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '24 6 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4.1.2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3.24.9
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3.24.9
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3.24.9

.github/workflows/enforce-license-compliance.yml

@@ -0,0 +1,14 @@
+name: Enforce License Compliance
+
+on:
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  enforce-license-compliance:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Enforce License Compliance'
+        uses: getsentry/action-enforce-license-compliance@57ba820387a1a9315a46115ee276b2968da51f3d # main
+        with:
+          fossa_api_key: ${{ secrets.FOSSA_API_KEY }}

.github/workflows/main.yml

@@ -1,35 +1,14 @@
 name: Workflow for Codecov Action
 on: [push, pull_request]
 jobs:
-  no-deps:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Upload coverage to Codecov (script)
-        uses: ./
-        with:
-          files: ./coverage/script/coverage-final.json
-          flags: script,${{ matrix.os }}
-          name: codecov-script
-      - name: Upload coverage to Codecov (demo)
-        uses: ./
-        with:
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
-          file: ./coverage/coverage-final.json
-          flags: demo,${{ matrix.os }}
-          name: codecov-demo
   run:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
+        os: [macos-latest, windows-latest, ubuntu-latest, macos-latest-xlarge]
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.1.2
       - name: Install dependencies
         run: npm install
       - name: Lint
@@ -42,6 +21,8 @@ jobs:
           files: ./coverage/script/coverage-final.json
           flags: script,${{ matrix.os }}
           name: codecov-script
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
       - name: Upload coverage to Codecov (demo)
         uses: ./
         with:
@@ -49,3 +30,55 @@ jobs:
           file: ./coverage/coverage-final.json
           flags: demo,${{ matrix.os }}
           name: codecov-demo
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (version)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: version,${{ matrix.os }}
+          name: codecov-version
+          version: v0.2.0
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  run-container:
+    runs-on: ubuntu-latest
+    container: node:18
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.1.2
+      - name: Install dependencies
+        run: npm install
+      - name: Lint
+        run: npm run lint
+      - name: Run tests and collect coverage
+        run: npm run test
+      - name: Upload coverage to Codecov (script)
+        uses: ./
+        with:
+          files: ./coverage/script/coverage-final.json
+          flags: script,${{ matrix.os }}
+          name: codecov-script
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (demo)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: demo,${{ matrix.os }}
+          name: codecov-demo
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (version)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: version,${{ matrix.os }}
+          name: codecov-version
+          version: v0.2.0
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/scorecards-analysis.yml

@@ -0,0 +1,61 @@
+name: Scorecards supply-chain security
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    - cron: '43 20 * * 1'
+  push:
+    branches: [ master ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Used to receive a badge. (Upcoming feature)
+      id-token: write
+      actions: read
+      contents: read
+    
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4.1.2 # v3.0.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results. 
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless 
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+      
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@v3.24.9 # v1.0.26
+        with:
+          sarif_file: results.sarif

CHANGELOG.md

@@ -1,3 +1,177 @@
+## 4.0.0-beta.2
+### Fixes
+- #1085 not adding -n if empty to do-upload command
+
+## 4.0.0-beta.1
+
+`v4` represents a move from the [universal uploader](https://github.com/codecov/uploader) to the [Codecov CLI](https://github.com/codecov/codecov-cli). Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.
+
+### Breaking Changes
+- No current support for `aarch64` and `alpine` architectures.
+- Tokenless uploading is unsuported
+- Various arguments to the Action have been removed
+
+## 3.1.4
+### Fixes
+- #967 Fix typo in README.md
+- #971 fix: add back in working dir
+- #969 fix: CLI option names for uploader
+
+### Dependencies
+- #970 build(deps-dev): bump @types/node from 18.15.12 to 18.16.3
+- #979 build(deps-dev): bump @types/node from 20.1.0 to 20.1.2
+- #981 build(deps-dev): bump @types/node from 20.1.2 to 20.1.4
+
+## 3.1.3
+### Fixes
+- #960 fix: allow for aarch64 build
+
+### Dependencies
+- #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
+- #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
+- #959 build(deps-dev): bump @types/node from 18.15.10 to 18.15.12
+
+## 3.1.2
+### Fixes
+- #718 Update README.md
+- #851 Remove unsupported path_to_write_report argument
+- #898 codeql-analysis.yml
+- #901 Update README to contain correct information - inputs and negate feature
+- #955 fix: add in all the extra arguments for uploader
+
+### Dependencies
+- #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
+- #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
+- #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
+- #841 build(deps): bump @actions/core from 1.9.1 to 1.10.0
+- #843 build(deps): bump @actions/github from 5.0.3 to 5.1.1
+- #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
+- #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
+- #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2
+- #889 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2
+- #895 build(deps): bump json5 from 2.2.1 to 2.2.3
+- #896 build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2
+- #900 build(deps-dev): bump @vercel/ncc from 0.34.0 to 0.36.1
+- #905 build(deps-dev): bump typescript from 4.7.4 to 4.9.5
+- #911 build(deps-dev): bump @types/node from 16.11.40 to 18.13.0
+- #922 build(deps-dev): bump @types/node from 18.13.0 to 18.14.0
+- #924 build(deps): bump openpgp from 5.5.0 to 5.7.0
+- #927 build(deps-dev): bump @types/node from 18.14.0 to 18.14.2
+- #933 build(deps-dev): bump @types/node from 18.14.2 to 18.14.6
+- #937 build(deps-dev): bump @types/node from 18.14.6 to 18.15.0
+- #938 build(deps): bump node-fetch from 3.3.0 to 3.3.1
+- #945 build(deps-dev): bump @types/node from 18.15.0 to 18.15.5
+- #946 build(deps-dev): bump @types/node from 18.15.5 to 18.15.6
+- #947 build(deps-dev): bump @types/node from 18.15.6 to 18.15.10
+- #951 build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
+
+## 3.1.1
+### Fixes
+- #661 Update deprecation warning
+- #593 Create codeql-analysis.yml
+- #712 README: fix typo
+- #725 fix: Remove a blank row
+- #726 Update README.md with correct badge version
+- #633 Create scorecards-analysis.yml
+- #747 fix: add more verbosity to validation
+- #750 Regenerate scorecards-analysis.yml
+- #774 Switch to v3
+- #783 Fix network entry in table
+- #791 Trim arguments after splitting them
+- #769 Plumb failCi into verification function.
+
+### Dependencies
+- #713 build(deps-dev): bump typescript from 4.6.3 to 4.6.4
+- #714 build(deps): bump node-fetch from 3.2.3 to 3.2.4
+- #724 build(deps): bump github/codeql-action from 1 to 2
+- #717 build(deps-dev): bump @types/jest from 27.4.1 to 27.5.0
+- #729 build(deps-dev): bump @types/node from 17.0.25 to 17.0.33
+- #734 build(deps-dev): downgrade @types/node to 16.11.35
+- #723 build(deps): bump actions/checkout from 2 to 3
+- #733 build(deps): bump @actions/github from 5.0.1 to 5.0.3
+- #732 build(deps): bump @actions/core from 1.6.0 to 1.8.2
+- #737 build(deps-dev): bump @types/node from 16.11.35 to 16.11.36
+- #749 build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0
+- #755 build(deps-dev): bump typescript from 4.6.4 to 4.7.3
+- #759 build(deps-dev): bump @types/node from 16.11.36 to 16.11.39
+- #762 build(deps-dev): bump @types/node from 16.11.39 to 16.11.40
+- #746 build(deps-dev): bump @vercel/ncc from 0.33.4 to 0.34.0
+- #757 build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1
+- #760 build(deps): bump openpgp from 5.2.1 to 5.3.0
+- #748 build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0
+- #766 build(deps-dev): bump typescript from 4.7.3 to 4.7.4
+- #799 build(deps): bump openpgp from 5.3.0 to 5.4.0
+- #798 build(deps): bump @actions/core from 1.8.2 to 1.9.1
+
+## 3.1.0
+### Features
+- #699 Incorporate `xcode` arguments for the Codecov uploader
+
+### Dependencies
+- #694 build(deps-dev): bump @vercel/ncc from 0.33.3 to 0.33.4
+- #696 build(deps-dev): bump @types/node from 17.0.23 to 17.0.25
+- #698 build(deps-dev): bump jest-junit from 13.0.0 to 13.2.0
+
+## 3.0.0
+### Breaking Changes
+- #689 Bump to node16 and small fixes
+
+### Features
+- #688 Incorporate `gcov` arguments for the Codecov uploader
+
+### Dependencies
+- #548 build(deps-dev): bump jest-junit from 12.2.0 to 13.0.0
+- #603 [Snyk] Upgrade @actions/core from 1.5.0 to 1.6.0
+- #628 build(deps): bump node-fetch from 2.6.1 to 3.1.1
+- #634 build(deps): bump node-fetch from 3.1.1 to 3.2.0
+- #636 build(deps): bump openpgp from 5.0.1 to 5.1.0
+- #652 build(deps-dev): bump @vercel/ncc from 0.30.0 to 0.33.3
+- #653 build(deps-dev): bump @types/node from 16.11.21 to 17.0.18
+- #659 build(deps-dev): bump @types/jest from 27.4.0 to 27.4.1
+- #667 build(deps): bump actions/checkout from 2 to 3
+- #673 build(deps): bump node-fetch from 3.2.0 to 3.2.3
+- #683 build(deps): bump minimist from 1.2.5 to 1.2.6
+- #685 build(deps): bump @actions/github from 5.0.0 to 5.0.1
+- #681 build(deps-dev): bump @types/node from 17.0.18 to 17.0.23
+- #682 build(deps-dev): bump typescript from 4.5.5 to 4.6.3
+- #676 build(deps): bump @actions/exec from 1.1.0 to 1.1.1
+- #675 build(deps): bump openpgp from 5.1.0 to 5.2.1
+
+## 2.1.0
+### Features
+- #515 Allow specifying version of Codecov uploader
+
+### Dependencies
+- #499 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.30.0
+- #508 build(deps): bump openpgp from 5.0.0-5 to 5.0.0
+- #514 build(deps-dev): bump @types/node from 16.6.0 to 16.9.0
+
+## 2.0.3
+### Fixes
+- #464 Fix wrong link in the readme
+- #485 fix: Add override OS and linux default to platform
+
+### Dependencies
+- #447 build(deps): bump openpgp from 5.0.0-4 to 5.0.0-5
+- #458 build(deps-dev): bump eslint from 7.31.0 to 7.32.0
+- #465 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.28.4 to 4.29.1
+- #466 build(deps-dev): bump @typescript-eslint/parser from 4.28.4 to 4.29.1
+- #468 build(deps-dev): bump @types/jest from 26.0.24 to 27.0.0
+- #470 build(deps-dev): bump @types/node from 16.4.0 to 16.6.0
+- #472 build(deps): bump path-parse from 1.0.6 to 1.0.7
+- #473 build(deps-dev): bump @types/jest from 27.0.0 to 27.0.1
+- #478 build(deps-dev): bump @typescript-eslint/parser from 4.29.1 to 4.29.2
+- #479 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.29.1 to 4.29.2
+- #481 build(deps-dev): bump @types/node from 16.6.0 to 16.6.2
+- #483 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.29.2
+- #484 build(deps): bump @actions/core from 1.4.0 to 1.5.0
+
+## 2.0.2
+### Fixes
+- Underlying uploader fixes issues with tokens not being sent properly for users seeing
+  `Error!: Error: Error uploading to https://codecov.io: Error: Error uploading to Codecov: Error: Not Found`
+- #440 fix: Validation ordering
+
 ## 2.0.1
 ### Fixes
 - #424 fix: Issue in building all deep dependencies

Makefile

@@ -1,7 +1,7 @@
 deploy:
 	$(eval VERSION := $(shell cat package.json | grep '"version": ' | cut -d\" -f4))
-	git tag -d v2
-	git push origin :v2
-	git tag v2
-	git tag v$(VERSION) -m ""
+	git tag -d v4
+	git push origin :v4
+	git tag v4
+	git tag v$(VERSION) -s -m ""
 	git push origin --tags

README.md

@@ -1,79 +1,119 @@
 # Codecov GitHub Action
 
-[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v1-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
+[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v4-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action?ref=badge_shield)
 [![Workflow for Codecov Action](https://github.com/codecov/codecov-action/actions/workflows/main.yml/badge.svg)](https://github.com/codecov/codecov-action/actions/workflows/main.yml)
 ### Easily upload coverage reports to Codecov from GitHub Actions
 
->The latest release of this Action adds support for tokenless uploads from GitHub Actions!
+## v4 Release
+`v4` of the Codecov GitHub Action will use the [Codecov CLI](https://github.com/codecov/codecov-cli) to upload coverage reports to Codecov.
 
-## ⚠️  Deprecration of v1
-**On February 1, 2022, this version will be fully sunset and no longer function**
+### Breaking Changes
+- Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token)
+- Various arguments to the Action have been removed
 
-Due to the [deprecation](https://about.codecov.io/blog/introducting-codecovs-new-uploader/) of the underlying bash uploader,
-the Codecov GitHub Action has released `v2` which will use the new [uploader](https://github.com/codecov/uploader). You can learn
-more about our deprecation plan and the new uploader on our [blog](https://about.codecov.io/blog/introducing-codecovs-new-uploader/).
+### Dependabot
+- For repositories using `Dependabot`, users will need to ensure that it has access to the Codecov token for PRs from Dependabot to upload coverage. To do this, please add your `CODECOV_TOKEN` as a Dependabot Secret. For more information, see ["Configuring access to private registries for Dependabot."](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#storing-credentials-for-dependabot-to-use)
 
-We will be restricting any updates to the `v1` Action to security updates and hotfixes.
-
-### Migration from `v1` to `v2`
-The `v2` uploader has a few breaking changes for users
-- Multiple fields have not been transferred from the bash uploader or have been deprecated. Notably
-many of the `functionalities` and `gcov_` arguments have been removed. Please check the documentation
-below for the full list.
+`v3` versions and below will not have access to CLI features (e.g. global upload token, ATS).
 
 ## Usage
 
-To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v2` is recommended) as a `step` within your `workflow.yml` file.
+To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v4` is recommended) as a `step` within your `workflow.yml` file.
 
-If you have a *private repository*, this Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, store it as a `secret`). Optionally, you can choose to include up to four additional inputs to customize the upload context. **For public repositories, no token is needed**
+This Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, [store it](https://docs.codecov.com/docs/adding-the-codecov-token#github-actions) as a `secret`).
+
+Currently, the Action will identify linux, macos, and windows runners. However, the Action may misidentify other architectures. The OS can be specified as
+- alpine
+- alpine-arm64
+- linux
+- linux-arm64
+- macos
+- windows
 
 Inside your `.github/workflows/workflow.yml` file:
 
 ```yaml
 steps:
 - uses: actions/checkout@master
-- uses: codecov/codecov-action@v2
+- uses: codecov/codecov-action@v4
   with:
-    token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
+    fail_ci_if_error: true # optional (default = false)
     files: ./coverage1.xml,./coverage2.xml # optional
     flags: unittests # optional
     name: codecov-umbrella # optional
-    fail_ci_if_error: true # optional (default = false)
+    token: ${{ secrets.CODECOV_TOKEN }} # required
     verbose: true # optional (default = false)
 ```
->**Note**: This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories.
+
+The Codecov token can also be passed in via environment variables:
+
+```yaml
+steps:
+- uses: actions/checkout@master
+- uses: codecov/codecov-action@v4
+  with:
+    fail_ci_if_error: true # optional (default = false)
+    files: ./coverage1.xml,./coverage2.xml # optional
+    flags: unittests # optional
+    name: codecov-umbrella # optional
+    verbose: true # optional (default = false)
+  env:
+    CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+```
+> [!NOTE]
+> This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories.
+
+### Using OIDC
+For users with [OpenID Connect(OIDC) enabled](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect), the Codecov token is not necessary. You can use OIDC with the `use_oidc` argument as following.
+
+```yaml
+- uses: codecov/codecov-action@v4
+  with:
+    use_oidc: true
+```
+
+Any token supplied will be ignored, as Codecov will default to the OIDC token for verification.
 
 ## Arguments
 
-Codecov's Action currently supports five inputs from the user: `token`, `file`, `flags`,`name`, and `fail_ci_if_error`. These inputs, along with their descriptions and usage contexts, are listed in the table below:
+Codecov's Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below:
 
-| Input  | Description | Usage |
-| :---:     |     :---:   |    :---:   |
-| `token`  | Used to authorize coverage report uploads  | *Required for private repos* |
-| `files`  | Comma-separated paths to the coverage report(s) | Optional
+| Input  | Description | Required |
+| :---       |     :---     |    :---:   |
+| `token` | Repository Codecov token. Used to authorize report uploads | *Required
+| `codecov_yml_path` | Specify the path to the Codecov YML | Optional
+| `commit_parent` | Override to specify the parent commit SHA | Optional
 | `directory` | Directory to search for coverage reports. | Optional
+| `disable_search` | Disable search for coverage files. This is helpful when specifying what files you want to upload with the --file option. | Optional
+| `disable_file_fixes` | Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets) | Optional
 | `dry_run` | Don't upload files to Codecov | Optional
-| `flags`  | Flag the upload to group coverage metrics (unittests, uitests, etc.). Multiple flags are separated by a comma (ui,chrome) | Optional
-| | |
-| `commit_parent` | The commit SHA of the parent for which you are uploading coverage. If not present, the parent will be determined using the API of your repository provider.  When using the repository provider's API, the parent is determined via finding the closest ancestor to the commit. | Optional
-| `env_vars`  | Environment variables to tag the upload with. Multiple env variables can be separated with commas (e.g. `OS,PYTHON`) | Optional
-| `fail_ci_if_error`  | Specify if CI pipeline should fail when Codecov runs into errors during upload. *Defaults to **false*** | Optional
--| `functionalities` | Toggle functionalities | Optional
--| | `network` Disable uploading the file network |
-| `move_coverage_to_trash` | Move discovered coverage reports to the trash | Optional
-| `name`  | Custom defined name for the upload | Optional
+| `env_vars` | Environment variables to tag the upload with (e.g. PYTHON \| OS,PYTHON) | Optional
+| `exclude` | Folders to exclude from search | Optional
+| `fail_ci_if_error` | Specify whether or not CI build should fail if Codecov runs into an error during upload | Optional
+| `file` | Path to coverage file to upload | Optional
+| `files` | Comma-separated list of files to upload | Optional
+| `flags` | Flag upload to group coverage metrics (e.g. unittests \| integration \| ui,chrome) | Optional
+| `handle_no_reports_found` | Raise no exceptions when no coverage reports found | Optional
+| `job_code` | The job code | Optional
+| `name` | User defined upload name. Visible in Codecov UI | Optional
+| `os` | Override the assumed OS. Options are linux \| macos \| windows \| . | Optional
 | `override_branch` | Specify the branch name | Optional
 | `override_build` | Specify the build number | Optional
+| `override_build_url` | The URL of the build where this is running | Optional
 | `override_commit` | Specify the commit SHA | Optional
 | `override_pr` | Specify the pull request number | Optional
-| `override_tag` | Specify the git tag | Optional
-| `path_to_write_report` | Write upload file to path before uploading | Optional
-| `root_dir` | Used when not in git/hg project to identify project root directory | Optional
+| `plugin` | plugins to run. Options: xcode, gcov, pycoverage. The default behavior runs them all. | Optional
+| `plugins` | Comma-separated list of plugins for use during upload. | Optional
+| `report_code` | The code of the report. If unsure, do not include | Optional
+| `root_dir` | Used to specify the location of your   .git   root to identify project root directory | Optional
 | `slug` | Specify the slug manually (Enterprise use) | Optional
-| `url` | Change the upload host (Enterprise use) | Optional
+| `url` | Specify the base url to upload (Enterprise use) | Optional
+| `use_legacy_upload_endpoint` | Use the legacy upload endpoint | Optional
+| `use_oidc` | Use OpenID Connect for verification instead of token. This will ignore any token supplied. Please see [GitHub documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) for details.
 | `verbose` | Specify whether the Codecov output should be verbose | Optional
-| `working-directory` | Directory in which to execute `codecov.sh` | Optional
+| `version` | Specify which version of the Codecov CLI should be used. Defaults to `latest` | Optional
+| `working-directory` | Directory in which to execute codecov.sh | Optional
 
 ### Example `workflow.yml` with Codecov Action
 
@@ -88,29 +128,28 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
     env:
       OS: ${{ matrix.os }}
-      PYTHON: '3.7'
+      PYTHON: '3.10'
     steps:
     - uses: actions/checkout@master
     - name: Setup Python
       uses: actions/setup-python@master
       with:
-        python-version: 3.7
+        python-version: 3.10
     - name: Generate coverage report
       run: |
         pip install pytest
         pip install pytest-cov
         pytest --cov=./ --cov-report=xml
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v2
+      uses: codecov/codecov-action@v4
       with:
-        token: ${{ secrets.CODECOV_TOKEN }}
         directory: ./coverage/reports/
         env_vars: OS,PYTHON
         fail_ci_if_error: true
-        files: ./coverage1.xml,./coverage2.xml
+        files: ./coverage1.xml,./coverage2.xml,!./cache
         flags: unittests
         name: codecov-umbrella
-        path_to_write_report: ./coverage/codecov_report.txt
+        token: ${{ secrets.CODECOV_TOKEN }}
         verbose: true
 ```
 ## Contributing

action.yml

@@ -3,19 +3,25 @@ description: 'GitHub Action that uploads coverage reports for your repository to
 author: 'Ibrahim Ali <@ibrahim0814> & Thomas Hu <@thomasrockhu> | Codecov'
 inputs:
   token:
-    description: 'Repository upload token - get it from codecov.io. Required only for private repositories'
+    description: 'Repository Codecov token. Used to authorize report uploads'
     required: false
-  files:
-    description: 'Comma-separated list of files to upload'
+  codecov_yml_path:
+    description: 'Specify the path to the Codecov YML'
+    required: false
+  commit_parent:
+    description: 'Override to specify the parent commit SHA'
     required: false
   directory:
     description: 'Directory to search for coverage reports.'
     required: false
-  flags:
-    description: 'Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)'
+  disable_file_fixes:
+    description: 'Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets)'
     required: false
-  commit_parent:
-    description: 'The commit SHA of the parent for which you are uploading coverage. If not present, the parent will be determined using the API of your repository provider.  When using the repository providers API, the parent is determined via finding the closest ancestor to the commit.'
+  disable_search:
+    description: 'Disable search for coverage files. This is helpful when specifying what files you want to upload with the --file option.'
+    required: false
+  disable_safe_directory:
+    description: 'Disable setting safe directory. Set to true to disable.'
     required: false
   dry_run:
     description: "Don't upload files to Codecov"
@@ -23,35 +29,59 @@ inputs:
   env_vars:
     description: 'Environment variables to tag the upload with (e.g. PYTHON | OS,PYTHON)'
     required: false
+  exclude:
+    description: 'Folders to exclude from search'
+    required: false
   fail_ci_if_error:
     description: 'Specify whether or not CI build should fail if Codecov runs into an error during upload'
     required: false
   file:
     description: 'Path to coverage file to upload'
     required: false
-  functionalities:
-    description: 'Comma-separated list, see the README for options and their usage'
+  files:
+    description: 'Comma-separated list of files to upload'
     required: false
-  move_coverage_to_trash:
-    description: 'Move discovered coverage reports to the trash'
+  flags:
+    description: 'Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)'
+    required: false
+  git_service:
+    description: 'Override the git_service (e.g. github_enterprise)'
+    required: false
+  handle_no_reports_found:
+    description: 'Raise no exceptions when no coverage reports found'
+    required: false
+  job_code:
+    description: 'The job code'
     required: false
   name:
     description: 'User defined upload name. Visible in Codecov UI'
     required: false
+  os:
+    description: 'Override the assumed OS. Options are linux | macos | windows.'
+    required: false
   override_branch:
     description: 'Specify the branch name'
     required: false
   override_build:
     description: 'Specify the build number'
     required: false
+  override_build_url:
+    description: 'The URL of the build where this is running'
+    required: false
   override_commit:
     description: 'Specify the commit SHA'
     required: false
   override_pr:
     description: 'Specify the pull request number'
     required: false
-  override_tag:
-    description: 'Specify the git tag'
+  plugin:
+    description: 'plugins to run. Options: xcode, gcov, pycoverage. The default behavior runs them all.'
+    required: false
+  plugins:
+    description: 'Comma-separated list of plugins for use during upload.'
+    required: false
+  report_code:
+    description: 'The code of the report. If unsure, do not include'
     required: false
   root_dir:
     description: 'Used when not in git/hg project to identify project root directory'
@@ -60,11 +90,20 @@ inputs:
     description: 'Specify the slug manually (Enterprise use)'
     required: false
   url:
-    description: 'Change the upload host (Enterprise use)'
+    description: 'Specify the base url to upload (Enterprise use)'
+    required: false
+  use_legacy_upload_endpoint:
+    description: 'Use the legacy upload endpoint'
+    required: false
+  use_oidc:
+    description: 'Use OIDC instead of token. This will ignore any token supplied'
     required: false
   verbose:
     description: 'Specify whether the Codecov output should be verbose'
     required: false
+  version:
+    description: 'Specify which version of the Codecov CLI should be used. Defaults to `latest`'
+    required: false
   working-directory:
     description: 'Directory in which to execute codecov.sh'
     required: false
@@ -72,5 +111,5 @@ branding:
   color: 'red'
   icon: 'umbrella'
 runs:
-  using: 'node12'
+  using: 'node20'
   main: 'dist/index.js'

dist/37.index.js

@@ -0,0 +1,453 @@
+"use strict";
+exports.id = 37;
+exports.ids = [37];
+exports.modules = {
+
+/***/ 4037:
+/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
+
+__webpack_require__.r(__webpack_exports__);
+/* harmony export */ __webpack_require__.d(__webpack_exports__, {
+/* harmony export */   "toFormData": () => (/* binding */ toFormData)
+/* harmony export */ });
+/* harmony import */ var fetch_blob_from_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(2777);
+/* harmony import */ var formdata_polyfill_esm_min_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(8010);
+
+
+
+let s = 0;
+const S = {
+	START_BOUNDARY: s++,
+	HEADER_FIELD_START: s++,
+	HEADER_FIELD: s++,
+	HEADER_VALUE_START: s++,
+	HEADER_VALUE: s++,
+	HEADER_VALUE_ALMOST_DONE: s++,
+	HEADERS_ALMOST_DONE: s++,
+	PART_DATA_START: s++,
+	PART_DATA: s++,
+	END: s++
+};
+
+let f = 1;
+const F = {
+	PART_BOUNDARY: f,
+	LAST_BOUNDARY: f *= 2
+};
+
+const LF = 10;
+const CR = 13;
+const SPACE = 32;
+const HYPHEN = 45;
+const COLON = 58;
+const A = 97;
+const Z = 122;
+
+const lower = c => c | 0x20;
+
+const noop = () => {};
+
+class MultipartParser {
+	/**
+	 * @param {string} boundary
+	 */
+	constructor(boundary) {
+		this.index = 0;
+		this.flags = 0;
+
+		this.onHeaderEnd = noop;
+		this.onHeaderField = noop;
+		this.onHeadersEnd = noop;
+		this.onHeaderValue = noop;
+		this.onPartBegin = noop;
+		this.onPartData = noop;
+		this.onPartEnd = noop;
+
+		this.boundaryChars = {};
+
+		boundary = '\r\n--' + boundary;
+		const ui8a = new Uint8Array(boundary.length);
+		for (let i = 0; i < boundary.length; i++) {
+			ui8a[i] = boundary.charCodeAt(i);
+			this.boundaryChars[ui8a[i]] = true;
+		}
+
+		this.boundary = ui8a;
+		this.lookbehind = new Uint8Array(this.boundary.length + 8);
+		this.state = S.START_BOUNDARY;
+	}
+
+	/**
+	 * @param {Uint8Array} data
+	 */
+	write(data) {
+		let i = 0;
+		const length_ = data.length;
+		let previousIndex = this.index;
+		let {lookbehind, boundary, boundaryChars, index, state, flags} = this;
+		const boundaryLength = this.boundary.length;
+		const boundaryEnd = boundaryLength - 1;
+		const bufferLength = data.length;
+		let c;
+		let cl;
+
+		const mark = name => {
+			this[name + 'Mark'] = i;
+		};
+
+		const clear = name => {
+			delete this[name + 'Mark'];
+		};
+
+		const callback = (callbackSymbol, start, end, ui8a) => {
+			if (start === undefined || start !== end) {
+				this[callbackSymbol](ui8a && ui8a.subarray(start, end));
+			}
+		};
+
+		const dataCallback = (name, clear) => {
+			const markSymbol = name + 'Mark';
+			if (!(markSymbol in this)) {
+				return;
+			}
+
+			if (clear) {
+				callback(name, this[markSymbol], i, data);
+				delete this[markSymbol];
+			} else {
+				callback(name, this[markSymbol], data.length, data);
+				this[markSymbol] = 0;
+			}
+		};
+
+		for (i = 0; i < length_; i++) {
+			c = data[i];
+
+			switch (state) {
+				case S.START_BOUNDARY:
+					if (index === boundary.length - 2) {
+						if (c === HYPHEN) {
+							flags |= F.LAST_BOUNDARY;
+						} else if (c !== CR) {
+							return;
+						}
+
+						index++;
+						break;
+					} else if (index - 1 === boundary.length - 2) {
+						if (flags & F.LAST_BOUNDARY && c === HYPHEN) {
+							state = S.END;
+							flags = 0;
+						} else if (!(flags & F.LAST_BOUNDARY) && c === LF) {
+							index = 0;
+							callback('onPartBegin');
+							state = S.HEADER_FIELD_START;
+						} else {
+							return;
+						}
+
+						break;
+					}
+
+					if (c !== boundary[index + 2]) {
+						index = -2;
+					}
+
+					if (c === boundary[index + 2]) {
+						index++;
+					}
+
+					break;
+				case S.HEADER_FIELD_START:
+					state = S.HEADER_FIELD;
+					mark('onHeaderField');
+					index = 0;
+					// falls through
+				case S.HEADER_FIELD:
+					if (c === CR) {
+						clear('onHeaderField');
+						state = S.HEADERS_ALMOST_DONE;
+						break;
+					}
+
+					index++;
+					if (c === HYPHEN) {
+						break;
+					}
+
+					if (c === COLON) {
+						if (index === 1) {
+							// empty header field
+							return;
+						}
+
+						dataCallback('onHeaderField', true);
+						state = S.HEADER_VALUE_START;
+						break;
+					}
+
+					cl = lower(c);
+					if (cl < A || cl > Z) {
+						return;
+					}
+
+					break;
+				case S.HEADER_VALUE_START:
+					if (c === SPACE) {
+						break;
+					}
+
+					mark('onHeaderValue');
+					state = S.HEADER_VALUE;
+					// falls through
+				case S.HEADER_VALUE:
+					if (c === CR) {
+						dataCallback('onHeaderValue', true);
+						callback('onHeaderEnd');
+						state = S.HEADER_VALUE_ALMOST_DONE;
+					}
+
+					break;
+				case S.HEADER_VALUE_ALMOST_DONE:
+					if (c !== LF) {
+						return;
+					}
+
+					state = S.HEADER_FIELD_START;
+					break;
+				case S.HEADERS_ALMOST_DONE:
+					if (c !== LF) {
+						return;
+					}
+
+					callback('onHeadersEnd');
+					state = S.PART_DATA_START;
+					break;
+				case S.PART_DATA_START:
+					state = S.PART_DATA;
+					mark('onPartData');
+					// falls through
+				case S.PART_DATA:
+					previousIndex = index;
+
+					if (index === 0) {
+						// boyer-moore derrived algorithm to safely skip non-boundary data
+						i += boundaryEnd;
+						while (i < bufferLength && !(data[i] in boundaryChars)) {
+							i += boundaryLength;
+						}
+
+						i -= boundaryEnd;
+						c = data[i];
+					}
+
+					if (index < boundary.length) {
+						if (boundary[index] === c) {
+							if (index === 0) {
+								dataCallback('onPartData', true);
+							}
+
+							index++;
+						} else {
+							index = 0;
+						}
+					} else if (index === boundary.length) {
+						index++;
+						if (c === CR) {
+							// CR = part boundary
+							flags |= F.PART_BOUNDARY;
+						} else if (c === HYPHEN) {
+							// HYPHEN = end boundary
+							flags |= F.LAST_BOUNDARY;
+						} else {
+							index = 0;
+						}
+					} else if (index - 1 === boundary.length) {
+						if (flags & F.PART_BOUNDARY) {
+							index = 0;
+							if (c === LF) {
+								// unset the PART_BOUNDARY flag
+								flags &= ~F.PART_BOUNDARY;
+								callback('onPartEnd');
+								callback('onPartBegin');
+								state = S.HEADER_FIELD_START;
+								break;
+							}
+						} else if (flags & F.LAST_BOUNDARY) {
+							if (c === HYPHEN) {
+								callback('onPartEnd');
+								state = S.END;
+								flags = 0;
+							} else {
+								index = 0;
+							}
+						} else {
+							index = 0;
+						}
+					}
+
+					if (index > 0) {
+						// when matching a possible boundary, keep a lookbehind reference
+						// in case it turns out to be a false lead
+						lookbehind[index - 1] = c;
+					} else if (previousIndex > 0) {
+						// if our boundary turned out to be rubbish, the captured lookbehind
+						// belongs to partData
+						const _lookbehind = new Uint8Array(lookbehind.buffer, lookbehind.byteOffset, lookbehind.byteLength);
+						callback('onPartData', 0, previousIndex, _lookbehind);
+						previousIndex = 0;
+						mark('onPartData');
+
+						// reconsider the current character even so it interrupted the sequence
+						// it could be the beginning of a new sequence
+						i--;
+					}
+
+					break;
+				case S.END:
+					break;
+				default:
+					throw new Error(`Unexpected state entered: ${state}`);
+			}
+		}
+
+		dataCallback('onHeaderField');
+		dataCallback('onHeaderValue');
+		dataCallback('onPartData');
+
+		// Update properties for the next call
+		this.index = index;
+		this.state = state;
+		this.flags = flags;
+	}
+
+	end() {
+		if ((this.state === S.HEADER_FIELD_START && this.index === 0) ||
+			(this.state === S.PART_DATA && this.index === this.boundary.length)) {
+			this.onPartEnd();
+		} else if (this.state !== S.END) {
+			throw new Error('MultipartParser.end(): stream ended unexpectedly');
+		}
+	}
+}
+
+function _fileName(headerValue) {
+	// matches either a quoted-string or a token (RFC 2616 section 19.5.1)
+	const m = headerValue.match(/\bfilename=("(.*?)"|([^()<>@,;:\\"/[\]?={}\s\t]+))($|;\s)/i);
+	if (!m) {
+		return;
+	}
+
+	const match = m[2] || m[3] || '';
+	let filename = match.slice(match.lastIndexOf('\\') + 1);
+	filename = filename.replace(/%22/g, '"');
+	filename = filename.replace(/&#(\d{4});/g, (m, code) => {
+		return String.fromCharCode(code);
+	});
+	return filename;
+}
+
+async function toFormData(Body, ct) {
+	if (!/multipart/i.test(ct)) {
+		throw new TypeError('Failed to fetch');
+	}
+
+	const m = ct.match(/boundary=(?:"([^"]+)"|([^;]+))/i);
+
+	if (!m) {
+		throw new TypeError('no or bad content-type header, no multipart boundary');
+	}
+
+	const parser = new MultipartParser(m[1] || m[2]);
+
+	let headerField;
+	let headerValue;
+	let entryValue;
+	let entryName;
+	let contentType;
+	let filename;
+	const entryChunks = [];
+	const formData = new formdata_polyfill_esm_min_js__WEBPACK_IMPORTED_MODULE_1__/* .FormData */ .Ct();
+
+	const onPartData = ui8a => {
+		entryValue += decoder.decode(ui8a, {stream: true});
+	};
+
+	const appendToFile = ui8a => {
+		entryChunks.push(ui8a);
+	};
+
+	const appendFileToFormData = () => {
+		const file = new fetch_blob_from_js__WEBPACK_IMPORTED_MODULE_0__/* .File */ .$B(entryChunks, filename, {type: contentType});
+		formData.append(entryName, file);
+	};
+
+	const appendEntryToFormData = () => {
+		formData.append(entryName, entryValue);
+	};
+
+	const decoder = new TextDecoder('utf-8');
+	decoder.decode();
+
+	parser.onPartBegin = function () {
+		parser.onPartData = onPartData;
+		parser.onPartEnd = appendEntryToFormData;
+
+		headerField = '';
+		headerValue = '';
+		entryValue = '';
+		entryName = '';
+		contentType = '';
+		filename = null;
+		entryChunks.length = 0;
+	};
+
+	parser.onHeaderField = function (ui8a) {
+		headerField += decoder.decode(ui8a, {stream: true});
+	};
+
+	parser.onHeaderValue = function (ui8a) {
+		headerValue += decoder.decode(ui8a, {stream: true});
+	};
+
+	parser.onHeaderEnd = function () {
+		headerValue += decoder.decode();
+		headerField = headerField.toLowerCase();
+
+		if (headerField === 'content-disposition') {
+			// matches either a quoted-string or a token (RFC 2616 section 19.5.1)
+			const m = headerValue.match(/\bname=("([^"]*)"|([^()<>@,;:\\"/[\]?={}\s\t]+))/i);
+
+			if (m) {
+				entryName = m[2] || m[3] || '';
+			}
+
+			filename = _fileName(headerValue);
+
+			if (filename) {
+				parser.onPartData = appendToFile;
+				parser.onPartEnd = appendFileToFormData;
+			}
+		} else if (headerField === 'content-type') {
+			contentType = headerValue;
+		}
+
+		headerValue = '';
+		headerField = '';
+	};
+
+	for await (const chunk of Body) {
+		parser.write(chunk);
+	}
+
+	parser.end();
+
+	return formData;
+}
+
+
+/***/ })
+
+};
+;
+//# sourceMappingURL=37.index.js.map

dist/629.index.js

@@ -0,0 +1,453 @@
+exports.id = 629;
+exports.ids = [629];
+exports.modules = {
+
+/***/ 6629:
+/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
+
+"use strict";
+__webpack_require__.r(__webpack_exports__);
+/* harmony export */ __webpack_require__.d(__webpack_exports__, {
+/* harmony export */   "toFormData": () => (/* binding */ toFormData)
+/* harmony export */ });
+/* harmony import */ var fetch_blob_from_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(4818);
+/* harmony import */ var formdata_polyfill_esm_min_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(1402);
+
+
+
+let s = 0;
+const S = {
+	START_BOUNDARY: s++,
+	HEADER_FIELD_START: s++,
+	HEADER_FIELD: s++,
+	HEADER_VALUE_START: s++,
+	HEADER_VALUE: s++,
+	HEADER_VALUE_ALMOST_DONE: s++,
+	HEADERS_ALMOST_DONE: s++,
+	PART_DATA_START: s++,
+	PART_DATA: s++,
+	END: s++
+};
+
+let f = 1;
+const F = {
+	PART_BOUNDARY: f,
+	LAST_BOUNDARY: f *= 2
+};
+
+const LF = 10;
+const CR = 13;
+const SPACE = 32;
+const HYPHEN = 45;
+const COLON = 58;
+const A = 97;
+const Z = 122;
+
+const lower = c => c | 0x20;
+
+const noop = () => {};
+
+class MultipartParser {
+	/**
+	 * @param {string} boundary
+	 */
+	constructor(boundary) {
+		this.index = 0;
+		this.flags = 0;
+
+		this.onHeaderEnd = noop;
+		this.onHeaderField = noop;
+		this.onHeadersEnd = noop;
+		this.onHeaderValue = noop;
+		this.onPartBegin = noop;
+		this.onPartData = noop;
+		this.onPartEnd = noop;
+
+		this.boundaryChars = {};
+
+		boundary = '\r\n--' + boundary;
+		const ui8a = new Uint8Array(boundary.length);
+		for (let i = 0; i < boundary.length; i++) {
+			ui8a[i] = boundary.charCodeAt(i);
+			this.boundaryChars[ui8a[i]] = true;
+		}
+
+		this.boundary = ui8a;
+		this.lookbehind = new Uint8Array(this.boundary.length + 8);
+		this.state = S.START_BOUNDARY;
+	}
+
+	/**
+	 * @param {Uint8Array} data
+	 */
+	write(data) {
+		let i = 0;
+		const length_ = data.length;
+		let previousIndex = this.index;
+		let {lookbehind, boundary, boundaryChars, index, state, flags} = this;
+		const boundaryLength = this.boundary.length;
+		const boundaryEnd = boundaryLength - 1;
+		const bufferLength = data.length;
+		let c;
+		let cl;
+
+		const mark = name => {
+			this[name + 'Mark'] = i;
+		};
+
+		const clear = name => {
+			delete this[name + 'Mark'];
+		};
+
+		const callback = (callbackSymbol, start, end, ui8a) => {
+			if (start === undefined || start !== end) {
+				this[callbackSymbol](ui8a && ui8a.subarray(start, end));
+			}
+		};
+
+		const dataCallback = (name, clear) => {
+			const markSymbol = name + 'Mark';
+			if (!(markSymbol in this)) {
+				return;
+			}
+
+			if (clear) {
+				callback(name, this[markSymbol], i, data);
+				delete this[markSymbol];
+			} else {
+				callback(name, this[markSymbol], data.length, data);
+				this[markSymbol] = 0;
+			}
+		};
+
+		for (i = 0; i < length_; i++) {
+			c = data[i];
+
+			switch (state) {
+				case S.START_BOUNDARY:
+					if (index === boundary.length - 2) {
+						if (c === HYPHEN) {
+							flags |= F.LAST_BOUNDARY;
+						} else if (c !== CR) {
+							return;
+						}
+
+						index++;
+						break;
+					} else if (index - 1 === boundary.length - 2) {
+						if (flags & F.LAST_BOUNDARY && c === HYPHEN) {
+							state = S.END;
+							flags = 0;
+						} else if (!(flags & F.LAST_BOUNDARY) && c === LF) {
+							index = 0;
+							callback('onPartBegin');
+							state = S.HEADER_FIELD_START;
+						} else {
+							return;
+						}
+
+						break;
+					}
+
+					if (c !== boundary[index + 2]) {
+						index = -2;
+					}
+
+					if (c === boundary[index + 2]) {
+						index++;
+					}
+
+					break;
+				case S.HEADER_FIELD_START:
+					state = S.HEADER_FIELD;
+					mark('onHeaderField');
+					index = 0;
+					// falls through
+				case S.HEADER_FIELD:
+					if (c === CR) {
+						clear('onHeaderField');
+						state = S.HEADERS_ALMOST_DONE;
+						break;
+					}
+
+					index++;
+					if (c === HYPHEN) {
+						break;
+					}
+
+					if (c === COLON) {
+						if (index === 1) {
+							// empty header field
+							return;
+						}
+
+						dataCallback('onHeaderField', true);
+						state = S.HEADER_VALUE_START;
+						break;
+					}
+
+					cl = lower(c);
+					if (cl < A || cl > Z) {
+						return;
+					}
+
+					break;
+				case S.HEADER_VALUE_START:
+					if (c === SPACE) {
+						break;
+					}
+
+					mark('onHeaderValue');
+					state = S.HEADER_VALUE;
+					// falls through
+				case S.HEADER_VALUE:
+					if (c === CR) {
+						dataCallback('onHeaderValue', true);
+						callback('onHeaderEnd');
+						state = S.HEADER_VALUE_ALMOST_DONE;
+					}
+
+					break;
+				case S.HEADER_VALUE_ALMOST_DONE:
+					if (c !== LF) {
+						return;
+					}
+
+					state = S.HEADER_FIELD_START;
+					break;
+				case S.HEADERS_ALMOST_DONE:
+					if (c !== LF) {
+						return;
+					}
+
+					callback('onHeadersEnd');
+					state = S.PART_DATA_START;
+					break;
+				case S.PART_DATA_START:
+					state = S.PART_DATA;
+					mark('onPartData');
+					// falls through
+				case S.PART_DATA:
+					previousIndex = index;
+
+					if (index === 0) {
+						// boyer-moore derrived algorithm to safely skip non-boundary data
+						i += boundaryEnd;
+						while (i < bufferLength && !(data[i] in boundaryChars)) {
+							i += boundaryLength;
+						}
+
+						i -= boundaryEnd;
+						c = data[i];
+					}
+
+					if (index < boundary.length) {
+						if (boundary[index] === c) {
+							if (index === 0) {
+								dataCallback('onPartData', true);
+							}
+
+							index++;
+						} else {
+							index = 0;
+						}
+					} else if (index === boundary.length) {
+						index++;
+						if (c === CR) {
+							// CR = part boundary
+							flags |= F.PART_BOUNDARY;
+						} else if (c === HYPHEN) {
+							// HYPHEN = end boundary
+							flags |= F.LAST_BOUNDARY;
+						} else {
+							index = 0;
+						}
+					} else if (index - 1 === boundary.length) {
+						if (flags & F.PART_BOUNDARY) {
+							index = 0;
+							if (c === LF) {
+								// unset the PART_BOUNDARY flag
+								flags &= ~F.PART_BOUNDARY;
+								callback('onPartEnd');
+								callback('onPartBegin');
+								state = S.HEADER_FIELD_START;
+								break;
+							}
+						} else if (flags & F.LAST_BOUNDARY) {
+							if (c === HYPHEN) {
+								callback('onPartEnd');
+								state = S.END;
+								flags = 0;
+							} else {
+								index = 0;
+							}
+						} else {
+							index = 0;
+						}
+					}
+
+					if (index > 0) {
+						// when matching a possible boundary, keep a lookbehind reference
+						// in case it turns out to be a false lead
+						lookbehind[index - 1] = c;
+					} else if (previousIndex > 0) {
+						// if our boundary turned out to be rubbish, the captured lookbehind
+						// belongs to partData
+						const _lookbehind = new Uint8Array(lookbehind.buffer, lookbehind.byteOffset, lookbehind.byteLength);
+						callback('onPartData', 0, previousIndex, _lookbehind);
+						previousIndex = 0;
+						mark('onPartData');
+
+						// reconsider the current character even so it interrupted the sequence
+						// it could be the beginning of a new sequence
+						i--;
+					}
+
+					break;
+				case S.END:
+					break;
+				default:
+					throw new Error(`Unexpected state entered: ${state}`);
+			}
+		}
+
+		dataCallback('onHeaderField');
+		dataCallback('onHeaderValue');
+		dataCallback('onPartData');
+
+		// Update properties for the next call
+		this.index = index;
+		this.state = state;
+		this.flags = flags;
+	}
+
+	end() {
+		if ((this.state === S.HEADER_FIELD_START && this.index === 0) ||
+			(this.state === S.PART_DATA && this.index === this.boundary.length)) {
+			this.onPartEnd();
+		} else if (this.state !== S.END) {
+			throw new Error('MultipartParser.end(): stream ended unexpectedly');
+		}
+	}
+}
+
+function _fileName(headerValue) {
+	// matches either a quoted-string or a token (RFC 2616 section 19.5.1)
+	const m = headerValue.match(/\bfilename=("(.*?)"|([^()<>@,;:\\"/[\]?={}\s\t]+))($|;\s)/i);
+	if (!m) {
+		return;
+	}
+
+	const match = m[2] || m[3] || '';
+	let filename = match.slice(match.lastIndexOf('\\') + 1);
+	filename = filename.replace(/%22/g, '"');
+	filename = filename.replace(/&#(\d{4});/g, (m, code) => {
+		return String.fromCharCode(code);
+	});
+	return filename;
+}
+
+async function toFormData(Body, ct) {
+	if (!/multipart/i.test(ct)) {
+		throw new TypeError('Failed to fetch');
+	}
+
+	const m = ct.match(/boundary=(?:"([^"]+)"|([^;]+))/i);
+
+	if (!m) {
+		throw new TypeError('no or bad content-type header, no multipart boundary');
+	}
+
+	const parser = new MultipartParser(m[1] || m[2]);
+
+	let headerField;
+	let headerValue;
+	let entryValue;
+	let entryName;
+	let contentType;
+	let filename;
+	const entryChunks = [];
+	const formData = new formdata_polyfill_esm_min_js__WEBPACK_IMPORTED_MODULE_1__/* .FormData */ .Ct();
+
+	const onPartData = ui8a => {
+		entryValue += decoder.decode(ui8a, {stream: true});
+	};
+
+	const appendToFile = ui8a => {
+		entryChunks.push(ui8a);
+	};
+
+	const appendFileToFormData = () => {
+		const file = new fetch_blob_from_js__WEBPACK_IMPORTED_MODULE_0__/* .File */ .$B(entryChunks, filename, {type: contentType});
+		formData.append(entryName, file);
+	};
+
+	const appendEntryToFormData = () => {
+		formData.append(entryName, entryValue);
+	};
+
+	const decoder = new TextDecoder('utf-8');
+	decoder.decode();
+
+	parser.onPartBegin = function () {
+		parser.onPartData = onPartData;
+		parser.onPartEnd = appendEntryToFormData;
+
+		headerField = '';
+		headerValue = '';
+		entryValue = '';
+		entryName = '';
+		contentType = '';
+		filename = null;
+		entryChunks.length = 0;
+	};
+
+	parser.onHeaderField = function (ui8a) {
+		headerField += decoder.decode(ui8a, {stream: true});
+	};
+
+	parser.onHeaderValue = function (ui8a) {
+		headerValue += decoder.decode(ui8a, {stream: true});
+	};
+
+	parser.onHeaderEnd = function () {
+		headerValue += decoder.decode();
+		headerField = headerField.toLowerCase();
+
+		if (headerField === 'content-disposition') {
+			// matches either a quoted-string or a token (RFC 2616 section 19.5.1)
+			const m = headerValue.match(/\bname=("([^"]*)"|([^()<>@,;:\\"/[\]?={}\s\t]+))/i);
+
+			if (m) {
+				entryName = m[2] || m[3] || '';
+			}
+
+			filename = _fileName(headerValue);
+
+			if (filename) {
+				parser.onPartData = appendToFile;
+				parser.onPartEnd = appendFileToFormData;
+			}
+		} else if (headerField === 'content-type') {
+			contentType = headerValue;
+		}
+
+		headerValue = '';
+		headerField = '';
+	};
+
+	for await (const chunk of Body) {
+		parser.write(chunk);
+	}
+
+	parser.end();
+
+	return formData;
+}
+
+
+/***/ })
+
+};
+;
+//# sourceMappingURL=629.index.js.map

dist/node_modules/asn1.js/.eslintrc.js

@@ -1,27 +0,0 @@
-module.exports = {
-  'env': {
-    'browser': false,
-    'commonjs': true,
-    'es6': true,
-    'node': true
-  },
-  'extends': 'eslint:recommended',
-  'rules': {
-    'indent': [
-      'error',
-      2
-    ],
-    'linebreak-style': [
-      'error',
-      'unix'
-    ],
-    'quotes': [
-      'error',
-      'single'
-    ],
-    'semi': [
-      'error',
-      'always'
-    ]
-  }
-};

dist/node_modules/asn1.js/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2017 Fedor Indutny
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

dist/node_modules/asn1.js/README.md

@@ -1,100 +0,0 @@
-# ASN1.js
-
-ASN.1 DER Encoder/Decoder and DSL.
-
-## Example
-
-Define model:
-
-```javascript
-var asn = require('asn1.js');
-
-var Human = asn.define('Human', function() {
-  this.seq().obj(
-    this.key('firstName').octstr(),
-    this.key('lastName').octstr(),
-    this.key('age').int(),
-    this.key('gender').enum({ 0: 'male', 1: 'female' }),
-    this.key('bio').seqof(Bio)
-  );
-});
-
-var Bio = asn.define('Bio', function() {
-  this.seq().obj(
-    this.key('time').gentime(),
-    this.key('description').octstr()
-  );
-});
-```
-
-Encode data:
-
-```javascript
-var output = Human.encode({
-  firstName: 'Thomas',
-  lastName: 'Anderson',
-  age: 28,
-  gender: 'male',
-  bio: [
-    {
-      time: +new Date('31 March 1999'),
-      description: 'freedom of mind'
-    }
-  ]
-}, 'der');
-```
-
-Decode data:
-
-```javascript
-var human = Human.decode(output, 'der');
-console.log(human);
-/*
-{ firstName: <Buffer 54 68 6f 6d 61 73>,
-  lastName: <Buffer 41 6e 64 65 72 73 6f 6e>,
-  age: 28,
-  gender: 'male',
-  bio:
-   [ { time: 922820400000,
-       description: <Buffer 66 72 65 65 64 6f 6d 20 6f 66 20 6d 69 6e 64> } ] }
-*/
-```
-
-### Partial decode
-
-Its possible to parse data without stopping on first error. In order to do it,
-you should call:
-
-```javascript
-var human = Human.decode(output, 'der', { partial: true });
-console.log(human);
-/*
-{ result: { ... },
-  errors: [ ... ] }
-*/
-```
-
-#### LICENSE
-
-This software is licensed under the MIT License.
-
-Copyright Fedor Indutny, 2017.
-
-Permission is hereby granted, free of charge, to any person obtaining a
-copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to permit
-persons to whom the Software is furnished to do so, subject to the
-following conditions:
-
-The above copyright notice and this permission notice shall be included
-in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
-NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
-DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
-OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
-USE OR OTHER DEALINGS IN THE SOFTWARE.

dist/node_modules/asn1.js/lib/asn1.js

@@ -1,11 +0,0 @@
-'use strict';
-
-const asn1 = exports;
-
-asn1.bignum = require('bn.js');
-
-asn1.define = require('./asn1/api').define;
-asn1.base = require('./asn1/base');
-asn1.constants = require('./asn1/constants');
-asn1.decoders = require('./asn1/decoders');
-asn1.encoders = require('./asn1/encoders');

dist/node_modules/asn1.js/lib/asn1/api.js

@@ -1,57 +0,0 @@
-'use strict';
-
-const encoders = require('./encoders');
-const decoders = require('./decoders');
-const inherits = require('inherits');
-
-const api = exports;
-
-api.define = function define(name, body) {
-  return new Entity(name, body);
-};
-
-function Entity(name, body) {
-  this.name = name;
-  this.body = body;
-
-  this.decoders = {};
-  this.encoders = {};
-}
-
-Entity.prototype._createNamed = function createNamed(Base) {
-  const name = this.name;
-
-  function Generated(entity) {
-    this._initNamed(entity, name);
-  }
-  inherits(Generated, Base);
-  Generated.prototype._initNamed = function _initNamed(entity, name) {
-    Base.call(this, entity, name);
-  };
-
-  return new Generated(this);
-};
-
-Entity.prototype._getDecoder = function _getDecoder(enc) {
-  enc = enc || 'der';
-  // Lazily create decoder
-  if (!this.decoders.hasOwnProperty(enc))
-    this.decoders[enc] = this._createNamed(decoders[enc]);
-  return this.decoders[enc];
-};
-
-Entity.prototype.decode = function decode(data, enc, options) {
-  return this._getDecoder(enc).decode(data, options);
-};
-
-Entity.prototype._getEncoder = function _getEncoder(enc) {
-  enc = enc || 'der';
-  // Lazily create encoder
-  if (!this.encoders.hasOwnProperty(enc))
-    this.encoders[enc] = this._createNamed(encoders[enc]);
-  return this.encoders[enc];
-};
-
-Entity.prototype.encode = function encode(data, enc, /* internal */ reporter) {
-  return this._getEncoder(enc).encode(data, reporter);
-};

dist/node_modules/asn1.js/lib/asn1/base/buffer.js

@@ -1,153 +0,0 @@
-'use strict';
-
-const inherits = require('inherits');
-const Reporter = require('../base/reporter').Reporter;
-const Buffer = require('safer-buffer').Buffer;
-
-function DecoderBuffer(base, options) {
-  Reporter.call(this, options);
-  if (!Buffer.isBuffer(base)) {
-    this.error('Input not Buffer');
-    return;
-  }
-
-  this.base = base;
-  this.offset = 0;
-  this.length = base.length;
-}
-inherits(DecoderBuffer, Reporter);
-exports.DecoderBuffer = DecoderBuffer;
-
-DecoderBuffer.isDecoderBuffer = function isDecoderBuffer(data) {
-  if (data instanceof DecoderBuffer) {
-    return true;
-  }
-
-  // Or accept compatible API
-  const isCompatible = typeof data === 'object' &&
-    Buffer.isBuffer(data.base) &&
-    data.constructor.name === 'DecoderBuffer' &&
-    typeof data.offset === 'number' &&
-    typeof data.length === 'number' &&
-    typeof data.save === 'function' &&
-    typeof data.restore === 'function' &&
-    typeof data.isEmpty === 'function' &&
-    typeof data.readUInt8 === 'function' &&
-    typeof data.skip === 'function' &&
-    typeof data.raw === 'function';
-
-  return isCompatible;
-};
-
-DecoderBuffer.prototype.save = function save() {
-  return { offset: this.offset, reporter: Reporter.prototype.save.call(this) };
-};
-
-DecoderBuffer.prototype.restore = function restore(save) {
-  // Return skipped data
-  const res = new DecoderBuffer(this.base);
-  res.offset = save.offset;
-  res.length = this.offset;
-
-  this.offset = save.offset;
-  Reporter.prototype.restore.call(this, save.reporter);
-
-  return res;
-};
-
-DecoderBuffer.prototype.isEmpty = function isEmpty() {
-  return this.offset === this.length;
-};
-
-DecoderBuffer.prototype.readUInt8 = function readUInt8(fail) {
-  if (this.offset + 1 <= this.length)
-    return this.base.readUInt8(this.offset++, true);
-  else
-    return this.error(fail || 'DecoderBuffer overrun');
-};
-
-DecoderBuffer.prototype.skip = function skip(bytes, fail) {
-  if (!(this.offset + bytes <= this.length))
-    return this.error(fail || 'DecoderBuffer overrun');
-
-  const res = new DecoderBuffer(this.base);
-
-  // Share reporter state
-  res._reporterState = this._reporterState;
-
-  res.offset = this.offset;
-  res.length = this.offset + bytes;
-  this.offset += bytes;
-  return res;
-};
-
-DecoderBuffer.prototype.raw = function raw(save) {
-  return this.base.slice(save ? save.offset : this.offset, this.length);
-};
-
-function EncoderBuffer(value, reporter) {
-  if (Array.isArray(value)) {
-    this.length = 0;
-    this.value = value.map(function(item) {
-      if (!EncoderBuffer.isEncoderBuffer(item))
-        item = new EncoderBuffer(item, reporter);
-      this.length += item.length;
-      return item;
-    }, this);
-  } else if (typeof value === 'number') {
-    if (!(0 <= value && value <= 0xff))
-      return reporter.error('non-byte EncoderBuffer value');
-    this.value = value;
-    this.length = 1;
-  } else if (typeof value === 'string') {
-    this.value = value;
-    this.length = Buffer.byteLength(value);
-  } else if (Buffer.isBuffer(value)) {
-    this.value = value;
-    this.length = value.length;
-  } else {
-    return reporter.error('Unsupported type: ' + typeof value);
-  }
-}
-exports.EncoderBuffer = EncoderBuffer;
-
-EncoderBuffer.isEncoderBuffer = function isEncoderBuffer(data) {
-  if (data instanceof EncoderBuffer) {
-    return true;
-  }
-
-  // Or accept compatible API
-  const isCompatible = typeof data === 'object' &&
-    data.constructor.name === 'EncoderBuffer' &&
-    typeof data.length === 'number' &&
-    typeof data.join === 'function';
-
-  return isCompatible;
-};
-
-EncoderBuffer.prototype.join = function join(out, offset) {
-  if (!out)
-    out = Buffer.alloc(this.length);
-  if (!offset)
-    offset = 0;
-
-  if (this.length === 0)
-    return out;
-
-  if (Array.isArray(this.value)) {
-    this.value.forEach(function(item) {
-      item.join(out, offset);
-      offset += item.length;
-    });
-  } else {
-    if (typeof this.value === 'number')
-      out[offset] = this.value;
-    else if (typeof this.value === 'string')
-      out.write(this.value, offset);
-    else if (Buffer.isBuffer(this.value))
-      this.value.copy(out, offset);
-    offset += this.length;
-  }
-
-  return out;
-};

dist/node_modules/asn1.js/lib/asn1/base/index.js

@@ -1,8 +0,0 @@
-'use strict';
-
-const base = exports;
-
-base.Reporter = require('./reporter').Reporter;
-base.DecoderBuffer = require('./buffer').DecoderBuffer;
-base.EncoderBuffer = require('./buffer').EncoderBuffer;
-base.Node = require('./node');

dist/node_modules/asn1.js/lib/asn1/base/node.js

@@ -1,638 +0,0 @@
-'use strict';
-
-const Reporter = require('../base/reporter').Reporter;
-const EncoderBuffer = require('../base/buffer').EncoderBuffer;
-const DecoderBuffer = require('../base/buffer').DecoderBuffer;
-const assert = require('minimalistic-assert');
-
-// Supported tags
-const tags = [
-  'seq', 'seqof', 'set', 'setof', 'objid', 'bool',
-  'gentime', 'utctime', 'null_', 'enum', 'int', 'objDesc',
-  'bitstr', 'bmpstr', 'charstr', 'genstr', 'graphstr', 'ia5str', 'iso646str',
-  'numstr', 'octstr', 'printstr', 't61str', 'unistr', 'utf8str', 'videostr'
-];
-
-// Public methods list
-const methods = [
-  'key', 'obj', 'use', 'optional', 'explicit', 'implicit', 'def', 'choice',
-  'any', 'contains'
-].concat(tags);
-
-// Overrided methods list
-const overrided = [
-  '_peekTag', '_decodeTag', '_use',
-  '_decodeStr', '_decodeObjid', '_decodeTime',
-  '_decodeNull', '_decodeInt', '_decodeBool', '_decodeList',
-
-  '_encodeComposite', '_encodeStr', '_encodeObjid', '_encodeTime',
-  '_encodeNull', '_encodeInt', '_encodeBool'
-];
-
-function Node(enc, parent, name) {
-  const state = {};
-  this._baseState = state;
-
-  state.name = name;
-  state.enc = enc;
-
-  state.parent = parent || null;
-  state.children = null;
-
-  // State
-  state.tag = null;
-  state.args = null;
-  state.reverseArgs = null;
-  state.choice = null;
-  state.optional = false;
-  state.any = false;
-  state.obj = false;
-  state.use = null;
-  state.useDecoder = null;
-  state.key = null;
-  state['default'] = null;
-  state.explicit = null;
-  state.implicit = null;
-  state.contains = null;
-
-  // Should create new instance on each method
-  if (!state.parent) {
-    state.children = [];
-    this._wrap();
-  }
-}
-module.exports = Node;
-
-const stateProps = [
-  'enc', 'parent', 'children', 'tag', 'args', 'reverseArgs', 'choice',
-  'optional', 'any', 'obj', 'use', 'alteredUse', 'key', 'default', 'explicit',
-  'implicit', 'contains'
-];
-
-Node.prototype.clone = function clone() {
-  const state = this._baseState;
-  const cstate = {};
-  stateProps.forEach(function(prop) {
-    cstate[prop] = state[prop];
-  });
-  const res = new this.constructor(cstate.parent);
-  res._baseState = cstate;
-  return res;
-};
-
-Node.prototype._wrap = function wrap() {
-  const state = this._baseState;
-  methods.forEach(function(method) {
-    this[method] = function _wrappedMethod() {
-      const clone = new this.constructor(this);
-      state.children.push(clone);
-      return clone[method].apply(clone, arguments);
-    };
-  }, this);
-};
-
-Node.prototype._init = function init(body) {
-  const state = this._baseState;
-
-  assert(state.parent === null);
-  body.call(this);
-
-  // Filter children
-  state.children = state.children.filter(function(child) {
-    return child._baseState.parent === this;
-  }, this);
-  assert.equal(state.children.length, 1, 'Root node can have only one child');
-};
-
-Node.prototype._useArgs = function useArgs(args) {
-  const state = this._baseState;
-
-  // Filter children and args
-  const children = args.filter(function(arg) {
-    return arg instanceof this.constructor;
-  }, this);
-  args = args.filter(function(arg) {
-    return !(arg instanceof this.constructor);
-  }, this);
-
-  if (children.length !== 0) {
-    assert(state.children === null);
-    state.children = children;
-
-    // Replace parent to maintain backward link
-    children.forEach(function(child) {
-      child._baseState.parent = this;
-    }, this);
-  }
-  if (args.length !== 0) {
-    assert(state.args === null);
-    state.args = args;
-    state.reverseArgs = args.map(function(arg) {
-      if (typeof arg !== 'object' || arg.constructor !== Object)
-        return arg;
-
-      const res = {};
-      Object.keys(arg).forEach(function(key) {
-        if (key == (key | 0))
-          key |= 0;
-        const value = arg[key];
-        res[value] = key;
-      });
-      return res;
-    });
-  }
-};
-
-//
-// Overrided methods
-//
-
-overrided.forEach(function(method) {
-  Node.prototype[method] = function _overrided() {
-    const state = this._baseState;
-    throw new Error(method + ' not implemented for encoding: ' + state.enc);
-  };
-});
-
-//
-// Public methods
-//
-
-tags.forEach(function(tag) {
-  Node.prototype[tag] = function _tagMethod() {
-    const state = this._baseState;
-    const args = Array.prototype.slice.call(arguments);
-
-    assert(state.tag === null);
-    state.tag = tag;
-
-    this._useArgs(args);
-
-    return this;
-  };
-});
-
-Node.prototype.use = function use(item) {
-  assert(item);
-  const state = this._baseState;
-
-  assert(state.use === null);
-  state.use = item;
-
-  return this;
-};
-
-Node.prototype.optional = function optional() {
-  const state = this._baseState;
-
-  state.optional = true;
-
-  return this;
-};
-
-Node.prototype.def = function def(val) {
-  const state = this._baseState;
-
-  assert(state['default'] === null);
-  state['default'] = val;
-  state.optional = true;
-
-  return this;
-};
-
-Node.prototype.explicit = function explicit(num) {
-  const state = this._baseState;
-
-  assert(state.explicit === null && state.implicit === null);
-  state.explicit = num;
-
-  return this;
-};
-
-Node.prototype.implicit = function implicit(num) {
-  const state = this._baseState;
-
-  assert(state.explicit === null && state.implicit === null);
-  state.implicit = num;
-
-  return this;
-};
-
-Node.prototype.obj = function obj() {
-  const state = this._baseState;
-  const args = Array.prototype.slice.call(arguments);
-
-  state.obj = true;
-
-  if (args.length !== 0)
-    this._useArgs(args);
-
-  return this;
-};
-
-Node.prototype.key = function key(newKey) {
-  const state = this._baseState;
-
-  assert(state.key === null);
-  state.key = newKey;
-
-  return this;
-};
-
-Node.prototype.any = function any() {
-  const state = this._baseState;
-
-  state.any = true;
-
-  return this;
-};
-
-Node.prototype.choice = function choice(obj) {
-  const state = this._baseState;
-
-  assert(state.choice === null);
-  state.choice = obj;
-  this._useArgs(Object.keys(obj).map(function(key) {
-    return obj[key];
-  }));
-
-  return this;
-};
-
-Node.prototype.contains = function contains(item) {
-  const state = this._baseState;
-
-  assert(state.use === null);
-  state.contains = item;
-
-  return this;
-};
-
-//
-// Decoding
-//
-
-Node.prototype._decode = function decode(input, options) {
-  const state = this._baseState;
-
-  // Decode root node
-  if (state.parent === null)
-    return input.wrapResult(state.children[0]._decode(input, options));
-
-  let result = state['default'];
-  let present = true;
-
-  let prevKey = null;
-  if (state.key !== null)
-    prevKey = input.enterKey(state.key);
-
-  // Check if tag is there
-  if (state.optional) {
-    let tag = null;
-    if (state.explicit !== null)
-      tag = state.explicit;
-    else if (state.implicit !== null)
-      tag = state.implicit;
-    else if (state.tag !== null)
-      tag = state.tag;
-
-    if (tag === null && !state.any) {
-      // Trial and Error
-      const save = input.save();
-      try {
-        if (state.choice === null)
-          this._decodeGeneric(state.tag, input, options);
-        else
-          this._decodeChoice(input, options);
-        present = true;
-      } catch (e) {
-        present = false;
-      }
-      input.restore(save);
-    } else {
-      present = this._peekTag(input, tag, state.any);
-
-      if (input.isError(present))
-        return present;
-    }
-  }
-
-  // Push object on stack
-  let prevObj;
-  if (state.obj && present)
-    prevObj = input.enterObject();
-
-  if (present) {
-    // Unwrap explicit values
-    if (state.explicit !== null) {
-      const explicit = this._decodeTag(input, state.explicit);
-      if (input.isError(explicit))
-        return explicit;
-      input = explicit;
-    }
-
-    const start = input.offset;
-
-    // Unwrap implicit and normal values
-    if (state.use === null && state.choice === null) {
-      let save;
-      if (state.any)
-        save = input.save();
-      const body = this._decodeTag(
-        input,
-        state.implicit !== null ? state.implicit : state.tag,
-        state.any
-      );
-      if (input.isError(body))
-        return body;
-
-      if (state.any)
-        result = input.raw(save);
-      else
-        input = body;
-    }
-
-    if (options && options.track && state.tag !== null)
-      options.track(input.path(), start, input.length, 'tagged');
-
-    if (options && options.track && state.tag !== null)
-      options.track(input.path(), input.offset, input.length, 'content');
-
-    // Select proper method for tag
-    if (state.any) {
-      // no-op
-    } else if (state.choice === null) {
-      result = this._decodeGeneric(state.tag, input, options);
-    } else {
-      result = this._decodeChoice(input, options);
-    }
-
-    if (input.isError(result))
-      return result;
-
-    // Decode children
-    if (!state.any && state.choice === null && state.children !== null) {
-      state.children.forEach(function decodeChildren(child) {
-        // NOTE: We are ignoring errors here, to let parser continue with other
-        // parts of encoded data
-        child._decode(input, options);
-      });
-    }
-
-    // Decode contained/encoded by schema, only in bit or octet strings
-    if (state.contains && (state.tag === 'octstr' || state.tag === 'bitstr')) {
-      const data = new DecoderBuffer(result);
-      result = this._getUse(state.contains, input._reporterState.obj)
-        ._decode(data, options);
-    }
-  }
-
-  // Pop object
-  if (state.obj && present)
-    result = input.leaveObject(prevObj);
-
-  // Set key
-  if (state.key !== null && (result !== null || present === true))
-    input.leaveKey(prevKey, state.key, result);
-  else if (prevKey !== null)
-    input.exitKey(prevKey);
-
-  return result;
-};
-
-Node.prototype._decodeGeneric = function decodeGeneric(tag, input, options) {
-  const state = this._baseState;
-
-  if (tag === 'seq' || tag === 'set')
-    return null;
-  if (tag === 'seqof' || tag === 'setof')
-    return this._decodeList(input, tag, state.args[0], options);
-  else if (/str$/.test(tag))
-    return this._decodeStr(input, tag, options);
-  else if (tag === 'objid' && state.args)
-    return this._decodeObjid(input, state.args[0], state.args[1], options);
-  else if (tag === 'objid')
-    return this._decodeObjid(input, null, null, options);
-  else if (tag === 'gentime' || tag === 'utctime')
-    return this._decodeTime(input, tag, options);
-  else if (tag === 'null_')
-    return this._decodeNull(input, options);
-  else if (tag === 'bool')
-    return this._decodeBool(input, options);
-  else if (tag === 'objDesc')
-    return this._decodeStr(input, tag, options);
-  else if (tag === 'int' || tag === 'enum')
-    return this._decodeInt(input, state.args && state.args[0], options);
-
-  if (state.use !== null) {
-    return this._getUse(state.use, input._reporterState.obj)
-      ._decode(input, options);
-  } else {
-    return input.error('unknown tag: ' + tag);
-  }
-};
-
-Node.prototype._getUse = function _getUse(entity, obj) {
-
-  const state = this._baseState;
-  // Create altered use decoder if implicit is set
-  state.useDecoder = this._use(entity, obj);
-  assert(state.useDecoder._baseState.parent === null);
-  state.useDecoder = state.useDecoder._baseState.children[0];
-  if (state.implicit !== state.useDecoder._baseState.implicit) {
-    state.useDecoder = state.useDecoder.clone();
-    state.useDecoder._baseState.implicit = state.implicit;
-  }
-  return state.useDecoder;
-};
-
-Node.prototype._decodeChoice = function decodeChoice(input, options) {
-  const state = this._baseState;
-  let result = null;
-  let match = false;
-
-  Object.keys(state.choice).some(function(key) {
-    const save = input.save();
-    const node = state.choice[key];
-    try {
-      const value = node._decode(input, options);
-      if (input.isError(value))
-        return false;
-
-      result = { type: key, value: value };
-      match = true;
-    } catch (e) {
-      input.restore(save);
-      return false;
-    }
-    return true;
-  }, this);
-
-  if (!match)
-    return input.error('Choice not matched');
-
-  return result;
-};
-
-//
-// Encoding
-//
-
-Node.prototype._createEncoderBuffer = function createEncoderBuffer(data) {
-  return new EncoderBuffer(data, this.reporter);
-};
-
-Node.prototype._encode = function encode(data, reporter, parent) {
-  const state = this._baseState;
-  if (state['default'] !== null && state['default'] === data)
-    return;
-
-  const result = this._encodeValue(data, reporter, parent);
-  if (result === undefined)
-    return;
-
-  if (this._skipDefault(result, reporter, parent))
-    return;
-
-  return result;
-};
-
-Node.prototype._encodeValue = function encode(data, reporter, parent) {
-  const state = this._baseState;
-
-  // Decode root node
-  if (state.parent === null)
-    return state.children[0]._encode(data, reporter || new Reporter());
-
-  let result = null;
-
-  // Set reporter to share it with a child class
-  this.reporter = reporter;
-
-  // Check if data is there
-  if (state.optional && data === undefined) {
-    if (state['default'] !== null)
-      data = state['default'];
-    else
-      return;
-  }
-
-  // Encode children first
-  let content = null;
-  let primitive = false;
-  if (state.any) {
-    // Anything that was given is translated to buffer
-    result = this._createEncoderBuffer(data);
-  } else if (state.choice) {
-    result = this._encodeChoice(data, reporter);
-  } else if (state.contains) {
-    content = this._getUse(state.contains, parent)._encode(data, reporter);
-    primitive = true;
-  } else if (state.children) {
-    content = state.children.map(function(child) {
-      if (child._baseState.tag === 'null_')
-        return child._encode(null, reporter, data);
-
-      if (child._baseState.key === null)
-        return reporter.error('Child should have a key');
-      const prevKey = reporter.enterKey(child._baseState.key);
-
-      if (typeof data !== 'object')
-        return reporter.error('Child expected, but input is not object');
-
-      const res = child._encode(data[child._baseState.key], reporter, data);
-      reporter.leaveKey(prevKey);
-
-      return res;
-    }, this).filter(function(child) {
-      return child;
-    });
-    content = this._createEncoderBuffer(content);
-  } else {
-    if (state.tag === 'seqof' || state.tag === 'setof') {
-      // TODO(indutny): this should be thrown on DSL level
-      if (!(state.args && state.args.length === 1))
-        return reporter.error('Too many args for : ' + state.tag);
-
-      if (!Array.isArray(data))
-        return reporter.error('seqof/setof, but data is not Array');
-
-      const child = this.clone();
-      child._baseState.implicit = null;
-      content = this._createEncoderBuffer(data.map(function(item) {
-        const state = this._baseState;
-
-        return this._getUse(state.args[0], data)._encode(item, reporter);
-      }, child));
-    } else if (state.use !== null) {
-      result = this._getUse(state.use, parent)._encode(data, reporter);
-    } else {
-      content = this._encodePrimitive(state.tag, data);
-      primitive = true;
-    }
-  }
-
-  // Encode data itself
-  if (!state.any && state.choice === null) {
-    const tag = state.implicit !== null ? state.implicit : state.tag;
-    const cls = state.implicit === null ? 'universal' : 'context';
-
-    if (tag === null) {
-      if (state.use === null)
-        reporter.error('Tag could be omitted only for .use()');
-    } else {
-      if (state.use === null)
-        result = this._encodeComposite(tag, primitive, cls, content);
-    }
-  }
-
-  // Wrap in explicit
-  if (state.explicit !== null)
-    result = this._encodeComposite(state.explicit, false, 'context', result);
-
-  return result;
-};
-
-Node.prototype._encodeChoice = function encodeChoice(data, reporter) {
-  const state = this._baseState;
-
-  const node = state.choice[data.type];
-  if (!node) {
-    assert(
-      false,
-      data.type + ' not found in ' +
-            JSON.stringify(Object.keys(state.choice)));
-  }
-  return node._encode(data.value, reporter);
-};
-
-Node.prototype._encodePrimitive = function encodePrimitive(tag, data) {
-  const state = this._baseState;
-
-  if (/str$/.test(tag))
-    return this._encodeStr(data, tag);
-  else if (tag === 'objid' && state.args)
-    return this._encodeObjid(data, state.reverseArgs[0], state.args[1]);
-  else if (tag === 'objid')
-    return this._encodeObjid(data, null, null);
-  else if (tag === 'gentime' || tag === 'utctime')
-    return this._encodeTime(data, tag);
-  else if (tag === 'null_')
-    return this._encodeNull();
-  else if (tag === 'int' || tag === 'enum')
-    return this._encodeInt(data, state.args && state.reverseArgs[0]);
-  else if (tag === 'bool')
-    return this._encodeBool(data);
-  else if (tag === 'objDesc')
-    return this._encodeStr(data, tag);
-  else
-    throw new Error('Unsupported tag: ' + tag);
-};
-
-Node.prototype._isNumstr = function isNumstr(str) {
-  return /^[0-9 ]*$/.test(str);
-};
-
-Node.prototype._isPrintstr = function isPrintstr(str) {
-  return /^[A-Za-z0-9 '()+,-./:=?]*$/.test(str);
-};

dist/node_modules/asn1.js/lib/asn1/base/reporter.js

@@ -1,123 +0,0 @@
-'use strict';
-
-const inherits = require('inherits');
-
-function Reporter(options) {
-  this._reporterState = {
-    obj: null,
-    path: [],
-    options: options || {},
-    errors: []
-  };
-}
-exports.Reporter = Reporter;
-
-Reporter.prototype.isError = function isError(obj) {
-  return obj instanceof ReporterError;
-};
-
-Reporter.prototype.save = function save() {
-  const state = this._reporterState;
-
-  return { obj: state.obj, pathLen: state.path.length };
-};
-
-Reporter.prototype.restore = function restore(data) {
-  const state = this._reporterState;
-
-  state.obj = data.obj;
-  state.path = state.path.slice(0, data.pathLen);
-};
-
-Reporter.prototype.enterKey = function enterKey(key) {
-  return this._reporterState.path.push(key);
-};
-
-Reporter.prototype.exitKey = function exitKey(index) {
-  const state = this._reporterState;
-
-  state.path = state.path.slice(0, index - 1);
-};
-
-Reporter.prototype.leaveKey = function leaveKey(index, key, value) {
-  const state = this._reporterState;
-
-  this.exitKey(index);
-  if (state.obj !== null)
-    state.obj[key] = value;
-};
-
-Reporter.prototype.path = function path() {
-  return this._reporterState.path.join('/');
-};
-
-Reporter.prototype.enterObject = function enterObject() {
-  const state = this._reporterState;
-
-  const prev = state.obj;
-  state.obj = {};
-  return prev;
-};
-
-Reporter.prototype.leaveObject = function leaveObject(prev) {
-  const state = this._reporterState;
-
-  const now = state.obj;
-  state.obj = prev;
-  return now;
-};
-
-Reporter.prototype.error = function error(msg) {
-  let err;
-  const state = this._reporterState;
-
-  const inherited = msg instanceof ReporterError;
-  if (inherited) {
-    err = msg;
-  } else {
-    err = new ReporterError(state.path.map(function(elem) {
-      return '[' + JSON.stringify(elem) + ']';
-    }).join(''), msg.message || msg, msg.stack);
-  }
-
-  if (!state.options.partial)
-    throw err;
-
-  if (!inherited)
-    state.errors.push(err);
-
-  return err;
-};
-
-Reporter.prototype.wrapResult = function wrapResult(result) {
-  const state = this._reporterState;
-  if (!state.options.partial)
-    return result;
-
-  return {
-    result: this.isError(result) ? null : result,
-    errors: state.errors
-  };
-};
-
-function ReporterError(path, msg) {
-  this.path = path;
-  this.rethrow(msg);
-}
-inherits(ReporterError, Error);
-
-ReporterError.prototype.rethrow = function rethrow(msg) {
-  this.message = msg + ' at: ' + (this.path || '(shallow)');
-  if (Error.captureStackTrace)
-    Error.captureStackTrace(this, ReporterError);
-
-  if (!this.stack) {
-    try {
-      // IE only adds stack when thrown
-      throw new Error(this.message);
-    } catch (e) {
-      this.stack = e.stack;
-    }
-  }
-  return this;
-};

dist/node_modules/asn1.js/lib/asn1/constants/der.js

@@ -1,58 +0,0 @@
-'use strict';
-
-// Helper
-function reverse(map) {
-  const res = {};
-
-  Object.keys(map).forEach(function(key) {
-    // Convert key to integer if it is stringified
-    if ((key | 0) == key)
-      key = key | 0;
-
-    const value = map[key];
-    res[value] = key;
-  });
-
-  return res;
-}
-
-exports.tagClass = {
-  0: 'universal',
-  1: 'application',
-  2: 'context',
-  3: 'private'
-};
-exports.tagClassByName = reverse(exports.tagClass);
-
-exports.tag = {
-  0x00: 'end',
-  0x01: 'bool',
-  0x02: 'int',
-  0x03: 'bitstr',
-  0x04: 'octstr',
-  0x05: 'null_',
-  0x06: 'objid',
-  0x07: 'objDesc',
-  0x08: 'external',
-  0x09: 'real',
-  0x0a: 'enum',
-  0x0b: 'embed',
-  0x0c: 'utf8str',
-  0x0d: 'relativeOid',
-  0x10: 'seq',
-  0x11: 'set',
-  0x12: 'numstr',
-  0x13: 'printstr',
-  0x14: 't61str',
-  0x15: 'videostr',
-  0x16: 'ia5str',
-  0x17: 'utctime',
-  0x18: 'gentime',
-  0x19: 'graphstr',
-  0x1a: 'iso646str',
-  0x1b: 'genstr',
-  0x1c: 'unistr',
-  0x1d: 'charstr',
-  0x1e: 'bmpstr'
-};
-exports.tagByName = reverse(exports.tag);

dist/node_modules/asn1.js/lib/asn1/constants/index.js

@@ -1,21 +0,0 @@
-'use strict';
-
-const constants = exports;
-
-// Helper
-constants._reverse = function reverse(map) {
-  const res = {};
-
-  Object.keys(map).forEach(function(key) {
-    // Convert key to integer if it is stringified
-    if ((key | 0) == key)
-      key = key | 0;
-
-    const value = map[key];
-    res[value] = key;
-  });
-
-  return res;
-};
-
-constants.der = require('./der');

dist/node_modules/asn1.js/lib/asn1/decoders/der.js

@@ -1,335 +0,0 @@
-'use strict';
-
-const inherits = require('inherits');
-
-const bignum = require('bn.js');
-const DecoderBuffer = require('../base/buffer').DecoderBuffer;
-const Node = require('../base/node');
-
-// Import DER constants
-const der = require('../constants/der');
-
-function DERDecoder(entity) {
-  this.enc = 'der';
-  this.name = entity.name;
-  this.entity = entity;
-
-  // Construct base tree
-  this.tree = new DERNode();
-  this.tree._init(entity.body);
-}
-module.exports = DERDecoder;
-
-DERDecoder.prototype.decode = function decode(data, options) {
-  if (!DecoderBuffer.isDecoderBuffer(data)) {
-    data = new DecoderBuffer(data, options);
-  }
-
-  return this.tree._decode(data, options);
-};
-
-// Tree methods
-
-function DERNode(parent) {
-  Node.call(this, 'der', parent);
-}
-inherits(DERNode, Node);
-
-DERNode.prototype._peekTag = function peekTag(buffer, tag, any) {
-  if (buffer.isEmpty())
-    return false;
-
-  const state = buffer.save();
-  const decodedTag = derDecodeTag(buffer, 'Failed to peek tag: "' + tag + '"');
-  if (buffer.isError(decodedTag))
-    return decodedTag;
-
-  buffer.restore(state);
-
-  return decodedTag.tag === tag || decodedTag.tagStr === tag ||
-    (decodedTag.tagStr + 'of') === tag || any;
-};
-
-DERNode.prototype._decodeTag = function decodeTag(buffer, tag, any) {
-  const decodedTag = derDecodeTag(buffer,
-    'Failed to decode tag of "' + tag + '"');
-  if (buffer.isError(decodedTag))
-    return decodedTag;
-
-  let len = derDecodeLen(buffer,
-    decodedTag.primitive,
-    'Failed to get length of "' + tag + '"');
-
-  // Failure
-  if (buffer.isError(len))
-    return len;
-
-  if (!any &&
-      decodedTag.tag !== tag &&
-      decodedTag.tagStr !== tag &&
-      decodedTag.tagStr + 'of' !== tag) {
-    return buffer.error('Failed to match tag: "' + tag + '"');
-  }
-
-  if (decodedTag.primitive || len !== null)
-    return buffer.skip(len, 'Failed to match body of: "' + tag + '"');
-
-  // Indefinite length... find END tag
-  const state = buffer.save();
-  const res = this._skipUntilEnd(
-    buffer,
-    'Failed to skip indefinite length body: "' + this.tag + '"');
-  if (buffer.isError(res))
-    return res;
-
-  len = buffer.offset - state.offset;
-  buffer.restore(state);
-  return buffer.skip(len, 'Failed to match body of: "' + tag + '"');
-};
-
-DERNode.prototype._skipUntilEnd = function skipUntilEnd(buffer, fail) {
-  for (;;) {
-    const tag = derDecodeTag(buffer, fail);
-    if (buffer.isError(tag))
-      return tag;
-    const len = derDecodeLen(buffer, tag.primitive, fail);
-    if (buffer.isError(len))
-      return len;
-
-    let res;
-    if (tag.primitive || len !== null)
-      res = buffer.skip(len);
-    else
-      res = this._skipUntilEnd(buffer, fail);
-
-    // Failure
-    if (buffer.isError(res))
-      return res;
-
-    if (tag.tagStr === 'end')
-      break;
-  }
-};
-
-DERNode.prototype._decodeList = function decodeList(buffer, tag, decoder,
-  options) {
-  const result = [];
-  while (!buffer.isEmpty()) {
-    const possibleEnd = this._peekTag(buffer, 'end');
-    if (buffer.isError(possibleEnd))
-      return possibleEnd;
-
-    const res = decoder.decode(buffer, 'der', options);
-    if (buffer.isError(res) && possibleEnd)
-      break;
-    result.push(res);
-  }
-  return result;
-};
-
-DERNode.prototype._decodeStr = function decodeStr(buffer, tag) {
-  if (tag === 'bitstr') {
-    const unused = buffer.readUInt8();
-    if (buffer.isError(unused))
-      return unused;
-    return { unused: unused, data: buffer.raw() };
-  } else if (tag === 'bmpstr') {
-    const raw = buffer.raw();
-    if (raw.length % 2 === 1)
-      return buffer.error('Decoding of string type: bmpstr length mismatch');
-
-    let str = '';
-    for (let i = 0; i < raw.length / 2; i++) {
-      str += String.fromCharCode(raw.readUInt16BE(i * 2));
-    }
-    return str;
-  } else if (tag === 'numstr') {
-    const numstr = buffer.raw().toString('ascii');
-    if (!this._isNumstr(numstr)) {
-      return buffer.error('Decoding of string type: ' +
-                          'numstr unsupported characters');
-    }
-    return numstr;
-  } else if (tag === 'octstr') {
-    return buffer.raw();
-  } else if (tag === 'objDesc') {
-    return buffer.raw();
-  } else if (tag === 'printstr') {
-    const printstr = buffer.raw().toString('ascii');
-    if (!this._isPrintstr(printstr)) {
-      return buffer.error('Decoding of string type: ' +
-                          'printstr unsupported characters');
-    }
-    return printstr;
-  } else if (/str$/.test(tag)) {
-    return buffer.raw().toString();
-  } else {
-    return buffer.error('Decoding of string type: ' + tag + ' unsupported');
-  }
-};
-
-DERNode.prototype._decodeObjid = function decodeObjid(buffer, values, relative) {
-  let result;
-  const identifiers = [];
-  let ident = 0;
-  let subident = 0;
-  while (!buffer.isEmpty()) {
-    subident = buffer.readUInt8();
-    ident <<= 7;
-    ident |= subident & 0x7f;
-    if ((subident & 0x80) === 0) {
-      identifiers.push(ident);
-      ident = 0;
-    }
-  }
-  if (subident & 0x80)
-    identifiers.push(ident);
-
-  const first = (identifiers[0] / 40) | 0;
-  const second = identifiers[0] % 40;
-
-  if (relative)
-    result = identifiers;
-  else
-    result = [first, second].concat(identifiers.slice(1));
-
-  if (values) {
-    let tmp = values[result.join(' ')];
-    if (tmp === undefined)
-      tmp = values[result.join('.')];
-    if (tmp !== undefined)
-      result = tmp;
-  }
-
-  return result;
-};
-
-DERNode.prototype._decodeTime = function decodeTime(buffer, tag) {
-  const str = buffer.raw().toString();
-
-  let year;
-  let mon;
-  let day;
-  let hour;
-  let min;
-  let sec;
-  if (tag === 'gentime') {
-    year = str.slice(0, 4) | 0;
-    mon = str.slice(4, 6) | 0;
-    day = str.slice(6, 8) | 0;
-    hour = str.slice(8, 10) | 0;
-    min = str.slice(10, 12) | 0;
-    sec = str.slice(12, 14) | 0;
-  } else if (tag === 'utctime') {
-    year = str.slice(0, 2) | 0;
-    mon = str.slice(2, 4) | 0;
-    day = str.slice(4, 6) | 0;
-    hour = str.slice(6, 8) | 0;
-    min = str.slice(8, 10) | 0;
-    sec = str.slice(10, 12) | 0;
-    if (year < 70)
-      year = 2000 + year;
-    else
-      year = 1900 + year;
-  } else {
-    return buffer.error('Decoding ' + tag + ' time is not supported yet');
-  }
-
-  return Date.UTC(year, mon - 1, day, hour, min, sec, 0);
-};
-
-DERNode.prototype._decodeNull = function decodeNull() {
-  return null;
-};
-
-DERNode.prototype._decodeBool = function decodeBool(buffer) {
-  const res = buffer.readUInt8();
-  if (buffer.isError(res))
-    return res;
-  else
-    return res !== 0;
-};
-
-DERNode.prototype._decodeInt = function decodeInt(buffer, values) {
-  // Bigint, return as it is (assume big endian)
-  const raw = buffer.raw();
-  let res = new bignum(raw);
-
-  if (values)
-    res = values[res.toString(10)] || res;
-
-  return res;
-};
-
-DERNode.prototype._use = function use(entity, obj) {
-  if (typeof entity === 'function')
-    entity = entity(obj);
-  return entity._getDecoder('der').tree;
-};
-
-// Utility methods
-
-function derDecodeTag(buf, fail) {
-  let tag = buf.readUInt8(fail);
-  if (buf.isError(tag))
-    return tag;
-
-  const cls = der.tagClass[tag >> 6];
-  const primitive = (tag & 0x20) === 0;
-
-  // Multi-octet tag - load
-  if ((tag & 0x1f) === 0x1f) {
-    let oct = tag;
-    tag = 0;
-    while ((oct & 0x80) === 0x80) {
-      oct = buf.readUInt8(fail);
-      if (buf.isError(oct))
-        return oct;
-
-      tag <<= 7;
-      tag |= oct & 0x7f;
-    }
-  } else {
-    tag &= 0x1f;
-  }
-  const tagStr = der.tag[tag];
-
-  return {
-    cls: cls,
-    primitive: primitive,
-    tag: tag,
-    tagStr: tagStr
-  };
-}
-
-function derDecodeLen(buf, primitive, fail) {
-  let len = buf.readUInt8(fail);
-  if (buf.isError(len))
-    return len;
-
-  // Indefinite form
-  if (!primitive && len === 0x80)
-    return null;
-
-  // Definite form
-  if ((len & 0x80) === 0) {
-    // Short form
-    return len;
-  }
-
-  // Long form
-  const num = len & 0x7f;
-  if (num > 4)
-    return buf.error('length octect is too long');
-
-  len = 0;
-  for (let i = 0; i < num; i++) {
-    len <<= 8;
-    const j = buf.readUInt8(fail);
-    if (buf.isError(j))
-      return j;
-    len |= j;
-  }
-
-  return len;
-}

dist/node_modules/asn1.js/lib/asn1/decoders/index.js

@@ -1,6 +0,0 @@
-'use strict';
-
-const decoders = exports;
-
-decoders.der = require('./der');
-decoders.pem = require('./pem');

dist/node_modules/asn1.js/lib/asn1/decoders/pem.js

@@ -1,51 +0,0 @@
-'use strict';
-
-const inherits = require('inherits');
-const Buffer = require('safer-buffer').Buffer;
-
-const DERDecoder = require('./der');
-
-function PEMDecoder(entity) {
-  DERDecoder.call(this, entity);
-  this.enc = 'pem';
-}
-inherits(PEMDecoder, DERDecoder);
-module.exports = PEMDecoder;
-
-PEMDecoder.prototype.decode = function decode(data, options) {
-  const lines = data.toString().split(/[\r\n]+/g);
-
-  const label = options.label.toUpperCase();
-
-  const re = /^-----(BEGIN|END) ([^-]+)-----$/;
-  let start = -1;
-  let end = -1;
-  for (let i = 0; i < lines.length; i++) {
-    const match = lines[i].match(re);
-    if (match === null)
-      continue;
-
-    if (match[2] !== label)
-      continue;
-
-    if (start === -1) {
-      if (match[1] !== 'BEGIN')
-        break;
-      start = i;
-    } else {
-      if (match[1] !== 'END')
-        break;
-      end = i;
-      break;
-    }
-  }
-  if (start === -1 || end === -1)
-    throw new Error('PEM section not found for: ' + label);
-
-  const base64 = lines.slice(start + 1, end).join('');
-  // Remove excessive symbols
-  base64.replace(/[^a-z0-9+/=]+/gi, '');
-
-  const input = Buffer.from(base64, 'base64');
-  return DERDecoder.prototype.decode.call(this, input, options);
-};

dist/node_modules/asn1.js/lib/asn1/encoders/der.js

@@ -1,295 +0,0 @@
-'use strict';
-
-const inherits = require('inherits');
-const Buffer = require('safer-buffer').Buffer;
-const Node = require('../base/node');
-
-// Import DER constants
-const der = require('../constants/der');
-
-function DEREncoder(entity) {
-  this.enc = 'der';
-  this.name = entity.name;
-  this.entity = entity;
-
-  // Construct base tree
-  this.tree = new DERNode();
-  this.tree._init(entity.body);
-}
-module.exports = DEREncoder;
-
-DEREncoder.prototype.encode = function encode(data, reporter) {
-  return this.tree._encode(data, reporter).join();
-};
-
-// Tree methods
-
-function DERNode(parent) {
-  Node.call(this, 'der', parent);
-}
-inherits(DERNode, Node);
-
-DERNode.prototype._encodeComposite = function encodeComposite(tag,
-  primitive,
-  cls,
-  content) {
-  const encodedTag = encodeTag(tag, primitive, cls, this.reporter);
-
-  // Short form
-  if (content.length < 0x80) {
-    const header = Buffer.alloc(2);
-    header[0] = encodedTag;
-    header[1] = content.length;
-    return this._createEncoderBuffer([ header, content ]);
-  }
-
-  // Long form
-  // Count octets required to store length
-  let lenOctets = 1;
-  for (let i = content.length; i >= 0x100; i >>= 8)
-    lenOctets++;
-
-  const header = Buffer.alloc(1 + 1 + lenOctets);
-  header[0] = encodedTag;
-  header[1] = 0x80 | lenOctets;
-
-  for (let i = 1 + lenOctets, j = content.length; j > 0; i--, j >>= 8)
-    header[i] = j & 0xff;
-
-  return this._createEncoderBuffer([ header, content ]);
-};
-
-DERNode.prototype._encodeStr = function encodeStr(str, tag) {
-  if (tag === 'bitstr') {
-    return this._createEncoderBuffer([ str.unused | 0, str.data ]);
-  } else if (tag === 'bmpstr') {
-    const buf = Buffer.alloc(str.length * 2);
-    for (let i = 0; i < str.length; i++) {
-      buf.writeUInt16BE(str.charCodeAt(i), i * 2);
-    }
-    return this._createEncoderBuffer(buf);
-  } else if (tag === 'numstr') {
-    if (!this._isNumstr(str)) {
-      return this.reporter.error('Encoding of string type: numstr supports ' +
-                                 'only digits and space');
-    }
-    return this._createEncoderBuffer(str);
-  } else if (tag === 'printstr') {
-    if (!this._isPrintstr(str)) {
-      return this.reporter.error('Encoding of string type: printstr supports ' +
-                                 'only latin upper and lower case letters, ' +
-                                 'digits, space, apostrophe, left and rigth ' +
-                                 'parenthesis, plus sign, comma, hyphen, ' +
-                                 'dot, slash, colon, equal sign, ' +
-                                 'question mark');
-    }
-    return this._createEncoderBuffer(str);
-  } else if (/str$/.test(tag)) {
-    return this._createEncoderBuffer(str);
-  } else if (tag === 'objDesc') {
-    return this._createEncoderBuffer(str);
-  } else {
-    return this.reporter.error('Encoding of string type: ' + tag +
-                               ' unsupported');
-  }
-};
-
-DERNode.prototype._encodeObjid = function encodeObjid(id, values, relative) {
-  if (typeof id === 'string') {
-    if (!values)
-      return this.reporter.error('string objid given, but no values map found');
-    if (!values.hasOwnProperty(id))
-      return this.reporter.error('objid not found in values map');
-    id = values[id].split(/[\s.]+/g);
-    for (let i = 0; i < id.length; i++)
-      id[i] |= 0;
-  } else if (Array.isArray(id)) {
-    id = id.slice();
-    for (let i = 0; i < id.length; i++)
-      id[i] |= 0;
-  }
-
-  if (!Array.isArray(id)) {
-    return this.reporter.error('objid() should be either array or string, ' +
-                               'got: ' + JSON.stringify(id));
-  }
-
-  if (!relative) {
-    if (id[1] >= 40)
-      return this.reporter.error('Second objid identifier OOB');
-    id.splice(0, 2, id[0] * 40 + id[1]);
-  }
-
-  // Count number of octets
-  let size = 0;
-  for (let i = 0; i < id.length; i++) {
-    let ident = id[i];
-    for (size++; ident >= 0x80; ident >>= 7)
-      size++;
-  }
-
-  const objid = Buffer.alloc(size);
-  let offset = objid.length - 1;
-  for (let i = id.length - 1; i >= 0; i--) {
-    let ident = id[i];
-    objid[offset--] = ident & 0x7f;
-    while ((ident >>= 7) > 0)
-      objid[offset--] = 0x80 | (ident & 0x7f);
-  }
-
-  return this._createEncoderBuffer(objid);
-};
-
-function two(num) {
-  if (num < 10)
-    return '0' + num;
-  else
-    return num;
-}
-
-DERNode.prototype._encodeTime = function encodeTime(time, tag) {
-  let str;
-  const date = new Date(time);
-
-  if (tag === 'gentime') {
-    str = [
-      two(date.getUTCFullYear()),
-      two(date.getUTCMonth() + 1),
-      two(date.getUTCDate()),
-      two(date.getUTCHours()),
-      two(date.getUTCMinutes()),
-      two(date.getUTCSeconds()),
-      'Z'
-    ].join('');
-  } else if (tag === 'utctime') {
-    str = [
-      two(date.getUTCFullYear() % 100),
-      two(date.getUTCMonth() + 1),
-      two(date.getUTCDate()),
-      two(date.getUTCHours()),
-      two(date.getUTCMinutes()),
-      two(date.getUTCSeconds()),
-      'Z'
-    ].join('');
-  } else {
-    this.reporter.error('Encoding ' + tag + ' time is not supported yet');
-  }
-
-  return this._encodeStr(str, 'octstr');
-};
-
-DERNode.prototype._encodeNull = function encodeNull() {
-  return this._createEncoderBuffer('');
-};
-
-DERNode.prototype._encodeInt = function encodeInt(num, values) {
-  if (typeof num === 'string') {
-    if (!values)
-      return this.reporter.error('String int or enum given, but no values map');
-    if (!values.hasOwnProperty(num)) {
-      return this.reporter.error('Values map doesn\'t contain: ' +
-                                 JSON.stringify(num));
-    }
-    num = values[num];
-  }
-
-  // Bignum, assume big endian
-  if (typeof num !== 'number' && !Buffer.isBuffer(num)) {
-    const numArray = num.toArray();
-    if (!num.sign && numArray[0] & 0x80) {
-      numArray.unshift(0);
-    }
-    num = Buffer.from(numArray);
-  }
-
-  if (Buffer.isBuffer(num)) {
-    let size = num.length;
-    if (num.length === 0)
-      size++;
-
-    const out = Buffer.alloc(size);
-    num.copy(out);
-    if (num.length === 0)
-      out[0] = 0;
-    return this._createEncoderBuffer(out);
-  }
-
-  if (num < 0x80)
-    return this._createEncoderBuffer(num);
-
-  if (num < 0x100)
-    return this._createEncoderBuffer([0, num]);
-
-  let size = 1;
-  for (let i = num; i >= 0x100; i >>= 8)
-    size++;
-
-  const out = new Array(size);
-  for (let i = out.length - 1; i >= 0; i--) {
-    out[i] = num & 0xff;
-    num >>= 8;
-  }
-  if(out[0] & 0x80) {
-    out.unshift(0);
-  }
-
-  return this._createEncoderBuffer(Buffer.from(out));
-};
-
-DERNode.prototype._encodeBool = function encodeBool(value) {
-  return this._createEncoderBuffer(value ? 0xff : 0);
-};
-
-DERNode.prototype._use = function use(entity, obj) {
-  if (typeof entity === 'function')
-    entity = entity(obj);
-  return entity._getEncoder('der').tree;
-};
-
-DERNode.prototype._skipDefault = function skipDefault(dataBuffer, reporter, parent) {
-  const state = this._baseState;
-  let i;
-  if (state['default'] === null)
-    return false;
-
-  const data = dataBuffer.join();
-  if (state.defaultBuffer === undefined)
-    state.defaultBuffer = this._encodeValue(state['default'], reporter, parent).join();
-
-  if (data.length !== state.defaultBuffer.length)
-    return false;
-
-  for (i=0; i < data.length; i++)
-    if (data[i] !== state.defaultBuffer[i])
-      return false;
-
-  return true;
-};
-
-// Utility methods
-
-function encodeTag(tag, primitive, cls, reporter) {
-  let res;
-
-  if (tag === 'seqof')
-    tag = 'seq';
-  else if (tag === 'setof')
-    tag = 'set';
-
-  if (der.tagByName.hasOwnProperty(tag))
-    res = der.tagByName[tag];
-  else if (typeof tag === 'number' && (tag | 0) === tag)
-    res = tag;
-  else
-    return reporter.error('Unknown tag: ' + tag);
-
-  if (res >= 0x1f)
-    return reporter.error('Multi-octet tag encoding unsupported');
-
-  if (!primitive)
-    res |= 0x20;
-
-  res |= (der.tagClassByName[cls || 'universal'] << 6);
-
-  return res;
-}

dist/node_modules/asn1.js/lib/asn1/encoders/index.js

@@ -1,6 +0,0 @@
-'use strict';
-
-const encoders = exports;
-
-encoders.der = require('./der');
-encoders.pem = require('./pem');

dist/node_modules/asn1.js/lib/asn1/encoders/pem.js

@@ -1,23 +0,0 @@
-'use strict';
-
-const inherits = require('inherits');
-
-const DEREncoder = require('./der');
-
-function PEMEncoder(entity) {
-  DEREncoder.call(this, entity);
-  this.enc = 'pem';
-}
-inherits(PEMEncoder, DEREncoder);
-module.exports = PEMEncoder;
-
-PEMEncoder.prototype.encode = function encode(data, options) {
-  const buf = DEREncoder.prototype.encode.call(this, data);
-
-  const p = buf.toString('base64');
-  const out = [ '-----BEGIN ' + options.label + '-----' ];
-  for (let i = 0; i < p.length; i += 64)
-    out.push(p.slice(i, i + 64));
-  out.push('-----END ' + options.label + '-----');
-  return out.join('\n');
-};

dist/node_modules/asn1.js/package.json

@@ -1,63 +0,0 @@
-{
-  "_from": "asn1.js@^5.0.0",
-  "_id": "asn1.js@5.4.1",
-  "_inBundle": false,
-  "_integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==",
-  "_location": "/asn1.js",
-  "_phantomChildren": {},
-  "_requested": {
-    "type": "range",
-    "registry": true,
-    "raw": "asn1.js@^5.0.0",
-    "name": "asn1.js",
-    "escapedName": "asn1.js",
-    "rawSpec": "^5.0.0",
-    "saveSpec": null,
-    "fetchSpec": "^5.0.0"
-  },
-  "_requiredBy": [
-    "/openpgp"
-  ],
-  "_resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz",
-  "_shasum": "11a980b84ebb91781ce35b0fdc2ee294e3783f07",
-  "_spec": "asn1.js@^5.0.0",
-  "_where": "/Users/thomashu/src/github/codecov/codecov-action/node_modules/openpgp",
-  "author": {
-    "name": "Fedor Indutny"
-  },
-  "bugs": {
-    "url": "https://github.com/indutny/asn1.js/issues"
-  },
-  "bundleDependencies": false,
-  "dependencies": {
-    "bn.js": "^4.0.0",
-    "inherits": "^2.0.1",
-    "minimalistic-assert": "^1.0.0",
-    "safer-buffer": "^2.1.0"
-  },
-  "deprecated": false,
-  "description": "ASN.1 encoder and decoder",
-  "devDependencies": {
-    "eslint": "^4.10.0",
-    "mocha": "^7.0.0"
-  },
-  "homepage": "https://github.com/indutny/asn1.js",
-  "keywords": [
-    "asn.1",
-    "der"
-  ],
-  "license": "MIT",
-  "main": "lib/asn1.js",
-  "name": "asn1.js",
-  "repository": {
-    "type": "git",
-    "url": "git+ssh://git@github.com/indutny/asn1.js.git"
-  },
-  "scripts": {
-    "lint": "eslint --fix lib/*.js lib/**/*.js lib/**/**/*.js && npm run lint-2560 && npm run lint-5280",
-    "lint-2560": "eslint --fix rfc/2560/*.js rfc/2560/test/*.js",
-    "lint-5280": "eslint --fix rfc/5280/*.js rfc/5280/test/*.js",
-    "test": "mocha --reporter spec test/*-test.js && cd rfc/2560 && npm i && npm test && cd ../../rfc/5280 && npm i && npm test && cd ../../ && npm run lint"
-  },
-  "version": "5.4.1"
-}

dist/node_modules/bn.js/LICENSE

@@ -1,19 +0,0 @@
-Copyright Fedor Indutny, 2015.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

dist/node_modules/bn.js/README.md

@@ -1,200 +0,0 @@
-# <img src="./logo.png" alt="bn.js" width="160" height="160" />
-
-> BigNum in pure javascript
-
-[![Build Status](https://secure.travis-ci.org/indutny/bn.js.png)](http://travis-ci.org/indutny/bn.js)
-
-## Install
-`npm install --save bn.js`
-
-## Usage
-
-```js
-const BN = require('bn.js');
-
-var a = new BN('dead', 16);
-var b = new BN('101010', 2);
-
-var res = a.add(b);
-console.log(res.toString(10));  // 57047
-```
-
-**Note**: decimals are not supported in this library.
-
-## Notation
-
-### Prefixes
-
-There are several prefixes to instructions that affect the way the work. Here
-is the list of them in the order of appearance in the function name:
-
-* `i` - perform operation in-place, storing the result in the host object (on
-  which the method was invoked). Might be used to avoid number allocation costs
-* `u` - unsigned, ignore the sign of operands when performing operation, or
-  always return positive value. Second case applies to reduction operations
-  like `mod()`. In such cases if the result will be negative - modulo will be
-  added to the result to make it positive
-
-### Postfixes
-
-The only available postfix at the moment is:
-
-* `n` - which means that the argument of the function must be a plain JavaScript
-  Number. Decimals are not supported.
-
-### Examples
-
-* `a.iadd(b)` - perform addition on `a` and `b`, storing the result in `a`
-* `a.umod(b)` - reduce `a` modulo `b`, returning positive value
-* `a.iushln(13)` - shift bits of `a` left by 13
-
-## Instructions
-
-Prefixes/postfixes are put in parens at the of the line. `endian` - could be
-either `le` (little-endian) or `be` (big-endian).
-
-### Utilities
-
-* `a.clone()` - clone number
-* `a.toString(base, length)` - convert to base-string and pad with zeroes
-* `a.toNumber()` - convert to Javascript Number (limited to 53 bits)
-* `a.toJSON()` - convert to JSON compatible hex string (alias of `toString(16)`)
-* `a.toArray(endian, length)` - convert to byte `Array`, and optionally zero
-  pad to length, throwing if already exceeding
-* `a.toArrayLike(type, endian, length)` - convert to an instance of `type`,
-  which must behave like an `Array`
-* `a.toBuffer(endian, length)` - convert to Node.js Buffer (if available). For
-  compatibility with browserify and similar tools, use this instead:
-  `a.toArrayLike(Buffer, endian, length)`
-* `a.bitLength()` - get number of bits occupied
-* `a.zeroBits()` - return number of less-significant consequent zero bits
-  (example: `1010000` has 4 zero bits)
-* `a.byteLength()` - return number of bytes occupied
-* `a.isNeg()` - true if the number is negative
-* `a.isEven()` - no comments
-* `a.isOdd()` - no comments
-* `a.isZero()` - no comments
-* `a.cmp(b)` - compare numbers and return `-1` (a `<` b), `0` (a `==` b), or `1` (a `>` b)
-  depending on the comparison result (`ucmp`, `cmpn`)
-* `a.lt(b)` - `a` less than `b` (`n`)
-* `a.lte(b)` - `a` less than or equals `b` (`n`)
-* `a.gt(b)` - `a` greater than `b` (`n`)
-* `a.gte(b)` - `a` greater than or equals `b` (`n`)
-* `a.eq(b)` - `a` equals `b` (`n`)
-* `a.toTwos(width)` - convert to two's complement representation, where `width` is bit width
-* `a.fromTwos(width)` - convert from two's complement representation, where `width` is the bit width
-* `BN.isBN(object)` - returns true if the supplied `object` is a BN.js instance
-
-### Arithmetics
-
-* `a.neg()` - negate sign (`i`)
-* `a.abs()` - absolute value (`i`)
-* `a.add(b)` - addition (`i`, `n`, `in`)
-* `a.sub(b)` - subtraction (`i`, `n`, `in`)
-* `a.mul(b)` - multiply (`i`, `n`, `in`)
-* `a.sqr()` - square (`i`)
-* `a.pow(b)` - raise `a` to the power of `b`
-* `a.div(b)` - divide (`divn`, `idivn`)
-* `a.mod(b)` - reduct (`u`, `n`) (but no `umodn`)
-* `a.divRound(b)` - rounded division
-
-### Bit operations
-
-* `a.or(b)` - or (`i`, `u`, `iu`)
-* `a.and(b)` - and (`i`, `u`, `iu`, `andln`) (NOTE: `andln` is going to be replaced
-  with `andn` in future)
-* `a.xor(b)` - xor (`i`, `u`, `iu`)
-* `a.setn(b)` - set specified bit to `1`
-* `a.shln(b)` - shift left (`i`, `u`, `iu`)
-* `a.shrn(b)` - shift right (`i`, `u`, `iu`)
-* `a.testn(b)` - test if specified bit is set
-* `a.maskn(b)` - clear bits with indexes higher or equal to `b` (`i`)
-* `a.bincn(b)` - add `1 << b` to the number
-* `a.notn(w)` - not (for the width specified by `w`) (`i`)
-
-### Reduction
-
-* `a.gcd(b)` - GCD
-* `a.egcd(b)` - Extended GCD results (`{ a: ..., b: ..., gcd: ... }`)
-* `a.invm(b)` - inverse `a` modulo `b`
-
-## Fast reduction
-
-When doing lots of reductions using the same modulo, it might be beneficial to
-use some tricks: like [Montgomery multiplication][0], or using special algorithm
-for [Mersenne Prime][1].
-
-### Reduction context
-
-To enable this tricks one should create a reduction context:
-
-```js
-var red = BN.red(num);
-```
-where `num` is just a BN instance.
-
-Or:
-
-```js
-var red = BN.red(primeName);
-```
-
-Where `primeName` is either of these [Mersenne Primes][1]:
-
-* `'k256'`
-* `'p224'`
-* `'p192'`
-* `'p25519'`
-
-Or:
-
-```js
-var red = BN.mont(num);
-```
-
-To reduce numbers with [Montgomery trick][0]. `.mont()` is generally faster than
-`.red(num)`, but slower than `BN.red(primeName)`.
-
-### Converting numbers
-
-Before performing anything in reduction context - numbers should be converted
-to it. Usually, this means that one should:
-
-* Convert inputs to reducted ones
-* Operate on them in reduction context
-* Convert outputs back from the reduction context
-
-Here is how one may convert numbers to `red`:
-
-```js
-var redA = a.toRed(red);
-```
-Where `red` is a reduction context created using instructions above
-
-Here is how to convert them back:
-
-```js
-var a = redA.fromRed();
-```
-
-### Red instructions
-
-Most of the instructions from the very start of this readme have their
-counterparts in red context:
-
-* `a.redAdd(b)`, `a.redIAdd(b)`
-* `a.redSub(b)`, `a.redISub(b)`
-* `a.redShl(num)`
-* `a.redMul(b)`, `a.redIMul(b)`
-* `a.redSqr()`, `a.redISqr()`
-* `a.redSqrt()` - square root modulo reduction context's prime
-* `a.redInvm()` - modular inverse of the number
-* `a.redNeg()`
-* `a.redPow(b)` - modular exponentiation
-
-## LICENSE
-
-This software is licensed under the MIT License.
-
-[0]: https://en.wikipedia.org/wiki/Montgomery_modular_multiplication
-[1]: https://en.wikipedia.org/wiki/Mersenne_prime

dist/node_modules/bn.js/package.json

@@ -1,64 +0,0 @@
-{
-  "_from": "bn.js@^4.0.0",
-  "_id": "bn.js@4.12.0",
-  "_inBundle": false,
-  "_integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==",
-  "_location": "/bn.js",
-  "_phantomChildren": {},
-  "_requested": {
-    "type": "range",
-    "registry": true,
-    "raw": "bn.js@^4.0.0",
-    "name": "bn.js",
-    "escapedName": "bn.js",
-    "rawSpec": "^4.0.0",
-    "saveSpec": null,
-    "fetchSpec": "^4.0.0"
-  },
-  "_requiredBy": [
-    "/asn1.js"
-  ],
-  "_resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz",
-  "_shasum": "775b3f278efbb9718eec7361f483fb36fbbfea88",
-  "_spec": "bn.js@^4.0.0",
-  "_where": "/Users/thomashu/src/github/codecov/codecov-action/node_modules/asn1.js",
-  "author": {
-    "name": "Fedor Indutny",
-    "email": "fedor@indutny.com"
-  },
-  "browser": {
-    "buffer": false
-  },
-  "bugs": {
-    "url": "https://github.com/indutny/bn.js/issues"
-  },
-  "bundleDependencies": false,
-  "deprecated": false,
-  "description": "Big number implementation in pure javascript",
-  "devDependencies": {
-    "istanbul": "^0.3.5",
-    "mocha": "^2.1.0",
-    "semistandard": "^7.0.4"
-  },
-  "homepage": "https://github.com/indutny/bn.js",
-  "keywords": [
-    "BN",
-    "BigNum",
-    "Big number",
-    "Modulo",
-    "Montgomery"
-  ],
-  "license": "MIT",
-  "main": "lib/bn.js",
-  "name": "bn.js",
-  "repository": {
-    "type": "git",
-    "url": "git+ssh://git@github.com/indutny/bn.js.git"
-  },
-  "scripts": {
-    "lint": "semistandard",
-    "test": "npm run lint && npm run unit",
-    "unit": "mocha --reporter=spec test/*-test.js"
-  },
-  "version": "4.12.0"
-}

dist/node_modules/inherits/LICENSE

@@ -1,16 +0,0 @@
-The ISC License
-
-Copyright (c) Isaac Z. Schlueter
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-

dist/node_modules/inherits/README.md

@@ -1,42 +0,0 @@
-Browser-friendly inheritance fully compatible with standard node.js
-[inherits](http://nodejs.org/api/util.html#util_util_inherits_constructor_superconstructor).
-
-This package exports standard `inherits` from node.js `util` module in
-node environment, but also provides alternative browser-friendly
-implementation through [browser
-field](https://gist.github.com/shtylman/4339901). Alternative
-implementation is a literal copy of standard one located in standalone
-module to avoid requiring of `util`. It also has a shim for old
-browsers with no `Object.create` support.
-
-While keeping you sure you are using standard `inherits`
-implementation in node.js environment, it allows bundlers such as
-[browserify](https://github.com/substack/node-browserify) to not
-include full `util` package to your client code if all you need is
-just `inherits` function. It worth, because browser shim for `util`
-package is large and `inherits` is often the single function you need
-from it.
-
-It's recommended to use this package instead of
-`require('util').inherits` for any code that has chances to be used
-not only in node.js but in browser too.
-
-## usage
-
-```js
-var inherits = require('inherits');
-// then use exactly as the standard one
-```
-
-## note on version ~1.0
-
-Version ~1.0 had completely different motivation and is not compatible
-neither with 2.0 nor with standard node.js `inherits`.
-
-If you are using version ~1.0 and planning to switch to ~2.0, be
-careful:
-
-* new version uses `super_` instead of `super` for referencing
-  superclass
-* new version overwrites current prototype while old one preserves any
-  existing fields on it

dist/node_modules/inherits/inherits.js

@@ -1,9 +0,0 @@
-try {
-  var util = require('util');
-  /* istanbul ignore next */
-  if (typeof util.inherits !== 'function') throw '';
-  module.exports = util.inherits;
-} catch (e) {
-  /* istanbul ignore next */
-  module.exports = require('./inherits_browser.js');
-}

dist/node_modules/inherits/inherits_browser.js

@@ -1,27 +0,0 @@
-if (typeof Object.create === 'function') {
-  // implementation from standard node.js 'util' module
-  module.exports = function inherits(ctor, superCtor) {
-    if (superCtor) {
-      ctor.super_ = superCtor
-      ctor.prototype = Object.create(superCtor.prototype, {
-        constructor: {
-          value: ctor,
-          enumerable: false,
-          writable: true,
-          configurable: true
-        }
-      })
-    }
-  };
-} else {
-  // old school shim for old browsers
-  module.exports = function inherits(ctor, superCtor) {
-    if (superCtor) {
-      ctor.super_ = superCtor
-      var TempCtor = function () {}
-      TempCtor.prototype = superCtor.prototype
-      ctor.prototype = new TempCtor()
-      ctor.prototype.constructor = ctor
-    }
-  }
-}

dist/node_modules/inherits/package.json

@@ -1,65 +0,0 @@
-{
-  "_args": [
-    [
-      "inherits@2.0.4",
-      "/Users/thomashu/src/github/codecov/codecov-action"
-    ]
-  ],
-  "_development": true,
-  "_from": "inherits@2.0.4",
-  "_id": "inherits@2.0.4",
-  "_inBundle": false,
-  "_integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
-  "_location": "/inherits",
-  "_phantomChildren": {},
-  "_requested": {
-    "type": "version",
-    "registry": true,
-    "raw": "inherits@2.0.4",
-    "name": "inherits",
-    "escapedName": "inherits",
-    "rawSpec": "2.0.4",
-    "saveSpec": null,
-    "fetchSpec": "2.0.4"
-  },
-  "_requiredBy": [
-    "/glob"
-  ],
-  "_resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
-  "_spec": "2.0.4",
-  "_where": "/Users/thomashu/src/github/codecov/codecov-action",
-  "browser": "./inherits_browser.js",
-  "bugs": {
-    "url": "https://github.com/isaacs/inherits/issues"
-  },
-  "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()",
-  "devDependencies": {
-    "tap": "^14.2.4"
-  },
-  "files": [
-    "inherits.js",
-    "inherits_browser.js"
-  ],
-  "homepage": "https://github.com/isaacs/inherits#readme",
-  "keywords": [
-    "inheritance",
-    "class",
-    "klass",
-    "oop",
-    "object-oriented",
-    "inherits",
-    "browser",
-    "browserify"
-  ],
-  "license": "ISC",
-  "main": "./inherits.js",
-  "name": "inherits",
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/isaacs/inherits.git"
-  },
-  "scripts": {
-    "test": "tap"
-  },
-  "version": "2.0.4"
-}

dist/node_modules/minimalistic-assert/LICENSE

@@ -1,13 +0,0 @@
-Copyright 2015 Calvin Metcalf
-
-Permission to use, copy, modify, and/or distribute this software for any purpose
-with or without fee is hereby granted, provided that the above copyright notice
-and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.

dist/node_modules/minimalistic-assert/index.js

@@ -1,11 +0,0 @@
-module.exports = assert;
-
-function assert(val, msg) {
-  if (!val)
-    throw new Error(msg || 'Assertion failed');
-}
-
-assert.equal = function assertEqual(l, r, msg) {
-  if (l != r)
-    throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r));
-};

dist/node_modules/minimalistic-assert/package.json

@@ -1,44 +0,0 @@
-{
-  "_from": "minimalistic-assert@^1.0.0",
-  "_id": "minimalistic-assert@1.0.1",
-  "_inBundle": false,
-  "_integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==",
-  "_location": "/minimalistic-assert",
-  "_phantomChildren": {},
-  "_requested": {
-    "type": "range",
-    "registry": true,
-    "raw": "minimalistic-assert@^1.0.0",
-    "name": "minimalistic-assert",
-    "escapedName": "minimalistic-assert",
-    "rawSpec": "^1.0.0",
-    "saveSpec": null,
-    "fetchSpec": "^1.0.0"
-  },
-  "_requiredBy": [
-    "/asn1.js"
-  ],
-  "_resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
-  "_shasum": "2e194de044626d4a10e7f7fbc00ce73e83e4d5c7",
-  "_spec": "minimalistic-assert@^1.0.0",
-  "_where": "/Users/thomashu/src/github/codecov/codecov-action/node_modules/asn1.js",
-  "author": "",
-  "bugs": {
-    "url": "https://github.com/calvinmetcalf/minimalistic-assert/issues"
-  },
-  "bundleDependencies": false,
-  "deprecated": false,
-  "description": "minimalistic-assert ===",
-  "homepage": "https://github.com/calvinmetcalf/minimalistic-assert",
-  "license": "ISC",
-  "main": "index.js",
-  "name": "minimalistic-assert",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/calvinmetcalf/minimalistic-assert.git"
-  },
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
-  "version": "1.0.1"
-}

dist/node_modules/minimalistic-assert/readme.md

@@ -1,4 +0,0 @@
-minimalistic-assert
-===
-
-very minimalistic assert module.

dist/node_modules/safer-buffer/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2018 Nikita Skovoroda <chalkerx@gmail.com>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

dist/node_modules/safer-buffer/Porting-Buffer.md

@@ -1,268 +0,0 @@
-# Porting to the Buffer.from/Buffer.alloc API
-
-<a id="overview"></a>
-## Overview
-
-- [Variant 1: Drop support for Node.js ≤ 4.4.x and 5.0.0 — 5.9.x.](#variant-1) (*recommended*)
-- [Variant 2: Use a polyfill](#variant-2)
-- [Variant 3: manual detection, with safeguards](#variant-3)
-
-### Finding problematic bits of code using grep
-
-Just run `grep -nrE '[^a-zA-Z](Slow)?Buffer\s*\(' --exclude-dir node_modules`.
-
-It will find all the potentially unsafe places in your own code (with some considerably unlikely
-exceptions).
-
-### Finding problematic bits of code using Node.js 8
-
-If you’re using Node.js ≥ 8.0.0 (which is recommended), Node.js exposes multiple options that help with finding the relevant pieces of code:
-
-- `--trace-warnings` will make Node.js show a stack trace for this warning and other warnings that are printed by Node.js.
-- `--trace-deprecation` does the same thing, but only for deprecation warnings.
-- `--pending-deprecation` will show more types of deprecation warnings. In particular, it will show the `Buffer()` deprecation warning, even on Node.js 8.
-
-You can set these flags using an environment variable:
-
-```console
-$ export NODE_OPTIONS='--trace-warnings --pending-deprecation'
-$ cat example.js
-'use strict';
-const foo = new Buffer('foo');
-$ node example.js
-(node:7147) [DEP0005] DeprecationWarning: The Buffer() and new Buffer() constructors are not recommended for use due to security and usability concerns. Please use the new Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() construction methods instead.
-    at showFlaggedDeprecation (buffer.js:127:13)
-    at new Buffer (buffer.js:148:3)
-    at Object.<anonymous> (/path/to/example.js:2:13)
-    [... more stack trace lines ...]
-```
-
-### Finding problematic bits of code using linters
-
-Eslint rules [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
-or
-[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
-also find calls to deprecated `Buffer()` API. Those rules are included in some pre-sets.
-
-There is a drawback, though, that it doesn't always
-[work correctly](https://github.com/chalker/safer-buffer#why-not-safe-buffer) when `Buffer` is
-overriden e.g. with a polyfill, so recommended is a combination of this and some other method
-described above.
-
-<a id="variant-1"></a>
-## Variant 1: Drop support for Node.js ≤ 4.4.x and 5.0.0 — 5.9.x.
-
-This is the recommended solution nowadays that would imply only minimal overhead.
-
-The Node.js 5.x release line has been unsupported since July 2016, and the Node.js 4.x release line reaches its End of Life in April 2018 (→ [Schedule](https://github.com/nodejs/Release#release-schedule)). This means that these versions of Node.js will *not* receive any updates, even in case of security issues, so using these release lines should be avoided, if at all possible.
-
-What you would do in this case is to convert all `new Buffer()` or `Buffer()` calls to use `Buffer.alloc()` or `Buffer.from()`, in the following way:
-
-- For `new Buffer(number)`, replace it with `Buffer.alloc(number)`.
-- For `new Buffer(string)` (or `new Buffer(string, encoding)`), replace it with `Buffer.from(string)` (or `Buffer.from(string, encoding)`).
-- For all other combinations of arguments (these are much rarer), also replace `new Buffer(...arguments)` with `Buffer.from(...arguments)`.
-
-Note that `Buffer.alloc()` is also _faster_ on the current Node.js versions than
-`new Buffer(size).fill(0)`, which is what you would otherwise need to ensure zero-filling.
-
-Enabling eslint rule [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
-or
-[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
-is recommended to avoid accidential unsafe Buffer API usage.
-
-There is also a [JSCodeshift codemod](https://github.com/joyeecheung/node-dep-codemod#dep005)
-for automatically migrating Buffer constructors to `Buffer.alloc()` or `Buffer.from()`.
-Note that it currently only works with cases where the arguments are literals or where the
-constructor is invoked with two arguments.
-
-_If you currently support those older Node.js versions and dropping them would be a semver-major change
-for you, or if you support older branches of your packages, consider using [Variant 2](#variant-2)
-or [Variant 3](#variant-3) on older branches, so people using those older branches will also receive
-the fix. That way, you will eradicate potential issues caused by unguarded Buffer API usage and
-your users will not observe a runtime deprecation warning when running your code on Node.js 10._
-
-<a id="variant-2"></a>
-## Variant 2: Use a polyfill
-
-Utilize [safer-buffer](https://www.npmjs.com/package/safer-buffer) as a polyfill to support older
-Node.js versions.
-
-You would take exacly the same steps as in [Variant 1](#variant-1), but with a polyfill
-`const Buffer = require('safer-buffer').Buffer` in all files where you use the new `Buffer` api.
-
-Make sure that you do not use old `new Buffer` API — in any files where the line above is added,
-using old `new Buffer()` API will _throw_. It will be easy to notice that in CI, though.
-
-Alternatively, you could use [buffer-from](https://www.npmjs.com/package/buffer-from) and/or
-[buffer-alloc](https://www.npmjs.com/package/buffer-alloc) [ponyfills](https://ponyfill.com/) —
-those are great, the only downsides being 4 deps in the tree and slightly more code changes to
-migrate off them (as you would be using e.g. `Buffer.from` under a different name). If you need only
-`Buffer.from` polyfilled — `buffer-from` alone which comes with no extra dependencies.
-
-_Alternatively, you could use [safe-buffer](https://www.npmjs.com/package/safe-buffer) — it also
-provides a polyfill, but takes a different approach which has
-[it's drawbacks](https://github.com/chalker/safer-buffer#why-not-safe-buffer). It will allow you
-to also use the older `new Buffer()` API in your code, though — but that's arguably a benefit, as
-it is problematic, can cause issues in your code, and will start emitting runtime deprecation
-warnings starting with Node.js 10._
-
-Note that in either case, it is important that you also remove all calls to the old Buffer
-API manually — just throwing in `safe-buffer` doesn't fix the problem by itself, it just provides
-a polyfill for the new API. I have seen people doing that mistake.
-
-Enabling eslint rule [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
-or
-[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
-is recommended.
-
-_Don't forget to drop the polyfill usage once you drop support for Node.js < 4.5.0._
-
-<a id="variant-3"></a>
-## Variant 3 — manual detection, with safeguards
-
-This is useful if you create Buffer instances in only a few places (e.g. one), or you have your own
-wrapper around them.
-
-### Buffer(0)
-
-This special case for creating empty buffers can be safely replaced with `Buffer.concat([])`, which
-returns the same result all the way down to Node.js 0.8.x.
-
-### Buffer(notNumber)
-
-Before:
-
-```js
-var buf = new Buffer(notNumber, encoding);
-```
-
-After:
-
-```js
-var buf;
-if (Buffer.from && Buffer.from !== Uint8Array.from) {
-  buf = Buffer.from(notNumber, encoding);
-} else {
-  if (typeof notNumber === 'number')
-    throw new Error('The "size" argument must be of type number.');
-  buf = new Buffer(notNumber, encoding);
-}
-```
-
-`encoding` is optional.
-
-Note that the `typeof notNumber` before `new Buffer` is required (for cases when `notNumber` argument is not
-hard-coded) and _is not caused by the deprecation of Buffer constructor_ — it's exactly _why_ the
-Buffer constructor is deprecated. Ecosystem packages lacking this type-check caused numereous
-security issues — situations when unsanitized user input could end up in the `Buffer(arg)` create
-problems ranging from DoS to leaking sensitive information to the attacker from the process memory.
-
-When `notNumber` argument is hardcoded (e.g. literal `"abc"` or `[0,1,2]`), the `typeof` check can
-be omitted.
-
-Also note that using TypeScript does not fix this problem for you — when libs written in
-`TypeScript` are used from JS, or when user input ends up there — it behaves exactly as pure JS, as
-all type checks are translation-time only and are not present in the actual JS code which TS
-compiles to.
-
-### Buffer(number)
-
-For Node.js 0.10.x (and below) support:
-
-```js
-var buf;
-if (Buffer.alloc) {
-  buf = Buffer.alloc(number);
-} else {
-  buf = new Buffer(number);
-  buf.fill(0);
-}
-```
-
-Otherwise (Node.js ≥ 0.12.x):
-
-```js
-const buf = Buffer.alloc ? Buffer.alloc(number) : new Buffer(number).fill(0);
-```
-
-## Regarding Buffer.allocUnsafe
-
-Be extra cautious when using `Buffer.allocUnsafe`:
- * Don't use it if you don't have a good reason to
-   * e.g. you probably won't ever see a performance difference for small buffers, in fact, those
-     might be even faster with `Buffer.alloc()`,
-   * if your code is not in the hot code path — you also probably won't notice a difference,
-   * keep in mind that zero-filling minimizes the potential risks.
- * If you use it, make sure that you never return the buffer in a partially-filled state,
-   * if you are writing to it sequentially — always truncate it to the actuall written length
-
-Errors in handling buffers allocated with `Buffer.allocUnsafe` could result in various issues,
-ranged from undefined behaviour of your code to sensitive data (user input, passwords, certs)
-leaking to the remote attacker.
-
-_Note that the same applies to `new Buffer` usage without zero-filling, depending on the Node.js
-version (and lacking type checks also adds DoS to the list of potential problems)._
-
-<a id="faq"></a>
-## FAQ
-
-<a id="design-flaws"></a>
-### What is wrong with the `Buffer` constructor?
-
-The `Buffer` constructor could be used to create a buffer in many different ways:
-
-- `new Buffer(42)` creates a `Buffer` of 42 bytes. Before Node.js 8, this buffer contained
-  *arbitrary memory* for performance reasons, which could include anything ranging from
-  program source code to passwords and encryption keys.
-- `new Buffer('abc')` creates a `Buffer` that contains the UTF-8-encoded version of
-  the string `'abc'`. A second argument could specify another encoding: For example,
-  `new Buffer(string, 'base64')` could be used to convert a Base64 string into the original
-  sequence of bytes that it represents.
-- There are several other combinations of arguments.
-
-This meant that, in code like `var buffer = new Buffer(foo);`, *it is not possible to tell
-what exactly the contents of the generated buffer are* without knowing the type of `foo`.
-
-Sometimes, the value of `foo` comes from an external source. For example, this function
-could be exposed as a service on a web server, converting a UTF-8 string into its Base64 form:
-
-```
-function stringToBase64(req, res) {
-  // The request body should have the format of `{ string: 'foobar' }`
-  const rawBytes = new Buffer(req.body.string)
-  const encoded = rawBytes.toString('base64')
-  res.end({ encoded: encoded })
-}
-```
-
-Note that this code does *not* validate the type of `req.body.string`:
-
-- `req.body.string` is expected to be a string. If this is the case, all goes well.
-- `req.body.string` is controlled by the client that sends the request.
-- If `req.body.string` is the *number* `50`, the `rawBytes` would be 50 bytes:
-  - Before Node.js 8, the content would be uninitialized
-  - After Node.js 8, the content would be `50` bytes with the value `0`
-
-Because of the missing type check, an attacker could intentionally send a number
-as part of the request. Using this, they can either:
-
-- Read uninitialized memory. This **will** leak passwords, encryption keys and other
-  kinds of sensitive information. (Information leak)
-- Force the program to allocate a large amount of memory. For example, when specifying
-  `500000000` as the input value, each request will allocate 500MB of memory.
-  This can be used to either exhaust the memory available of a program completely
-  and make it crash, or slow it down significantly. (Denial of Service)
-
-Both of these scenarios are considered serious security issues in a real-world
-web server context.
-
-when using `Buffer.from(req.body.string)` instead, passing a number will always
-throw an exception instead, giving a controlled behaviour that can always be
-handled by the program.
-
-<a id="ecosystem-usage"></a>
-### The `Buffer()` constructor has been deprecated for a while. Is this really an issue?
-
-Surveys of code in the `npm` ecosystem have shown that the `Buffer()` constructor is still
-widely used. This includes new code, and overall usage of such code has actually been
-*increasing*.

dist/node_modules/safer-buffer/Readme.md

@@ -1,156 +0,0 @@
-# safer-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![javascript style guide][standard-image]][standard-url] [![Security Responsible Disclosure][secuirty-image]][secuirty-url]
-
-[travis-image]: https://travis-ci.org/ChALkeR/safer-buffer.svg?branch=master
-[travis-url]: https://travis-ci.org/ChALkeR/safer-buffer
-[npm-image]: https://img.shields.io/npm/v/safer-buffer.svg
-[npm-url]: https://npmjs.org/package/safer-buffer
-[standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg
-[standard-url]: https://standardjs.com
-[secuirty-image]: https://img.shields.io/badge/Security-Responsible%20Disclosure-green.svg
-[secuirty-url]: https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md
-
-Modern Buffer API polyfill without footguns, working on Node.js from 0.8 to current.
-
-## How to use?
-
-First, port all `Buffer()` and `new Buffer()` calls to `Buffer.alloc()` and `Buffer.from()` API.
-
-Then, to achieve compatibility with outdated Node.js versions (`<4.5.0` and 5.x `<5.9.0`), use
-`const Buffer = require('safer-buffer').Buffer` in all files where you make calls to the new
-Buffer API. _Use `var` instead of `const` if you need that for your Node.js version range support._
-
-Also, see the
-[porting Buffer](https://github.com/ChALkeR/safer-buffer/blob/master/Porting-Buffer.md) guide.
-
-## Do I need it?
-
-Hopefully, not — dropping support for outdated Node.js versions should be fine nowdays, and that
-is the recommended path forward. You _do_ need to port to the `Buffer.alloc()` and `Buffer.from()`
-though.
-
-See the [porting guide](https://github.com/ChALkeR/safer-buffer/blob/master/Porting-Buffer.md)
-for a better description.
-
-## Why not [safe-buffer](https://npmjs.com/safe-buffer)?
-
-_In short: while `safe-buffer` serves as a polyfill for the new API, it allows old API usage and
-itself contains footguns._
-
-`safe-buffer` could be used safely to get the new API while still keeping support for older
-Node.js versions (like this module), but while analyzing ecosystem usage of the old Buffer API
-I found out that `safe-buffer` is itself causing problems in some cases.
-
-For example, consider the following snippet:
-
-```console
-$ cat example.unsafe.js
-console.log(Buffer(20))
-$ ./node-v6.13.0-linux-x64/bin/node example.unsafe.js
-<Buffer 0a 00 00 00 00 00 00 00 28 13 de 02 00 00 00 00 05 00 00 00>
-$ standard example.unsafe.js
-standard: Use JavaScript Standard Style (https://standardjs.com)
-  /home/chalker/repo/safer-buffer/example.unsafe.js:2:13: 'Buffer()' was deprecated since v6. Use 'Buffer.alloc()' or 'Buffer.from()' (use 'https://www.npmjs.com/package/safe-buffer' for '<4.5.0') instead.
-```
-
-This is allocates and writes to console an uninitialized chunk of memory.
-[standard](https://www.npmjs.com/package/standard) linter (among others) catch that and warn people
-to avoid using unsafe API.
-
-Let's now throw in `safe-buffer`!
-
-```console
-$ cat example.safe-buffer.js
-const Buffer = require('safe-buffer').Buffer
-console.log(Buffer(20))
-$ standard example.safe-buffer.js
-$ ./node-v6.13.0-linux-x64/bin/node example.safe-buffer.js
-<Buffer 08 00 00 00 00 00 00 00 28 58 01 82 fe 7f 00 00 00 00 00 00>
-```
-
-See the problem? Adding in `safe-buffer` _magically removes the lint warning_, but the behavior
-remains identiсal to what we had before, and when launched on Node.js 6.x LTS — this dumps out
-chunks of uninitialized memory.
-_And this code will still emit runtime warnings on Node.js 10.x and above._
-
-That was done by design. I first considered changing `safe-buffer`, prohibiting old API usage or
-emitting warnings on it, but that significantly diverges from `safe-buffer` design. After some
-discussion, it was decided to move my approach into a separate package, and _this is that separate
-package_.
-
-This footgun is not imaginary — I observed top-downloaded packages doing that kind of thing,
-«fixing» the lint warning by blindly including `safe-buffer` without any actual changes.
-
-Also in some cases, even if the API _was_ migrated to use of safe Buffer API — a random pull request
-can bring unsafe Buffer API usage back to the codebase by adding new calls — and that could go
-unnoticed even if you have a linter prohibiting that (becase of the reason stated above), and even
-pass CI. _I also observed that being done in popular packages._
-
-Some examples:
- * [webdriverio](https://github.com/webdriverio/webdriverio/commit/05cbd3167c12e4930f09ef7cf93b127ba4effae4#diff-124380949022817b90b622871837d56cR31)
-   (a module with 548 759 downloads/month),
- * [websocket-stream](https://github.com/maxogden/websocket-stream/commit/c9312bd24d08271687d76da0fe3c83493871cf61)
-   (218 288 d/m, fix in [maxogden/websocket-stream#142](https://github.com/maxogden/websocket-stream/pull/142)),
- * [node-serialport](https://github.com/node-serialport/node-serialport/commit/e8d9d2b16c664224920ce1c895199b1ce2def48c)
-   (113 138 d/m, fix in [node-serialport/node-serialport#1510](https://github.com/node-serialport/node-serialport/pull/1510)),
- * [karma](https://github.com/karma-runner/karma/commit/3d94b8cf18c695104ca195334dc75ff054c74eec)
-   (3 973 193 d/m, fix in [karma-runner/karma#2947](https://github.com/karma-runner/karma/pull/2947)),
- * [spdy-transport](https://github.com/spdy-http2/spdy-transport/commit/5375ac33f4a62a4f65bcfc2827447d42a5dbe8b1)
-   (5 970 727 d/m, fix in [spdy-http2/spdy-transport#53](https://github.com/spdy-http2/spdy-transport/pull/53)).
- * And there are a lot more over the ecosystem.
-
-I filed a PR at
-[mysticatea/eslint-plugin-node#110](https://github.com/mysticatea/eslint-plugin-node/pull/110) to
-partially fix that (for cases when that lint rule is used), but it is a semver-major change for
-linter rules and presets, so it would take significant time for that to reach actual setups.
-_It also hasn't been released yet (2018-03-20)._
-
-Also, `safer-buffer` discourages the usage of `.allocUnsafe()`, which is often done by a mistake.
-It still supports it with an explicit concern barier, by placing it under
-`require('safer-buffer/dangereous')`.
-
-## But isn't throwing bad?
-
-Not really. It's an error that could be noticed and fixed early, instead of causing havoc later like
-unguarded `new Buffer()` calls that end up receiving user input can do.
-
-This package affects only the files where `var Buffer = require('safer-buffer').Buffer` was done, so
-it is really simple to keep track of things and make sure that you don't mix old API usage with that.
-Also, CI should hint anything that you might have missed.
-
-New commits, if tested, won't land new usage of unsafe Buffer API this way.
-_Node.js 10.x also deals with that by printing a runtime depecation warning._
-
-### Would it affect third-party modules?
-
-No, unless you explicitly do an awful thing like monkey-patching or overriding the built-in `Buffer`.
-Don't do that.
-
-### But I don't want throwing…
-
-That is also fine!
-
-Also, it could be better in some cases when you don't comprehensive enough test coverage.
-
-In that case — just don't override `Buffer` and use
-`var SaferBuffer = require('safer-buffer').Buffer` instead.
-
-That way, everything using `Buffer` natively would still work, but there would be two drawbacks:
-
-* `Buffer.from`/`Buffer.alloc` won't be polyfilled — use `SaferBuffer.from` and
-  `SaferBuffer.alloc` instead.
-* You are still open to accidentally using the insecure deprecated API — use a linter to catch that.
-
-Note that using a linter to catch accidential `Buffer` constructor usage in this case is strongly
-recommended. `Buffer` is not overriden in this usecase, so linters won't get confused.
-
-## «Without footguns»?
-
-Well, it is still possible to do _some_ things with `Buffer` API, e.g. accessing `.buffer` property
-on older versions and duping things from there. You shouldn't do that in your code, probabably.
-
-The intention is to remove the most significant footguns that affect lots of packages in the
-ecosystem, and to do it in the proper way.
-
-Also, this package doesn't protect against security issues affecting some Node.js versions, so for
-usage in your own production code, it is still recommended to update to a Node.js version
-[supported by upstream](https://github.com/nodejs/release#release-schedule).

dist/node_modules/safer-buffer/dangerous.js

@@ -1,58 +0,0 @@
-/* eslint-disable node/no-deprecated-api */
-
-'use strict'
-
-var buffer = require('buffer')
-var Buffer = buffer.Buffer
-var safer = require('./safer.js')
-var Safer = safer.Buffer
-
-var dangerous = {}
-
-var key
-
-for (key in safer) {
-  if (!safer.hasOwnProperty(key)) continue
-  dangerous[key] = safer[key]
-}
-
-var Dangereous = dangerous.Buffer = {}
-
-// Copy Safer API
-for (key in Safer) {
-  if (!Safer.hasOwnProperty(key)) continue
-  Dangereous[key] = Safer[key]
-}
-
-// Copy those missing unsafe methods, if they are present
-for (key in Buffer) {
-  if (!Buffer.hasOwnProperty(key)) continue
-  if (Dangereous.hasOwnProperty(key)) continue
-  Dangereous[key] = Buffer[key]
-}
-
-if (!Dangereous.allocUnsafe) {
-  Dangereous.allocUnsafe = function (size) {
-    if (typeof size !== 'number') {
-      throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
-    }
-    if (size < 0 || size >= 2 * (1 << 30)) {
-      throw new RangeError('The value "' + size + '" is invalid for option "size"')
-    }
-    return Buffer(size)
-  }
-}
-
-if (!Dangereous.allocUnsafeSlow) {
-  Dangereous.allocUnsafeSlow = function (size) {
-    if (typeof size !== 'number') {
-      throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
-    }
-    if (size < 0 || size >= 2 * (1 << 30)) {
-      throw new RangeError('The value "' + size + '" is invalid for option "size"')
-    }
-    return buffer.SlowBuffer(size)
-  }
-}
-
-module.exports = dangerous

dist/node_modules/safer-buffer/package.json

@@ -1,66 +0,0 @@
-{
-  "_args": [
-    [
-      "safer-buffer@2.1.2",
-      "/Users/thomashu/src/github/codecov/codecov-action"
-    ]
-  ],
-  "_from": "safer-buffer@2.1.2",
-  "_id": "safer-buffer@2.1.2",
-  "_inBundle": false,
-  "_integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
-  "_location": "/safer-buffer",
-  "_phantomChildren": {},
-  "_requested": {
-    "type": "version",
-    "registry": true,
-    "raw": "safer-buffer@2.1.2",
-    "name": "safer-buffer",
-    "escapedName": "safer-buffer",
-    "rawSpec": "2.1.2",
-    "saveSpec": null,
-    "fetchSpec": "2.1.2"
-  },
-  "_requiredBy": [
-    "/asn1",
-    "/ecc-jsbn",
-    "/iconv-lite",
-    "/sshpk"
-  ],
-  "_resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
-  "_spec": "2.1.2",
-  "_where": "/Users/thomashu/src/github/codecov/codecov-action",
-  "author": {
-    "name": "Nikita Skovoroda",
-    "email": "chalkerx@gmail.com",
-    "url": "https://github.com/ChALkeR"
-  },
-  "bugs": {
-    "url": "https://github.com/ChALkeR/safer-buffer/issues"
-  },
-  "description": "Modern Buffer API polyfill without footguns",
-  "devDependencies": {
-    "standard": "^11.0.1",
-    "tape": "^4.9.0"
-  },
-  "files": [
-    "Porting-Buffer.md",
-    "Readme.md",
-    "tests.js",
-    "dangerous.js",
-    "safer.js"
-  ],
-  "homepage": "https://github.com/ChALkeR/safer-buffer#readme",
-  "license": "MIT",
-  "main": "safer.js",
-  "name": "safer-buffer",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/ChALkeR/safer-buffer.git"
-  },
-  "scripts": {
-    "browserify-test": "browserify --external tape tests.js > browserify-tests.js && tape browserify-tests.js",
-    "test": "standard && tape tests.js"
-  },
-  "version": "2.1.2"
-}

dist/node_modules/safer-buffer/safer.js

@@ -1,77 +0,0 @@
-/* eslint-disable node/no-deprecated-api */
-
-'use strict'
-
-var buffer = require('buffer')
-var Buffer = buffer.Buffer
-
-var safer = {}
-
-var key
-
-for (key in buffer) {
-  if (!buffer.hasOwnProperty(key)) continue
-  if (key === 'SlowBuffer' || key === 'Buffer') continue
-  safer[key] = buffer[key]
-}
-
-var Safer = safer.Buffer = {}
-for (key in Buffer) {
-  if (!Buffer.hasOwnProperty(key)) continue
-  if (key === 'allocUnsafe' || key === 'allocUnsafeSlow') continue
-  Safer[key] = Buffer[key]
-}
-
-safer.Buffer.prototype = Buffer.prototype
-
-if (!Safer.from || Safer.from === Uint8Array.from) {
-  Safer.from = function (value, encodingOrOffset, length) {
-    if (typeof value === 'number') {
-      throw new TypeError('The "value" argument must not be of type number. Received type ' + typeof value)
-    }
-    if (value && typeof value.length === 'undefined') {
-      throw new TypeError('The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type ' + typeof value)
-    }
-    return Buffer(value, encodingOrOffset, length)
-  }
-}
-
-if (!Safer.alloc) {
-  Safer.alloc = function (size, fill, encoding) {
-    if (typeof size !== 'number') {
-      throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
-    }
-    if (size < 0 || size >= 2 * (1 << 30)) {
-      throw new RangeError('The value "' + size + '" is invalid for option "size"')
-    }
-    var buf = Buffer(size)
-    if (!fill || fill.length === 0) {
-      buf.fill(0)
-    } else if (typeof encoding === 'string') {
-      buf.fill(fill, encoding)
-    } else {
-      buf.fill(fill)
-    }
-    return buf
-  }
-}
-
-if (!safer.kStringMaxLength) {
-  try {
-    safer.kStringMaxLength = process.binding('buffer').kStringMaxLength
-  } catch (e) {
-    // we can't determine kStringMaxLength in environments where process.binding
-    // is unsupported, so let's not set it
-  }
-}
-
-if (!safer.constants) {
-  safer.constants = {
-    MAX_LENGTH: safer.kMaxLength
-  }
-  if (safer.kStringMaxLength) {
-    safer.constants.MAX_STRING_LENGTH = safer.kStringMaxLength
-  }
-}
-
-module.exports = safer

dist/node_modules/safer-buffer/tests.js

@@ -1,406 +0,0 @@
-/* eslint-disable node/no-deprecated-api */
-
-'use strict'
-
-var test = require('tape')
-
-var buffer = require('buffer')
-
-var index = require('./')
-var safer = require('./safer')
-var dangerous = require('./dangerous')
-
-/* Inheritance tests */
-
-test('Default is Safer', function (t) {
-  t.equal(index, safer)
-  t.notEqual(safer, dangerous)
-  t.notEqual(index, dangerous)
-  t.end()
-})
-
-test('Is not a function', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(typeof impl, 'object')
-    t.equal(typeof impl.Buffer, 'object')
-  });
-  [buffer].forEach(function (impl) {
-    t.equal(typeof impl, 'object')
-    t.equal(typeof impl.Buffer, 'function')
-  })
-  t.end()
-})
-
-test('Constructor throws', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.throws(function () { impl.Buffer() })
-    t.throws(function () { impl.Buffer(0) })
-    t.throws(function () { impl.Buffer('a') })
-    t.throws(function () { impl.Buffer('a', 'utf-8') })
-    t.throws(function () { return new impl.Buffer() })
-    t.throws(function () { return new impl.Buffer(0) })
-    t.throws(function () { return new impl.Buffer('a') })
-    t.throws(function () { return new impl.Buffer('a', 'utf-8') })
-  })
-  t.end()
-})
-
-test('Safe methods exist', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(typeof impl.Buffer.alloc, 'function', 'alloc')
-    t.equal(typeof impl.Buffer.from, 'function', 'from')
-  })
-  t.end()
-})
-
-test('Unsafe methods exist only in Dangerous', function (t) {
-  [index, safer].forEach(function (impl) {
-    t.equal(typeof impl.Buffer.allocUnsafe, 'undefined')
-    t.equal(typeof impl.Buffer.allocUnsafeSlow, 'undefined')
-  });
-  [dangerous].forEach(function (impl) {
-    t.equal(typeof impl.Buffer.allocUnsafe, 'function')
-    t.equal(typeof impl.Buffer.allocUnsafeSlow, 'function')
-  })
-  t.end()
-})
-
-test('Generic methods/properties are defined and equal', function (t) {
-  ['poolSize', 'isBuffer', 'concat', 'byteLength'].forEach(function (method) {
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl.Buffer[method], buffer.Buffer[method], method)
-      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-test('Built-in buffer static methods/properties are inherited', function (t) {
-  Object.keys(buffer).forEach(function (method) {
-    if (method === 'SlowBuffer' || method === 'Buffer') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl[method], buffer[method], method)
-      t.notEqual(typeof impl[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-test('Built-in Buffer static methods/properties are inherited', function (t) {
-  Object.keys(buffer.Buffer).forEach(function (method) {
-    if (method === 'allocUnsafe' || method === 'allocUnsafeSlow') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl.Buffer[method], buffer.Buffer[method], method)
-      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-test('.prototype property of Buffer is inherited', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(impl.Buffer.prototype, buffer.Buffer.prototype, 'prototype')
-    t.notEqual(typeof impl.Buffer.prototype, 'undefined', 'prototype')
-  })
-  t.end()
-})
-
-test('All Safer methods are present in Dangerous', function (t) {
-  Object.keys(safer).forEach(function (method) {
-    if (method === 'Buffer') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl[method], safer[method], method)
-      if (method !== 'kStringMaxLength') {
-        t.notEqual(typeof impl[method], 'undefined', method)
-      }
-    })
-  })
-  Object.keys(safer.Buffer).forEach(function (method) {
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl.Buffer[method], safer.Buffer[method], method)
-      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-test('Safe methods from Dangerous methods are present in Safer', function (t) {
-  Object.keys(dangerous).forEach(function (method) {
-    if (method === 'Buffer') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl[method], dangerous[method], method)
-      if (method !== 'kStringMaxLength') {
-        t.notEqual(typeof impl[method], 'undefined', method)
-      }
-    })
-  })
-  Object.keys(dangerous.Buffer).forEach(function (method) {
-    if (method === 'allocUnsafe' || method === 'allocUnsafeSlow') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl.Buffer[method], dangerous.Buffer[method], method)
-      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-/* Behaviour tests */
-
-test('Methods return Buffers', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0)))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0, 10)))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0, 'a')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(10)))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(10, 'x')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(9, 'ab')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('string')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('string', 'utf-8')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from([0, 42, 3])))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from(new Uint8Array([0, 42, 3]))))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from([])))
-  });
-  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
-    t.ok(buffer.Buffer.isBuffer(dangerous.Buffer[method](0)))
-    t.ok(buffer.Buffer.isBuffer(dangerous.Buffer[method](10)))
-  })
-  t.end()
-})
-
-test('Constructor is buffer.Buffer', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(impl.Buffer.alloc(0).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(0, 10).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(0, 'a').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(10).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(10, 'x').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(9, 'ab').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from('').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from('string').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from('string', 'utf-8').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from([0, 42, 3]).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from(new Uint8Array([0, 42, 3])).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from([]).constructor, buffer.Buffer)
-  });
-  [0, 10, 100].forEach(function (arg) {
-    t.equal(dangerous.Buffer.allocUnsafe(arg).constructor, buffer.Buffer)
-    t.equal(dangerous.Buffer.allocUnsafeSlow(arg).constructor, buffer.SlowBuffer(0).constructor)
-  })
-  t.end()
-})
-
-test('Invalid calls throw', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.throws(function () { impl.Buffer.from(0) })
-    t.throws(function () { impl.Buffer.from(10) })
-    t.throws(function () { impl.Buffer.from(10, 'utf-8') })
-    t.throws(function () { impl.Buffer.from('string', 'invalid encoding') })
-    t.throws(function () { impl.Buffer.from(-10) })
-    t.throws(function () { impl.Buffer.from(1e90) })
-    t.throws(function () { impl.Buffer.from(Infinity) })
-    t.throws(function () { impl.Buffer.from(-Infinity) })
-    t.throws(function () { impl.Buffer.from(NaN) })
-    t.throws(function () { impl.Buffer.from(null) })
-    t.throws(function () { impl.Buffer.from(undefined) })
-    t.throws(function () { impl.Buffer.from() })
-    t.throws(function () { impl.Buffer.from({}) })
-    t.throws(function () { impl.Buffer.alloc('') })
-    t.throws(function () { impl.Buffer.alloc('string') })
-    t.throws(function () { impl.Buffer.alloc('string', 'utf-8') })
-    t.throws(function () { impl.Buffer.alloc('b25ldHdvdGhyZWU=', 'base64') })
-    t.throws(function () { impl.Buffer.alloc(-10) })
-    t.throws(function () { impl.Buffer.alloc(1e90) })
-    t.throws(function () { impl.Buffer.alloc(2 * (1 << 30)) })
-    t.throws(function () { impl.Buffer.alloc(Infinity) })
-    t.throws(function () { impl.Buffer.alloc(-Infinity) })
-    t.throws(function () { impl.Buffer.alloc(null) })
-    t.throws(function () { impl.Buffer.alloc(undefined) })
-    t.throws(function () { impl.Buffer.alloc() })
-    t.throws(function () { impl.Buffer.alloc([]) })
-    t.throws(function () { impl.Buffer.alloc([0, 42, 3]) })
-    t.throws(function () { impl.Buffer.alloc({}) })
-  });
-  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
-    t.throws(function () { dangerous.Buffer[method]('') })
-    t.throws(function () { dangerous.Buffer[method]('string') })
-    t.throws(function () { dangerous.Buffer[method]('string', 'utf-8') })
-    t.throws(function () { dangerous.Buffer[method](2 * (1 << 30)) })
-    t.throws(function () { dangerous.Buffer[method](Infinity) })
-    if (dangerous.Buffer[method] === buffer.Buffer.allocUnsafe) {
-      t.skip('Skipping, older impl of allocUnsafe coerced negative sizes to 0')
-    } else {
-      t.throws(function () { dangerous.Buffer[method](-10) })
-      t.throws(function () { dangerous.Buffer[method](-1e90) })
-      t.throws(function () { dangerous.Buffer[method](-Infinity) })
-    }
-    t.throws(function () { dangerous.Buffer[method](null) })
-    t.throws(function () { dangerous.Buffer[method](undefined) })
-    t.throws(function () { dangerous.Buffer[method]() })
-    t.throws(function () { dangerous.Buffer[method]([]) })
-    t.throws(function () { dangerous.Buffer[method]([0, 42, 3]) })
-    t.throws(function () { dangerous.Buffer[method]({}) })
-  })
-  t.end()
-})
-
-test('Buffers have appropriate lengths', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(impl.Buffer.alloc(0).length, 0)
-    t.equal(impl.Buffer.alloc(10).length, 10)
-    t.equal(impl.Buffer.from('').length, 0)
-    t.equal(impl.Buffer.from('string').length, 6)
-    t.equal(impl.Buffer.from('string', 'utf-8').length, 6)
-    t.equal(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64').length, 11)
-    t.equal(impl.Buffer.from([0, 42, 3]).length, 3)
-    t.equal(impl.Buffer.from(new Uint8Array([0, 42, 3])).length, 3)
-    t.equal(impl.Buffer.from([]).length, 0)
-  });
-  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
-    t.equal(dangerous.Buffer[method](0).length, 0)
-    t.equal(dangerous.Buffer[method](10).length, 10)
-  })
-  t.end()
-})
-
-test('Buffers have appropriate lengths (2)', function (t) {
-  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
-  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
-  var ok = true;
-  [ safer.Buffer.alloc,
-    dangerous.Buffer.allocUnsafe,
-    dangerous.Buffer.allocUnsafeSlow
-  ].forEach(function (method) {
-    for (var i = 0; i < 1e2; i++) {
-      var length = Math.round(Math.random() * 1e5)
-      var buf = method(length)
-      if (!buffer.Buffer.isBuffer(buf)) ok = false
-      if (buf.length !== length) ok = false
-    }
-  })
-  t.ok(ok)
-  t.end()
-})
-
-test('.alloc(size) is zero-filled and has correct length', function (t) {
-  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
-  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
-  var ok = true
-  for (var i = 0; i < 1e2; i++) {
-    var length = Math.round(Math.random() * 2e6)
-    var buf = index.Buffer.alloc(length)
-    if (!buffer.Buffer.isBuffer(buf)) ok = false
-    if (buf.length !== length) ok = false
-    var j
-    for (j = 0; j < length; j++) {
-      if (buf[j] !== 0) ok = false
-    }
-    buf.fill(1)
-    for (j = 0; j < length; j++) {
-      if (buf[j] !== 1) ok = false
-    }
-  }
-  t.ok(ok)
-  t.end()
-})
-
-test('.allocUnsafe / .allocUnsafeSlow are fillable and have correct lengths', function (t) {
-  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
-    var ok = true
-    for (var i = 0; i < 1e2; i++) {
-      var length = Math.round(Math.random() * 2e6)
-      var buf = dangerous.Buffer[method](length)
-      if (!buffer.Buffer.isBuffer(buf)) ok = false
-      if (buf.length !== length) ok = false
-      buf.fill(0, 0, length)
-      var j
-      for (j = 0; j < length; j++) {
-        if (buf[j] !== 0) ok = false
-      }
-      buf.fill(1, 0, length)
-      for (j = 0; j < length; j++) {
-        if (buf[j] !== 1) ok = false
-      }
-    }
-    t.ok(ok, method)
-  })
-  t.end()
-})
-
-test('.alloc(size, fill) is `fill`-filled', function (t) {
-  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
-  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
-  var ok = true
-  for (var i = 0; i < 1e2; i++) {
-    var length = Math.round(Math.random() * 2e6)
-    var fill = Math.round(Math.random() * 255)
-    var buf = index.Buffer.alloc(length, fill)
-    if (!buffer.Buffer.isBuffer(buf)) ok = false
-    if (buf.length !== length) ok = false
-    for (var j = 0; j < length; j++) {
-      if (buf[j] !== fill) ok = false
-    }
-  }
-  t.ok(ok)
-  t.end()
-})
-
-test('.alloc(size, fill) is `fill`-filled', function (t) {
-  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
-  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
-  var ok = true
-  for (var i = 0; i < 1e2; i++) {
-    var length = Math.round(Math.random() * 2e6)
-    var fill = Math.round(Math.random() * 255)
-    var buf = index.Buffer.alloc(length, fill)
-    if (!buffer.Buffer.isBuffer(buf)) ok = false
-    if (buf.length !== length) ok = false
-    for (var j = 0; j < length; j++) {
-      if (buf[j] !== fill) ok = false
-    }
-  }
-  t.ok(ok)
-  t.deepEqual(index.Buffer.alloc(9, 'a'), index.Buffer.alloc(9, 97))
-  t.notDeepEqual(index.Buffer.alloc(9, 'a'), index.Buffer.alloc(9, 98))
-
-  var tmp = new buffer.Buffer(2)
-  tmp.fill('ok')
-  if (tmp[1] === tmp[0]) {
-    // Outdated Node.js
-    t.deepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('ooooo'))
-  } else {
-    t.deepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('okoko'))
-  }
-  t.notDeepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('kokok'))
-
-  t.end()
-})
-
-test('safer.Buffer.from returns results same as Buffer constructor', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.deepEqual(impl.Buffer.from(''), new buffer.Buffer(''))
-    t.deepEqual(impl.Buffer.from('string'), new buffer.Buffer('string'))
-    t.deepEqual(impl.Buffer.from('string', 'utf-8'), new buffer.Buffer('string', 'utf-8'))
-    t.deepEqual(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'), new buffer.Buffer('b25ldHdvdGhyZWU=', 'base64'))
-    t.deepEqual(impl.Buffer.from([0, 42, 3]), new buffer.Buffer([0, 42, 3]))
-    t.deepEqual(impl.Buffer.from(new Uint8Array([0, 42, 3])), new buffer.Buffer(new Uint8Array([0, 42, 3])))
-    t.deepEqual(impl.Buffer.from([]), new buffer.Buffer([]))
-  })
-  t.end()
-})
-
-test('safer.Buffer.from returns consistent results', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.deepEqual(impl.Buffer.from(''), impl.Buffer.alloc(0))
-    t.deepEqual(impl.Buffer.from([]), impl.Buffer.alloc(0))
-    t.deepEqual(impl.Buffer.from(new Uint8Array([])), impl.Buffer.alloc(0))
-    t.deepEqual(impl.Buffer.from('string', 'utf-8'), impl.Buffer.from('string'))
-    t.deepEqual(impl.Buffer.from('string'), impl.Buffer.from([115, 116, 114, 105, 110, 103]))
-    t.deepEqual(impl.Buffer.from('string'), impl.Buffer.from(impl.Buffer.from('string')))
-    t.deepEqual(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'), impl.Buffer.from('onetwothree'))
-    t.notDeepEqual(impl.Buffer.from('b25ldHdvdGhyZWU='), impl.Buffer.from('onetwothree'))
-  })
-  t.end()
-})

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codecov-action",
-  "version": "2.0.1",
+  "version": "4.2.0",
   "description": "Upload coverage reports to Codecov from GitHub Actions",
   "main": "index.js",
   "scripts": {
@@ -16,30 +16,29 @@
     "url": "git+https://github.com/codecov/codecov-action.git"
   },
   "keywords": [],
-  "author": "Ibrahim Ali",
+  "author": "Codecov",
   "license": "MIT",
   "bugs": {
     "url": "https://github.com/codecov/codecov-action/issues"
   },
   "homepage": "https://github.com/codecov/codecov-action#readme",
   "dependencies": {
-    "@actions/core": "^1.4.0",
-    "@actions/exec": "^1.1.0",
-    "@actions/github": "^5.0.0",
-    "node-fetch": "^2.6.1",
-    "openpgp": "^4.10.10"
+    "@actions/core": "^1.10.1",
+    "@actions/exec": "^1.1.1",
+    "@actions/github": "^6.0.0",
+    "gpg": "^0.6.0",
+    "undici": "5.28.3"
   },
   "devDependencies": {
-    "@types/jest": "^26.0.24",
-    "@types/node": "^16.3.3",
-    "@typescript-eslint/eslint-plugin": "^4.28.3",
-    "@typescript-eslint/parser": "^4.28.3",
-    "@vercel/ncc": "^0.29.0",
-    "eslint": "^7.30.0",
+    "@types/jest": "^29.5.12",
+    "@typescript-eslint/eslint-plugin": "^7.5.0",
+    "@typescript-eslint/parser": "^7.5.0",
+    "@vercel/ncc": "^0.38.1",
+    "eslint": "^8.57.0",
     "eslint-config-google": "^0.14.0",
-    "jest": "^26.6.3",
-    "jest-junit": "^12.2.0",
-    "ts-jest": "^26.5.6",
-    "typescript": "^4.3.5"
+    "jest": "^29.7.0",
+    "jest-junit": "^16.0.0",
+    "ts-jest": "^29.1.2",
+    "typescript": "^5.4.3"
   }
 }

src/buildExec.test.ts

@@ -1,74 +1,107 @@
 import * as github from '@actions/github';
 
-import buildExec from './buildExec';
+import {
+  buildCommitExec,
+  buildGeneralExec,
+  buildReportExec,
+  buildUploadExec,
+} from './buildExec';
 
-/* eslint-disable  @typescript-eslint/no-var-requires */
-const {version} = require('../package.json');
 
 const context = github.context;
 
-test('no arguments', () => {
-  const {execArgs, failCi} = buildExec();
-
-  const args = [
-    '-n',
-    '',
-    '-Q',
-    `github-action-${version}`,
-  ];
-  if (context.eventName == 'pull_request') {
-    args.push('-C', `${context.payload.pull_request.head.sha}`);
-  }
-  expect(execArgs).toEqual(args);
-  expect(failCi).toBeFalsy();
-});
-
-test('all arguments', () => {
+test('general args', async () => {
   const envs = {
-    'commit_parent': '83231650328f11695dfb754ca0f540516f188d27',
-    'directory': 'coverage/',
-    'dry_run': 'true',
-    'env_vars': 'OS,PYTHON',
-    'fail_ci_if_error': 'true',
-    'file': 'coverage.xml',
-    'files': 'dir1/coverage.xml,dir2/coverage.xml',
-    'flags': 'test,test2',
-    'functionalities':
-      'network',
-    'move_coverage_to_trash': 'true',
-    'name': 'codecov',
-    'override_branch': 'thomasrockhu/test',
-    'override_build': '1',
-    'override_commit': '9caabca5474b49de74ef5667deabaf74cdacc244',
-    'override_pr': '2',
-    'override_tag': 'v1.2',
-    'path_to_write_report': 'codecov/',
-    'root_dir': 'root/',
-    'slug': 'fakeOwner/fakeRepo',
-    'token': 'd3859757-ab80-4664-924d-aef22fa7557b',
-    'url': 'https://codecov.enterprise.com',
-    'verbose': 't',
-    'working-directory': 'src',
+    codecov_yml_path: 'dev/codecov.yml',
+    url: 'https://codecov.enterprise.com',
+    verbose: 't',
   };
-
   for (const env of Object.keys(envs)) {
     process.env['INPUT_' + env.toUpperCase()] = envs[env];
   }
 
-  const {execArgs, failCi} = buildExec();
-  expect(execArgs).toEqual([
-    '-n',
-    'codecov',
-    '-Q',
-    `github-action-${version}`,
-    '-c',
-    '-N',
-    '83231650328f11695dfb754ca0f540516f188d27',
+  const {args, verbose} = await buildGeneralExec();
+
+  expect(args).toEqual(
+      expect.arrayContaining([
+        '--codecov-yml-path',
+        'dev/codecov.yml',
+        '--enterprise-url',
+        'https://codecov.enterprise.com',
+        '-v',
+      ]));
+  expect(verbose).toBeTruthy();
+  for (const env of Object.keys(envs)) {
+    delete process.env['INPUT_' + env.toUpperCase()];
+  }
+});
+
+test('upload args using context', async () => {
+  const expectedArgs = [
+    '--git-service',
+    'github',
+  ];
+  const {uploadExecArgs, uploadCommand} = await buildUploadExec();
+  if (context.eventName == 'pull_request') {
+    expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  if (context.eventName == 'pull_request_target') {
+    expectedArgs.push('-P', `${context.payload.number}`);
+  }
+
+  expect(uploadExecArgs).toEqual(expectedArgs);
+  expect(uploadCommand).toEqual('do-upload');
+});
+
+test('upload args', async () => {
+  const envs = {
+    'codecov_yml_path': 'dev/codecov.yml',
+    'commit_parent': 'fakeparentcommit',
+    'directory': 'coverage/',
+    'disable_file_fixes': 'true',
+    'disable_search': 'true',
+    'dry_run': 'true',
+    'env_vars': 'OS,PYTHON',
+    'exclude': 'node_modules/',
+    'fail_ci_if_error': 'true',
+    'file': 'coverage.xml',
+    'files': 'dir1/coverage.xml,dir2/coverage.xml',
+    'flags': 'test,test2',
+    'git_service': 'github_enterprise',
+    'handle_no_reports_found': 'true',
+    'job_code': '32',
+    'name': 'codecov',
+    'os': 'macos',
+    'override_branch': 'thomasrockhu/test',
+    'override_build': '1',
+    'override_build_url': 'https://example.com/build/2',
+    'override_commit': '9caabca5474b49de74ef5667deabaf74cdacc244',
+    'override_pr': '2',
+    'plugin': 'xcode',
+    'plugins': 'pycoverage,compress-pycoverage',
+    'report_code': 'testCode',
+    'root_dir': 'root/',
+    'slug': 'fakeOwner/fakeRepo',
+    'token': 'd3859757-ab80-4664-924d-aef22fa7557b',
+    'url': 'https://enterprise.example.com',
+    'use_legacy_upload_endpoint': 'true',
+    'verbose': 'true',
+    'version': '0.1.2',
+    'working-directory': 'src',
+  };
+  for (const env of Object.keys(envs)) {
+    process.env['INPUT_' + env.toUpperCase()] = envs[env];
+  }
+
+  const {uploadExecArgs, uploadCommand} = await buildUploadExec();
+  const expectedArgs = [
+    '--disable-file-fixes',
+    '--disable-search',
     '-d',
     '-e',
     'OS,PYTHON',
-    '-X',
-    'network',
+    '--exclude',
+    'node_modules/',
     '-Z',
     '-f',
     'coverage.xml',
@@ -80,29 +113,161 @@ test('all arguments', () => {
     'test',
     '-F',
     'test2',
+    '--git-service',
+    'github_enterprise',
+    '--handle-no-reports-found',
+    '--job-code',
+    '32',
+    '-n',
+    'codecov',
     '-B',
     'thomasrockhu/test',
     '-b',
     '1',
+    '--build-url',
+    'https://example.com/build/2',
     '-C',
     '9caabca5474b49de74ef5667deabaf74cdacc244',
     '-P',
     '2',
-    '-T',
-    'v1.2',
-    '-R',
+    '--plugin',
+    'xcode',
+    '--plugin',
+    'pycoverage',
+    '--plugin',
+    'compress-pycoverage',
+    '--report-code',
+    'testCode',
+    '--network-root-folder',
     'root/',
     '-s',
     'coverage/',
     '-r',
     'fakeOwner/fakeRepo',
-    '-u',
-    'https://codecov.enterprise.com',
-    '-v',
-  ]);
-  expect(failCi).toBeTruthy();
+    '--legacy',
+  ];
 
+  expect(uploadExecArgs).toEqual(expectedArgs);
+  expect(uploadCommand).toEqual('do-upload');
   for (const env of Object.keys(envs)) {
     delete process.env['INPUT_' + env.toUpperCase()];
   }
 });
+
+
+test('report args', async () => {
+  const envs = {
+    git_service: 'github_enterprise',
+    override_commit: '9caabca5474b49de74ef5667deabaf74cdacc244',
+    override_pr: 'fakePR',
+    slug: 'fakeOwner/fakeRepo',
+    token: 'd3859757-ab80-4664-924d-aef22fa7557b',
+    fail_ci_if_error: 'true',
+  };
+  for (const env of Object.keys(envs)) {
+    process.env['INPUT_' + env.toUpperCase()] = envs[env];
+  }
+
+  const {reportExecArgs, reportCommand} = await buildReportExec();
+
+  const expectedArgs = [
+    '--git-service',
+    'github_enterprise',
+    '-C',
+    '9caabca5474b49de74ef5667deabaf74cdacc244',
+    '-P',
+    'fakePR',
+    '--slug',
+    'fakeOwner/fakeRepo',
+    '-Z',
+  ];
+
+  expect(reportExecArgs).toEqual(expectedArgs);
+  expect(reportCommand).toEqual('create-report');
+  for (const env of Object.keys(envs)) {
+    delete process.env['INPUT_' + env.toUpperCase()];
+  }
+});
+
+
+test('report args using context', async () => {
+  const envs = {
+    token: 'd3859757-ab80-4664-924d-aef22fa7557b',
+  };
+  for (const env of Object.keys(envs)) {
+    process.env['INPUT_' + env.toUpperCase()] = envs[env];
+  }
+  const expectedArgs : string[] = [
+    '--git-service',
+    'github',
+  ];
+  if (context.eventName == 'pull_request') {
+    expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+
+  const {reportExecArgs, reportCommand} = await buildReportExec();
+
+  expect(reportExecArgs).toEqual(expectedArgs);
+  expect(reportCommand).toEqual('create-report');
+  for (const env of Object.keys(envs)) {
+    delete process.env['INPUT_' + env.toUpperCase()];
+  }
+});
+
+
+test('commit args', async () => {
+  const envs = {
+    git_service: 'github_enterprise',
+    commit_parent: '83231650328f11695dfb754ca0f540516f188d27',
+    override_branch: 'thomasrockhu/test',
+    override_commit: '9caabca5474b49de74ef5667deabaf74cdacc244',
+    override_pr: '2',
+    slug: 'fakeOwner/fakeRepo',
+    token: 'd3859757-ab80-4664-924d-aef22fa7557b',
+    fail_ci_if_error: 'true',
+  };
+  for (const env of Object.keys(envs)) {
+    process.env['INPUT_' + env.toUpperCase()] = envs[env];
+  }
+
+  const {commitExecArgs, commitCommand} = await buildCommitExec();
+  const expectedArgs = [
+    '--parent-sha',
+    '83231650328f11695dfb754ca0f540516f188d27',
+    '--git-service',
+    'github_enterprise',
+    '-B',
+    'thomasrockhu/test',
+    '-C',
+    '9caabca5474b49de74ef5667deabaf74cdacc244',
+    '--pr',
+    '2',
+    '--slug',
+    'fakeOwner/fakeRepo',
+    '-Z',
+  ];
+
+  expect(commitExecArgs).toEqual(expectedArgs);
+  expect(commitCommand).toEqual('create-commit');
+  for (const env of Object.keys(envs)) {
+    delete process.env['INPUT_' + env.toUpperCase()];
+  }
+});
+
+test('commit args using context', async () => {
+  const expectedArgs :string[] = [
+    '--git-service',
+    'github',
+  ];
+
+  const {commitExecArgs, commitCommand} = await buildCommitExec();
+  if (context.eventName == 'pull_request') {
+    expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  if (context.eventName == 'pull_request_target') {
+    expectedArgs.push('-P', `${context.payload.number}`);
+  }
+
+  expect(commitExecArgs).toEqual(expectedArgs);
+  expect(commitCommand).toEqual('create-commit');
+});

src/buildExec.ts

@@ -1,8 +1,9 @@
+/* eslint-disable  @typescript-eslint/no-explicit-any */
+
 import * as core from '@actions/core';
 import * as github from '@actions/github';
 
-/* eslint-disable  @typescript-eslint/no-var-requires */
-const {version} = require('../package.json');
+import {setFailure} from './helpers';
 
 const context = github.context;
 
@@ -17,40 +18,206 @@ const isTrue = (variable) => {
   );
 };
 
-const buildExec = () => {
-  const clean = core.getInput('move_coverage_to_trash');
+const getToken = async () => {
+  let token = core.getInput('token');
+  let url = core.getInput('url');
+  const useOIDC = isTrue(core.getInput('use_oidc'));
+
+  if (useOIDC) {
+    if (!url) {
+      url = 'https://codecov.io';
+    }
+    try {
+      token = await core.getIDToken(url);
+      return token;
+    } catch (err) {
+      setFailure(
+          `Codecov: Failed to get OIDC token with url: ${url}. ${err.message}`,
+          true,
+      );
+    }
+  }
+  return token;
+};
+
+const buildCommitExec = async () => {
   const commitParent = core.getInput('commit_parent');
-  const envVars = core.getInput('env_vars');
+  const gitService = core.getInput('git_service');
+  const overrideBranch = core.getInput('override_branch');
+  const overrideCommit = core.getInput('override_commit');
+  const overridePr = core.getInput('override_pr');
+  const slug = core.getInput('slug');
+  const token = await getToken();
+  const failCi = isTrue(core.getInput('fail_ci_if_error'));
+  const workingDir = core.getInput('working-directory');
+
+  const commitCommand = 'create-commit';
+  const commitExecArgs = [];
+
+  const commitOptions:any = {};
+  commitOptions.env = Object.assign(process.env, {
+    GITHUB_ACTION: process.env.GITHUB_ACTION,
+    GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
+    GITHUB_REF: process.env.GITHUB_REF,
+    GITHUB_REPOSITORY: process.env.GITHUB_REPOSITORY,
+    GITHUB_SHA: process.env.GITHUB_SHA,
+    GITHUB_HEAD_REF: process.env.GITHUB_HEAD_REF || '',
+  });
+
+
+  if (token) {
+    commitOptions.env.CODECOV_TOKEN = token;
+  }
+  if (commitParent) {
+    commitExecArgs.push('--parent-sha', `${commitParent}`);
+  }
+  commitExecArgs.push('--git-service', `${gitService ? gitService : 'github'}`);
+
+  if (overrideBranch) {
+    commitExecArgs.push('-B', `${overrideBranch}`);
+  }
+  if (overrideCommit) {
+    commitExecArgs.push('-C', `${overrideCommit}`);
+  } else if (
+    `${context.eventName}` == 'pull_request' ||
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    commitExecArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  if (overridePr) {
+    commitExecArgs.push('--pr', `${overridePr}`);
+  } else if (
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    commitExecArgs.push('--pr', `${context.payload.number}`);
+  }
+  if (slug) {
+    commitExecArgs.push('--slug', `${slug}`);
+  }
+  if (failCi) {
+    commitExecArgs.push('-Z');
+  }
+  if (workingDir) {
+    commitOptions.cwd = workingDir;
+  }
+
+
+  return {commitExecArgs, commitOptions, commitCommand};
+};
+
+const buildGeneralExec = () => {
+  const codecovYmlPath = core.getInput('codecov_yml_path');
+  const url = core.getInput('url');
+  const verbose = isTrue(core.getInput('verbose'));
+  const args = [];
+
+  if (codecovYmlPath) {
+    args.push('--codecov-yml-path', `${codecovYmlPath}`);
+  }
+  if (url) {
+    args.push('--enterprise-url', `${url}`);
+  }
+  if (verbose) {
+    args.push('-v');
+  }
+  return {args, verbose};
+};
+
+const buildReportExec = async () => {
+  const gitService = core.getInput('git_service');
+  const overrideCommit = core.getInput('override_commit');
+  const overridePr = core.getInput('override_pr');
+  const slug = core.getInput('slug');
+  const token = await getToken();
+  const failCi = isTrue(core.getInput('fail_ci_if_error'));
+  const workingDir = core.getInput('working-directory');
+
+
+  const reportCommand = 'create-report';
+  const reportExecArgs = [];
+
+  const reportOptions:any = {};
+  reportOptions.env = Object.assign(process.env, {
+    GITHUB_ACTION: process.env.GITHUB_ACTION,
+    GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
+    GITHUB_REF: process.env.GITHUB_REF,
+    GITHUB_REPOSITORY: process.env.GITHUB_REPOSITORY,
+    GITHUB_SHA: process.env.GITHUB_SHA,
+    GITHUB_HEAD_REF: process.env.GITHUB_HEAD_REF || '',
+  });
+
+
+  if (token) {
+    reportOptions.env.CODECOV_TOKEN = token;
+  }
+  reportExecArgs.push('--git-service', `${gitService ? gitService : 'github'}`);
+
+  if (overrideCommit) {
+    reportExecArgs.push('-C', `${overrideCommit}`);
+  } else if (
+    `${context.eventName}` == 'pull_request' ||
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    reportExecArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  if (overridePr) {
+    reportExecArgs.push('-P', `${overridePr}`);
+  } else if (
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    reportExecArgs.push('-P', `${context.payload.number}`);
+  }
+  if (slug) {
+    reportExecArgs.push('--slug', `${slug}`);
+  }
+  if (failCi) {
+    reportExecArgs.push('-Z');
+  }
+  if (workingDir) {
+    reportOptions.cwd = workingDir;
+  }
+
+  return {reportExecArgs, reportOptions, reportCommand};
+};
+
+const buildUploadExec = async () => {
+  const disableFileFixes = isTrue(core.getInput('disable_file_fixes'));
+  const disableSafeDirectory = isTrue(core.getInput('disable_safe_directory'));
+  const disableSearch = isTrue(core.getInput('disable_search'));
   const dryRun = isTrue(core.getInput('dry_run'));
+  const envVars = core.getInput('env_vars');
+  const exclude = core.getInput('exclude');
   const failCi = isTrue(core.getInput('fail_ci_if_error'));
   const file = core.getInput('file');
   const files = core.getInput('files');
   const flags = core.getInput('flags');
-  const functionalities = core.getInput('functionalities');
+  const gitService = core.getInput('git_service');
+  const handleNoReportsFound = isTrue(core.getInput('handle_no_reports_found'));
+  const jobCode = core.getInput('job_code');
   const name = core.getInput('name');
+  const os = core.getInput('os');
   const overrideBranch = core.getInput('override_branch');
   const overrideBuild = core.getInput('override_build');
+  const overrideBuildUrl = core.getInput('override_build_url');
   const overrideCommit = core.getInput('override_commit');
   const overridePr = core.getInput('override_pr');
-  const overrideTag = core.getInput('override_tag');
+  const plugin = core.getInput('plugin');
+  const plugins = core.getInput('plugins');
+  const reportCode = core.getInput('report_code');
   const rootDir = core.getInput('root_dir');
   const searchDir = core.getInput('directory');
   const slug = core.getInput('slug');
-  const token = core.getInput('token');
-  const verbose = isTrue(core.getInput('verbose'));
-  const url = core.getInput('url');
+  const token = await getToken();
+  let uploaderVersion = core.getInput('version');
+  const useLegacyUploadEndpoint = isTrue(
+      core.getInput('use_legacy_upload_endpoint'),
+  );
   const workingDir = core.getInput('working-directory');
 
-  const execArgs = [];
-  execArgs.push(
-      '-n',
-      `${name}`,
-      '-Q',
-      `github-action-${version}`,
-  );
-
-  const options:any = {};
-  options.env = Object.assign(process.env, {
+  const uploadExecArgs = [];
+  const uploadCommand = 'do-upload';
+  const uploadOptions:any = {};
+  uploadOptions.env = Object.assign(process.env, {
     GITHUB_ACTION: process.env.GITHUB_ACTION,
     GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
     GITHUB_REF: process.env.GITHUB_REF,
@@ -63,91 +230,123 @@ const buildExec = () => {
   for (const envVar of envVars.split(',')) {
     const envVarClean = envVar.trim();
     if (envVarClean) {
-      options.env[envVarClean] = process.env[envVarClean];
+      uploadOptions.env[envVarClean] = process.env[envVarClean];
       envVarsArg.push(envVarClean);
     }
   }
-
   if (token) {
-    options.env.CODECOV_TOKEN = token;
+    uploadOptions.env.CODECOV_TOKEN = token;
   }
-  if (clean) {
-    execArgs.push('-c');
+  if (disableFileFixes) {
+    uploadExecArgs.push('--disable-file-fixes');
   }
-  if (commitParent) {
-    execArgs.push('-N', `${commitParent}`);
+  if (disableSearch) {
+    uploadExecArgs.push('--disable-search');
   }
   if (dryRun) {
-    execArgs.push('-d');
+    uploadExecArgs.push('-d');
   }
   if (envVarsArg.length) {
-    execArgs.push('-e', envVarsArg.join(','));
+    uploadExecArgs.push('-e', envVarsArg.join(','));
   }
-  if (functionalities) {
-    functionalities.split(',').forEach((f) => {
-      execArgs.push('-X', `${f}`);
-    });
+  if (exclude) {
+    uploadExecArgs.push('--exclude', `${exclude}`);
   }
   if (failCi) {
-    execArgs.push('-Z');
+    uploadExecArgs.push('-Z');
   }
   if (file) {
-    execArgs.push('-f', `${file}`);
+    uploadExecArgs.push('-f', `${file}`);
   }
   if (files) {
-    files.split(',').forEach((f) => {
-      execArgs.push('-f', `${f}`);
+    files.split(',').map((f) => f.trim()).forEach((f) => {
+      uploadExecArgs.push('-f', `${f}`);
     });
   }
   if (flags) {
-    flags.split(',').forEach((f) => {
-      execArgs.push('-F', `${f}`);
+    flags.split(',').map((f) => f.trim()).forEach((f) => {
+      uploadExecArgs.push('-F', `${f}`);
     });
   }
+  uploadExecArgs.push('--git-service', `${gitService ? gitService : 'github'}`);
+  if (handleNoReportsFound) {
+    uploadExecArgs.push('--handle-no-reports-found');
+  }
+  if (jobCode) {
+    uploadExecArgs.push('--job-code', `${jobCode}`);
+  }
+  if (name) {
+    uploadExecArgs.push('-n', `${name}`);
+  }
   if (overrideBranch) {
-    execArgs.push('-B', `${overrideBranch}`);
+    uploadExecArgs.push('-B', `${overrideBranch}`);
   }
   if (overrideBuild) {
-    execArgs.push('-b', `${overrideBuild}`);
+    uploadExecArgs.push('-b', `${overrideBuild}`);
+  }
+  if (overrideBuildUrl) {
+    uploadExecArgs.push('--build-url', `${overrideBuildUrl}`);
   }
   if (overrideCommit) {
-    execArgs.push('-C', `${overrideCommit}`);
+    uploadExecArgs.push('-C', `${overrideCommit}`);
   } else if (
     `${context.eventName}` == 'pull_request' ||
     `${context.eventName}` == 'pull_request_target'
   ) {
-    execArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+    uploadExecArgs.push('-C', `${context.payload.pull_request.head.sha}`);
   }
   if (overridePr) {
-    execArgs.push('-P', `${overridePr}`);
+    uploadExecArgs.push('-P', `${overridePr}`);
   } else if (
     `${context.eventName}` == 'pull_request_target'
   ) {
-    execArgs.push('-P', `${context.payload.number}`);
+    uploadExecArgs.push('-P', `${context.payload.number}`);
   }
-  if (overrideTag) {
-    execArgs.push('-T', `${overrideTag}`);
+  if (plugin) {
+    uploadExecArgs.push('--plugin', `${plugin}`);
+  }
+  if (plugins) {
+    plugins.split(',').map((p) => p.trim()).forEach((p) => {
+      uploadExecArgs.push('--plugin', `${p}`);
+    });
+  }
+  if (reportCode) {
+    uploadExecArgs.push('--report-code', `${reportCode}`);
   }
   if (rootDir) {
-    execArgs.push('-R', `${rootDir}`);
+    uploadExecArgs.push('--network-root-folder', `${rootDir}`);
   }
   if (searchDir) {
-    execArgs.push('-s', `${searchDir}`);
+    uploadExecArgs.push('-s', `${searchDir}`);
   }
   if (slug) {
-    execArgs.push('-r', `${slug}`);
-  }
-  if (url) {
-    execArgs.push('-u', `${url}`);
-  }
-  if (verbose) {
-    execArgs.push('-v');
+    uploadExecArgs.push('-r', `${slug}`);
   }
   if (workingDir) {
-    options.cwd = workingDir;
+    uploadOptions.cwd = workingDir;
+  }
+  if (uploaderVersion == '') {
+    uploaderVersion = 'latest';
+  }
+  if (useLegacyUploadEndpoint) {
+    uploadExecArgs.push('--legacy');
   }
 
-  return {execArgs, options, failCi};
+  return {
+    uploadExecArgs,
+    uploadOptions,
+    disableSafeDirectory,
+    failCi,
+    os,
+    uploaderVersion,
+    uploadCommand,
+  };
 };
 
-export default buildExec;
+
+export {
+  buildCommitExec,
+  buildGeneralExec,
+  buildReportExec,
+  buildUploadExec,
+};

src/helpers.test.ts

@@ -0,0 +1,96 @@
+import * as exec from '@actions/exec';
+
+import {
+  PLATFORMS,
+  getBaseUrl,
+  getCommand,
+  getPlatform,
+  isValidPlatform,
+  isWindows,
+  setSafeDirectory,
+} from './helpers';
+
+let OLDOS = process.env.RUNNER_OS;
+
+beforeEach(() => {
+  jest.resetModules();
+  OLDOS = process.env.RUNNER_OS;
+});
+
+afterAll(() => {
+  process.env.RUNNER_OS = OLDOS;
+});
+
+test('getPlatform', () => {
+  expect(getPlatform('linux')).toBe('linux');
+  expect(getPlatform('windows')).toBe('windows');
+
+  const defaultPlatform =
+      process.env.RUNNER_OS ? process.env.RUNNER_OS.toLowerCase() : 'linux';
+  expect(getPlatform('fakeos')).toBe(defaultPlatform);
+  expect(getPlatform()).toBe(defaultPlatform);
+
+  process.env.RUNNER_OS = 'macos';
+  expect(getPlatform('fakeos')).toBe('macos');
+  expect(getPlatform()).toBe('macos');
+
+  process.env.RUNNER_OS = 'alsofakeos';
+  expect(getPlatform()).toBe('linux');
+  expect(getPlatform('fakeos')).toBe('linux');
+});
+
+test('getBaseUrl', () => {
+  expect(PLATFORMS.map((platform) => {
+    return getBaseUrl(platform, 'latest');
+  })).toEqual([
+    'https://cli.codecov.io/latest/linux/codecov',
+    'https://cli.codecov.io/latest/macos/codecov',
+    'https://cli.codecov.io/latest/windows/codecov.exe',
+    'https://cli.codecov.io/latest/alpine/codecov',
+    'https://cli.codecov.io/latest/linux-arm64/codecov',
+    'https://cli.codecov.io/latest/alpine-arm64/codecov',
+  ]);
+
+  expect(PLATFORMS.map((platform) => {
+    return getBaseUrl(platform, 'v0.1.0_8880');
+  })).toEqual([
+    'https://cli.codecov.io/v0.1.0_8880/linux/codecov',
+    'https://cli.codecov.io/v0.1.0_8880/macos/codecov',
+    'https://cli.codecov.io/v0.1.0_8880/windows/codecov.exe',
+    'https://cli.codecov.io/v0.1.0_8880/alpine/codecov',
+    'https://cli.codecov.io/v0.1.0_8880/linux-arm64/codecov',
+    'https://cli.codecov.io/v0.1.0_8880/alpine-arm64/codecov',
+  ]);
+});
+
+test('isWindows', () => {
+  expect(PLATFORMS.map((platform) => {
+    return isWindows(platform);
+  })).toEqual([false, false, true, false, false, false]);
+});
+
+test('isValidPlatform', () => {
+  expect(PLATFORMS.map((platform) => {
+    return isValidPlatform(platform);
+  })).toEqual([true, true, true, true, true, true]);
+
+  expect(isValidPlatform('fakeos')).toBeFalsy();
+});
+
+test('getCommand', () => {
+  expect(getCommand('path', ['-v', '-x'], 'do-upload'))
+      .toEqual(['path', '-v', '-x', 'do-upload']);
+});
+
+test('setSafeDirectory', async () => {
+  process.env.GITHUB_WORKSPACE = 'testOrg/testRepo';
+  await setSafeDirectory();
+  const testSafeDirectory = ([
+    'git',
+    'config',
+    '--get',
+    'safe.directory',
+  ]).join(' ');
+  const safeDirectory = await exec.getExecOutput(testSafeDirectory);
+  expect(safeDirectory.stdout).toBe('testOrg/testRepo\n');
+});

src/helpers.ts

@@ -1,6 +1,14 @@
 import * as core from '@actions/core';
+import * as exec from '@actions/exec';
 
-const PLATFORMS = ['alpine', 'linux', 'macos', 'windows'];
+const PLATFORMS = [
+  'linux',
+  'macos',
+  'windows',
+  'alpine',
+  'linux-arm64',
+  'alpine-arm64',
+];
 
 const setFailure = (message: string, failCi: boolean): void => {
     failCi ? core.setFailed(message) : core.warning(message);
@@ -9,33 +17,75 @@ const setFailure = (message: string, failCi: boolean): void => {
     }
 };
 
-const getUploaderName = (): string => {
-  if (isWindows()) {
+const getUploaderName = (platform: string): string => {
+  if (isWindows(platform)) {
     return 'codecov.exe';
   } else {
     return 'codecov';
   }
 };
 
-const isValidPlatform = (): boolean => {
-  return PLATFORMS.includes(getPlatform());
+const isValidPlatform = (platform: string): boolean => {
+  return PLATFORMS.includes(platform);
 };
 
-const isWindows = (): boolean => {
-  return getPlatform() === 'windows';
+const isWindows = (platform: string): boolean => {
+  return platform === 'windows';
 };
 
-const getPlatform = (): string => {
-  return process.env.RUNNER_OS.toLowerCase();
+const getPlatform = (os?: string): string => {
+  if (isValidPlatform(os)) {
+    core.info(`==> ${os} OS provided`);
+    return os;
+  }
+
+  const platform = process.env.RUNNER_OS?.toLowerCase();
+  if (isValidPlatform(platform)) {
+    core.info(`==> ${platform} OS detected`);
+    return platform;
+  }
+
+  core.info(
+      '==> Could not detect OS or provided OS is invalid. Defaulting to linux',
+  );
+  return 'linux';
 };
 
-const BASEURL = `https://uploader.codecov.io/latest/${getPlatform()}/${getUploaderName()}`;
+const getBaseUrl = (platform: string, version: string): string => {
+  return `https://cli.codecov.io/${version}/${platform}/${getUploaderName(platform)}`;
+};
+
+const getCommand = (
+    filename: string,
+    generalArgs:string[],
+    command: string,
+): string[] => {
+  const fullCommand = [filename, ...generalArgs, command];
+  core.info(`==> Running command '${fullCommand.join(' ')}'`);
+  return fullCommand;
+};
+
+const setSafeDirectory = async () => {
+  const command = ([
+    'git',
+    'config',
+    '--global',
+    '--add',
+    'safe.directory',
+    `${process.env['GITHUB_WORKSPACE']}`,
+  ].join(' '));
+  core.info(`==> Running ${command}`);
+  await exec.exec(command);
+};
 
 export {
-  BASEURL,
+  PLATFORMS,
+  getBaseUrl,
   getPlatform,
   getUploaderName,
   isValidPlatform,
   isWindows,
   setFailure,
+  setSafeDirectory,
+  getCommand,
 };

src/index.ts

@@ -4,66 +4,126 @@ import * as path from 'path';
 
 import * as exec from '@actions/exec';
 
-import buildExec from './buildExec';
 import {
-  BASEURL,
+  buildCommitExec,
+  buildGeneralExec,
+  buildReportExec,
+  buildUploadExec,
+} from './buildExec';
+import {
+  getBaseUrl,
+  getCommand,
   getPlatform,
   getUploaderName,
-  isValidPlatform,
   setFailure,
+  setSafeDirectory,
 } from './helpers';
 
 import verify from './validate';
+import versionInfo from './version';
 
 let failCi;
 
-try {
-  const {execArgs, options, failCi} = buildExec();
-  const platform = getPlatform();
-  if (!isValidPlatform()) {
-    setFailure(
-        `Codecov: Encountered an unexpected platform: ${platform}`,
-        failCi,
-    );
-  }
-  const filename = path.join( __dirname, getUploaderName());
-  https.get(BASEURL, (res) => {
-    // Image will be stored at this path
-    const filePath = fs.createWriteStream(filename);
-    res.pipe(filePath);
-    filePath
-        .on('error', (err) => {
-          setFailure(
-              `Codecov: Failed to write uploader binary: ${err.message}`,
-              true,
-          );
-        }).on('finish', async () => {
-          filePath.close();
+const run = async () => {
+  try {
+    const {commitExecArgs, commitOptions, commitCommand} = await buildCommitExec();
+    const {reportExecArgs, reportOptions, reportCommand} = await buildReportExec();
+    const {
+      uploadExecArgs,
+      uploadOptions,
+      disableSafeDirectory,
+      failCi,
+      os,
+      uploaderVersion,
+      uploadCommand,
+    } = await buildUploadExec();
+    const {args, verbose} = buildGeneralExec();
 
-          await verify(filename);
-          await fs.chmodSync(filename, '777');
+    const platform = getPlatform(os);
 
-          const unlink = () => {
-            fs.unlink(filename, (err) => {
-              if (err) {
-                setFailure(
-                    `Codecov: Could not unlink uploader: ${err.message}`,
-                    failCi,
-                );
-              }
-            });
-          };
-          await exec.exec(filename, execArgs, options)
-              .catch((err) => {
-                setFailure(
-                    `Codecov: Failed to properly upload: ${err.message}`,
-                    failCi,
-                );
-              }).then(() => {
-                unlink();
+    const filename = path.join( __dirname, getUploaderName(platform));
+    https.get(getBaseUrl(platform, uploaderVersion), (res) => {
+      // Image will be stored at this path
+      const filePath = fs.createWriteStream(filename);
+      res.pipe(filePath);
+      filePath
+          .on('error', (err) => {
+            setFailure(
+                `Codecov: Failed to write uploader binary: ${err.message}`,
+                true,
+            );
+          }).on('finish', async () => {
+            filePath.close();
+
+            await verify(filename, platform, uploaderVersion, verbose, failCi);
+            await versionInfo(platform, uploaderVersion);
+            await fs.chmodSync(filename, '777');
+            if (!disableSafeDirectory) {
+              await setSafeDirectory();
+            }
+
+            const unlink = () => {
+              fs.unlink(filename, (err) => {
+                if (err) {
+                  setFailure(
+                      `Codecov: Could not unlink uploader: ${err.message}`,
+                      failCi,
+                  );
+                }
               });
-        });
-  });
-} catch (err) {
-  setFailure(`Codecov: Encountered an unexpected error ${err.message}`, failCi);
-}
+            };
+            const doUpload = async () => {
+              await exec.exec(getCommand(filename, args, uploadCommand).join(' '),
+                  uploadExecArgs,
+                  uploadOptions)
+                  .catch((err) => {
+                    setFailure(
+                        `Codecov:
+                        Failed to properly upload report: ${err.message}`,
+                        failCi,
+                    );
+                  });
+            };
+            const createReport = async () => {
+              await exec.exec(
+                  getCommand(filename, args, reportCommand).join(' '),
+                  reportExecArgs,
+                  reportOptions)
+                  .then(async (exitCode) => {
+                    if (exitCode == 0) {
+                      await doUpload();
+                    }
+                  }).catch((err) => {
+                    setFailure(
+                        `Codecov:
+                        Failed to properly create report: ${err.message}`,
+                        failCi,
+                    );
+                  });
+            };
+            await exec.exec(
+                getCommand(
+                    filename,
+                    args,
+                    commitCommand,
+                ).join(' '),
+                commitExecArgs, commitOptions)
+                .then(async (exitCode) => {
+                  if (exitCode == 0) {
+                    await createReport();
+                  }
+                  unlink();
+                }).catch((err) => {
+                  setFailure(
+                      `Codecov: Failed to properly create commit: ${err.message}`,
+                      failCi,
+                  );
+                });
+          });
+    });
+  } catch (err) {
+    setFailure(`Codecov: Encountered an unexpected error ${err.message}`, failCi);
+  }
+};
+
+run();

src/validate.ts

@@ -1,69 +1,113 @@
 import * as crypto from 'crypto';
 import * as fs from 'fs';
+import * as gpg from 'gpg';
 import * as path from 'path';
 
 import * as core from '@actions/core';
-import * as openpgp from 'openpgp';
-import * as fetch from 'node-fetch';
+import {request} from 'undici';
 
 import {
-  BASEURL,
+  getBaseUrl,
   getUploaderName,
   setFailure,
 } from './helpers';
 
-const verify = async (filename: string) => {
+const verify = async (
+    filename: string,
+    platform: string,
+    version: string,
+    verbose: boolean,
+    failCi: boolean,
+): Promise<void> => {
   try {
-    const uploaderName = getUploaderName();
-
-    // Read in public key
-    const publicKeyArmored = await fs.readFileSync(
-        path.join(__dirname, 'pgp_keys.asc'),
-        'utf-8',
-    );
+    const uploaderName = getUploaderName(platform);
 
     // Get SHASUM and SHASUM signature files
-    const shasumRes = await fetch( `${BASEURL}.SHA256SUM`);
-    const shasum = await shasumRes.text();
-
-    const shaSigRes = await fetch( `${BASEURL}.SHA256SUM.sig`);
-    const shaSig = await shaSigRes.text();
-
-    // Verify shasum
-    const verified = await openpgp.verify({
-      message: await openpgp.cleartext.fromText(shasum),
-      signature: await openpgp.signature.readArmored(shaSig),
-      publicKeys: (await openpgp.key.readArmored(publicKeyArmored)).keys,
-    });
-    const {valid} = verified.signatures[0];
-    if (valid) {
-      core.info('==> SHASUM file signed by key id ' +
-          verified.signatures[0].keyid.toHex(),
-      );
-    } else {
-      setFailure('Codecov: Error validating SHASUM signature', true);
+    console.log(`${getBaseUrl(platform, version)}.SHA256SUM`);
+    const shasumRes = await request(
+        `${getBaseUrl(platform, version)}.SHA256SUM`,
+    );
+    const shasum = await shasumRes.body.text();
+    if (verbose) {
+      console.log(`Received SHA256SUM ${shasum}`);
     }
+    await fs.writeFileSync(
+        path.join(__dirname, `${uploaderName}.SHA256SUM`),
+        shasum,
+    );
 
-    // Verify uploader
-    const uploaderSha = crypto.createHash(`sha256`);
-    const stream = fs.createReadStream(filename);
-    await stream
-        .on('data', (data) => {
-          uploaderSha.update(data);
-        }).on('end', async () => {
-          const hash = `${uploaderSha.digest('hex')}  ${uploaderName}`;
-          if (hash !== shasum) {
-            setFailure(
-                'Codecov: Uploader shasum does not match ' +
-                  `uploader hash: ${hash}, public hash: ${shasum}`,
-                true,
-            );
-          } else {
-            core.info('==> Uploader SHASUM verified');
-          }
+    const shaSigRes = await request(
+        `${getBaseUrl(platform, version)}.SHA256SUM.sig`,
+    );
+    const shaSig = await shaSigRes.body.text();
+    if (verbose) {
+      console.log(`Received SHA256SUM signature ${shaSig}`);
+    }
+    await fs.writeFileSync(
+        path.join(__dirname, `${uploaderName}.SHA256SUM.sig`),
+        shaSig,
+    );
+
+    const validateSha = async () => {
+      const calculateHash = async (filename: string) => {
+        const stream = fs.createReadStream(filename);
+        const uploaderSha = crypto.createHash(`sha256`);
+        stream.pipe(uploaderSha);
+
+        return new Promise((resolve, reject) => {
+          stream.on('end', () => resolve(
+              `${uploaderSha.digest('hex')}  ${uploaderName}`,
+          ));
+          stream.on('error', reject);
         });
+      };
+
+      const hash = await calculateHash(
+          path.join(__dirname, `${uploaderName}`),
+      );
+      if (hash === shasum) {
+        core.info(`==> Uploader SHASUM verified (${hash})`);
+      } else {
+        setFailure(
+            'Codecov: Uploader shasum does not match -- ' +
+              `uploader hash: ${hash}, public hash: ${shasum}`,
+            failCi,
+        );
+      }
+    };
+
+    const verifySignature = () => {
+      gpg.call('', [
+        '--logger-fd',
+        '1',
+        '--verify',
+        path.join(__dirname, `${uploaderName}.SHA256SUM.sig`),
+        path.join(__dirname, `${uploaderName}.SHA256SUM`),
+      ], async (err, verifyResult) => {
+        if (err) {
+          setFailure('Codecov: Error importing pgp key', failCi);
+        }
+        core.info(verifyResult);
+        await validateSha();
+      });
+    };
+
+    // Import gpg key
+    gpg.call('', [
+      '--logger-fd',
+      '1',
+      '--no-default-keyring',
+      '--import',
+      path.join(__dirname, 'pgp_keys.asc'),
+    ], async (err, importResult) => {
+      if (err) {
+        setFailure('Codecov: Error importing pgp key', failCi);
+      }
+      core.info(importResult);
+      verifySignature();
+    });
   } catch (err) {
-    setFailure(`Codecov: Error validating uploader: ${err.message}`, true);
+    setFailure(`Codecov: Error validating uploader: ${err.message}`, failCi);
   }
 };
 export default verify;

src/version.ts

@@ -0,0 +1,20 @@
+import * as core from '@actions/core';
+import {request} from 'undici';
+
+const versionInfo = async (
+    platform: string,
+    version: string,
+): Promise<void> => {
+  core.info(`==> Running version ${version}`);
+
+  try {
+    const metadataRes = await request(`https://cli.codecov.io/${platform}/${version}`, {
+      headers: {'Accept': 'application/json'},
+    });
+    const metadata = await metadataRes.body.json();
+    core.info(`==> Running version ${metadata['version']}`);
+  } catch (err) {
+    core.info(`Could not pull latest version information: ${err}`);
+  }
+};
+export default versionInfo;

tsconfig.json

@@ -2,8 +2,9 @@
   "compilerOptions": {
     "esModuleInterop": true,
     "moduleResolution": "node",
-    "outDir": "./dist",
-    "rootDir": "./src",
+    "outDir": "dist/",
+    "resolveJsonModule": true,
+    "rootDir": ".",
     "sourceMap": true,
     "target": "es2015"
   },