chore(release): 5.0.4 (#1682)

* chore(deps): bump wrapper to 0.0.25

* chore(deps): bump to 0.0.26

.eslintrc.json

@@ -1,22 +0,0 @@
-{
-    "env": {
-        "browser": true,
-        "commonjs": true,
-        "es2021": true
-    },
-    "extends": [
-        "google",
-        "eslint:recommended",
-        "plugin:@typescript-eslint/recommended"
-    ],
-    "parser": "@typescript-eslint/parser",
-    "parserOptions": {
-        "ecmaVersion": 12
-    },
-    "plugins": [
-        "@typescript-eslint"
-    ],
-    "rules": {
-        "linebreak-style": 0
-    }
-}

.github/dependabot.yml

@@ -1,7 +1,12 @@
 version: 2
 updates:
 - package-ecosystem: npm
-  directory: "/"
+  directory: /
   schedule:
     interval: daily
   open-pull-requests-limit: 10
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 10

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,69 @@
+
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '24 6 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4.2.2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3.27.4
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3.27.4
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3.27.4

.github/workflows/enforce-license-compliance.yml

@@ -0,0 +1,14 @@
+name: Enforce License Compliance
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  enforce-license-compliance:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Enforce License Compliance'
+        uses: getsentry/action-enforce-license-compliance@57ba820387a1a9315a46115ee276b2968da51f3d # main
+        with:
+          fossa_api_key: ${{ secrets.FOSSA_API_KEY }}

.github/workflows/main.yml

@@ -1,27 +1,10 @@
+---
 name: Workflow for Codecov Action
 on: [push, pull_request]
+permissions:
+  id-token: write
+  contents: read
 jobs:
-  no-deps:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Upload coverage to Codecov (script)
-        uses: ./
-        with:
-          files: ./coverage/script/coverage-final.json
-          flags: script,${{ matrix.os }}
-          name: codecov-script
-      - name: Upload coverage to Codecov (demo)
-        uses: ./
-        with:
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
-          file: ./coverage/coverage-final.json
-          flags: demo,${{ matrix.os }}
-          name: codecov-demo
   run:
     runs-on: ${{ matrix.os }}
     strategy:
@@ -29,23 +12,124 @@ jobs:
         os: [macos-latest, windows-latest, ubuntu-latest]
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
+        with:
+          submodules: 'true'
       - name: Install dependencies
-        run: npm install
-      - name: Lint
-        run: npm run lint
+        run: pip install -r src/scripts/app/requirements.txt
       - name: Run tests and collect coverage
-        run: npm run test
+        run: pytest src/scripts/app/ --cov
+      - name: Upload coverage to Codecov (script)
+        uses: ./
+        with:
+          fail_ci_if_error: true
+          files: ./coverage/script/coverage-final.json
+          flags: script,${{ matrix.os }}
+          name: codecov-script
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (demo)
+        uses: ./
+        with:
+          fail_ci_if_error: true
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
+          flags: demo,${{ matrix.os }}
+          name: codecov-demo
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (version)
+        uses: ./
+        with:
+          fail_ci_if_error: true
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
+          flags: version,${{ matrix.os }}
+          name: codecov-version
+          version: v0.8.0
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  run-macos-latest-xlarge:
+    if: github.head.repo.full_name == 'codecov/codecov-action'
+    runs-on: macos-latest-xlarge
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.2.2
+        with:
+          submodules: 'true'
+      - name: Install dependencies
+        run: pip install -r src/scripts/app/requirements.txt
+      - name: Run tests and collect coverage
+        run: pytest src/scripts/app/ --cov
+      - name: Upload coverage to Codecov (script)
+        uses: ./
+        with:
+          fail_ci_if_error: true
+          files: ./coverage/script/coverage-final.json
+          flags: script,macos-latest-xlarge
+          name: codecov-script
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (demo)
+        uses: ./
+        with:
+          fail_ci_if_error: true
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
+          flags: demo,macos-latest-xlarge
+          name: codecov-demo
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (oidc)
+        uses: ./
+        with:
+          files: ./coverage/script/coverage-final.json
+          flags: script,${{ matrix.os }}
+          name: codecov-script
+          use_oidc: true
+          verbose: true
+      - name: Upload coverage to Codecov (version)
+        uses: ./
+        with:
+          fail_ci_if_error: true
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
+          flags: version,maxos-latest-xlarge
+          name: codecov-version
+          version: v0.8.0
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  run-container:
+    runs-on: ubuntu-latest
+    container: python:latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.2.2
+        with:
+          submodules: 'true'
+      - name: Install deps
+        run: |
+          apt-get install git
       - name: Upload coverage to Codecov (script)
         uses: ./
         with:
           files: ./coverage/script/coverage-final.json
           flags: script,${{ matrix.os }}
           name: codecov-script
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
       - name: Upload coverage to Codecov (demo)
         uses: ./
         with:
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
-          file: ./coverage/coverage-final.json
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
           flags: demo,${{ matrix.os }}
           name: codecov-demo
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (version)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
+          flags: version,${{ matrix.os }}
+          name: codecov-version
+          version: v0.8.0
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/scorecards-analysis.yml

@@ -0,0 +1,62 @@
+name: Scorecards supply-chain security
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    - cron: '43 20 * * 1'
+  push:
+    branches: [ main ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    if: github.repository == 'codecov/codecov-action'
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Used to receive a badge. (Upcoming feature)
+      id-token: write
+      actions: read
+      contents: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4.2.2 # v3.0.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@v3.27.4 # v1.0.26
+        with:
+          sarif_file: results.sarif

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "src/scripts"]
+	path = src/scripts
+	url = https://github.com/codecov/wrapper
+	branch = main

CHANGELOG.md

@@ -1,3 +1,845 @@
+## v5.0.4
+### What's Changed
+* chore(deps): bump wrapper to 0.0.26 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1681
+* fix: strip out a trailing \/n from input tokens by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1679
+* fix: add action version by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1678
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.0.3..v5.0.4
+
+## v5.0.3
+### What's Changed
+* fix: update OIDC audience by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1675
+* fix: use double-quotes for OIDC by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1669
+* fix: prevent always setting tokenless to be true by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1673
+* fix: update CHANGELOG and automate by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1674
+* fix: bump to v5 and update README by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1655
+* build(deps): bump github/codeql-action from 3.27.0 to 3.27.4 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1665
+* fix: typo in `inputs.disable_safe_directory` by @mkroening in https://github.com/codecov/codecov-action/pull/1666
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.0.2..v5.0.3
+
+## v5.0.2
+### What's Changed
+* fix: override commit and pr values for PR cases by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1657
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.0.1...v5.0.2
+
+## v5.0.1
+### What's Changed
+* fix: use marketplace v5 badge by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1646
+* fix: update tokenless branch logic by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1650
+* chore(release): 5.0.1 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1656
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.0.0...v5.0.1
+
+## v5.0.0
+### v5 Release
+`v5` of the Codecov GitHub Action will use the [Codecov Wrapper](https://github.com/codecov/wrapper) to encapsulate the [CLI](https://github.com/codecov/codecov-cli). This will help ensure that the Action gets updates quicker.
+
+### Migration Guide
+The `v5` release also coincides with the opt-out feature for tokens for public repositories. In the `Global Upload Token` section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see [how to upload without a token](https://docs.codecov.com/docs/codecov-tokens#uploading-without-a-token).
+
+> [!WARNING]
+> **The following arguments have been changed**
+> - `file` (this has been deprecated in favor of `files`)
+> - `plugin` (this has been deprecated in favor of `plugins`)
+
+The following arguments have been added:
+
+- `binary`
+- `gcov_args`
+- `gcov_executable`
+- `gcov_ignore`
+- `gcov_include`
+- `report_type`
+- `skip_validation`
+- `swift_project`
+
+You can see their usage in the `action.yml` [file](https://github.com/codecov/codecov-action/blob/main/action.yml).
+
+## What's Changed
+* chore(deps): bump to eslint9+ and remove eslint-config-google by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1591
+* build(deps-dev): bump @octokit/webhooks-types from 7.5.1 to 7.6.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1595
+* build(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1604
+* build(deps-dev): bump @typescript-eslint/parser from 8.8.0 to 8.8.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1601
+* build(deps): bump @actions/core from 1.11.0 to 1.11.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1597
+* build(deps): bump github/codeql-action from 3.26.9 to 3.26.11 by @dependabot in https://github.com/codecov/codecov-action/pull/1596
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.0 to 8.8.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1600
+* build(deps-dev): bump eslint from 9.11.1 to 9.12.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1598
+* build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in https://github.com/codecov/codecov-action/pull/1609
+* build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1608
+* build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1607
+* build(deps-dev): bump @typescript-eslint/parser from 8.8.1 to 8.9.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1612
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.1 to 8.9.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1611
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.9.0 to 8.10.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1615
+* build(deps-dev): bump eslint from 9.12.0 to 9.13.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1618
+* build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in https://github.com/codecov/codecov-action/pull/1617
+* build(deps-dev): bump @typescript-eslint/parser from 8.9.0 to 8.10.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1614
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.10.0 to 8.11.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1620
+* build(deps-dev): bump @typescript-eslint/parser from 8.10.0 to 8.11.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1619
+* build(deps-dev): bump @types/jest from 29.5.13 to 29.5.14 by @dependabot in https://github.com/codecov/codecov-action/pull/1622
+* build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1625
+* build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1624
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.11.0 to 8.12.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1626
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.12.1 to 8.12.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1629
+* build(deps-dev): bump @typescript-eslint/parser from 8.11.0 to 8.12.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1628
+* build(deps-dev): bump @typescript-eslint/parser from 8.12.2 to 8.13.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1635
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.12.2 to 8.13.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1634
+* feat: use wrapper by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1621
+* Update README.md by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1639
+* fix: add missing vars by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1638
+* fix: update container builds by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1640
+* fixL use the correct source by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1642
+* chore(deps): bump wrapper to 0.0.23 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1644
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.6.0...v5.0.0
+
+## v5.0.0-beta (Prerelease)
+### What's Changed
+* chore(deps): bump to eslint9+ and remove eslint-config-google by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1591
+* build(deps-dev): bump @octokit/webhooks-types from 7.5.1 to 7.6.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1595
+* build(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1604
+* build(deps-dev): bump @typescript-eslint/parser from 8.8.0 to 8.8.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1601
+* build(deps): bump @actions/core from 1.11.0 to 1.11.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1597
+* build(deps): bump github/codeql-action from 3.26.9 to 3.26.11 by @dependabot in https://github.com/codecov/codecov-action/pull/1596
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.0 to 8.8.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1600
+* build(deps-dev): bump eslint from 9.11.1 to 9.12.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1598
+* build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in https://github.com/codecov/codecov-action/pull/1609
+* build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1608
+* build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1607
+* build(deps-dev): bump @typescript-eslint/parser from 8.8.1 to 8.9.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1612
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.1 to 8.9.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1611
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.9.0 to 8.10.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1615
+* build(deps-dev): bump eslint from 9.12.0 to 9.13.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1618
+* build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in https://github.com/codecov/codecov-action/pull/1617
+* build(deps-dev): bump @typescript-eslint/parser from 8.9.0 to 8.10.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1614
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.10.0 to 8.11.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1620
+* build(deps-dev): bump @typescript-eslint/parser from 8.10.0 to 8.11.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1619
+* build(deps-dev): bump @types/jest from 29.5.13 to 29.5.14 by @dependabot in https://github.com/codecov/codecov-action/pull/1622
+* build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1625
+* build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1624
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.11.0 to 8.12.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1626
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.12.1 to 8.12.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1629
+* build(deps-dev): bump @typescript-eslint/parser from 8.11.0 to 8.12.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1628
+* build(deps-dev): bump @typescript-eslint/parser from 8.12.2 to 8.13.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1635
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.12.2 to 8.13.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1634
+* feat: use wrapper by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1621
+* Update README.md by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1639
+* fix: add missing vars by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1638
+* fix: update container builds by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1640
+* fixL use the correct source by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1642
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.6.0...v5.0.0-beta
+
+## v4.6.0
+### What's Changed
+* build(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by @dependabot in https://github.com/codecov/codecov-action/pull/1481
+* build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in https://github.com/codecov/codecov-action/pull/1480
+* build(deps-dev): bump ts-jest from 29.1.4 to 29.1.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1479
+* build(deps-dev): bump @typescript-eslint/parser from 7.13.0 to 7.13.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1485
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.13.0 to 7.13.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1484
+* build(deps-dev): bump typescript from 5.4.5 to 5.5.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1490
+* build(deps-dev): bump @typescript-eslint/parser from 7.13.1 to 7.14.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1493
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.13.1 to 7.14.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1492
+* build(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in https://github.com/codecov/codecov-action/pull/1496
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.14.1 to 7.15.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1501
+* build(deps-dev): bump typescript from 5.5.2 to 5.5.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1500
+* build(deps-dev): bump @typescript-eslint/parser from 7.14.1 to 7.15.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1499
+* build(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1502
+* build(deps-dev): bump ts-jest from 29.1.5 to 29.2.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1504
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.15.0 to 7.16.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1503
+* build(deps-dev): bump ts-jest from 29.2.0 to 29.2.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1507
+* build(deps-dev): bump @typescript-eslint/parser from 7.15.0 to 7.16.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1505
+* build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in https://github.com/codecov/codecov-action/pull/1509
+* chore(ci): restrict scorecards to codecov/codecov-action by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1512
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.16.0 to 7.16.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1514
+* build(deps-dev): bump @typescript-eslint/parser from 7.16.0 to 7.16.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1513
+* test: `versionInfo` by @marcobiedermann in https://github.com/codecov/codecov-action/pull/1407
+* build(deps-dev): bump ts-jest from 29.2.2 to 29.2.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1515
+* build(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by @dependabot in https://github.com/codecov/codecov-action/pull/1516
+* build(deps-dev): bump typescript from 5.5.3 to 5.5.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1521
+* build(deps-dev): bump @typescript-eslint/parser from 7.16.1 to 7.17.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1520
+* build(deps-dev): bump @typescript-eslint/parser from 7.17.0 to 7.18.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1528
+* build(deps): bump github/codeql-action from 3.25.13 to 3.25.15 by @dependabot in https://github.com/codecov/codecov-action/pull/1526
+* build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1525
+* build(deps-dev): bump ts-jest from 29.2.3 to 29.2.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1532
+* build(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1534
+* build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1542
+* build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by @dependabot in https://github.com/codecov/codecov-action/pull/1541
+* ref: Tidy up types and remove string coercion by @nicholas-codecov in https://github.com/codecov/codecov-action/pull/1536
+* build(deps-dev): bump @octokit/webhooks-types from 3.77.1 to 7.5.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1545
+* build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1551
+* feat: pass tokenless value as branch override by @joseph-sentry in https://github.com/codecov/codecov-action/pull/1511
+* build(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1563
+* Create makefile.yml by @Hawthorne001 in https://github.com/codecov/codecov-action/pull/1555
+* build(deps): bump github/codeql-action from 3.26.2 to 3.26.6 by @dependabot in https://github.com/codecov/codecov-action/pull/1562
+* build(deps-dev): bump ts-jest from 29.2.4 to 29.2.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1557
+* Spell `evenName` in the logs correctly by @webknjaz in https://github.com/codecov/codecov-action/pull/1560
+* build(deps-dev): bump typescript from 5.5.4 to 5.6.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1566
+* build(deps-dev): bump @types/jest from 29.5.12 to 29.5.13 by @dependabot in https://github.com/codecov/codecov-action/pull/1567
+* build(deps): bump github/codeql-action from 3.26.6 to 3.26.7 by @dependabot in https://github.com/codecov/codecov-action/pull/1569
+* build(deps-dev): bump eslint from 8.57.0 to 8.57.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1571
+* build(deps): bump github/codeql-action from 3.26.7 to 3.26.8 by @dependabot in https://github.com/codecov/codecov-action/pull/1575
+* build(deps-dev): bump @vercel/ncc from 0.38.1 to 0.38.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1577
+* chore: fix typo of OSS by @shoothzj in https://github.com/codecov/codecov-action/pull/1578
+* build(deps): bump github/codeql-action from 3.26.8 to 3.26.9 by @dependabot in https://github.com/codecov/codecov-action/pull/1584
+* build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1583
+* fix: bump eslint parser deps by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1586
+* chore(release):4.6.0 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1587
+
+## New Contributors
+* @nicholas-codecov made their first contribution in https://github.com/codecov/codecov-action/pull/1536
+* @Hawthorne001 made their first contribution in https://github.com/codecov/codecov-action/pull/1555
+* @webknjaz made their first contribution in https://github.com/codecov/codecov-action/pull/1560
+* @shoothzj made their first contribution in https://github.com/codecov/codecov-action/pull/1578
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.5.0...v4.6.0
+
+## v4.5.0
+### What's Changed
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.9.0 to 7.10.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1446
+* build(deps-dev): bump ts-jest from 29.1.2 to 29.1.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1443
+* build(deps-dev): bump @typescript-eslint/parser from 7.9.0 to 7.10.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1445
+* build(deps-dev): bump @typescript-eslint/parser from 7.10.0 to 7.11.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1459
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.10.0 to 7.11.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1458
+* build(deps): bump github/codeql-action from 3.25.5 to 3.25.6 by @dependabot in https://github.com/codecov/codecov-action/pull/1456
+* build(deps-dev): bump ts-jest from 29.1.3 to 29.1.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1460
+* build(deps): bump github/codeql-action from 3.25.6 to 3.25.7 by @dependabot in https://github.com/codecov/codecov-action/pull/1466
+* build(deps-dev): bump @typescript-eslint/parser from 7.11.0 to 7.12.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1467
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.11.0 to 7.12.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1468
+* build(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by @dependabot in https://github.com/codecov/codecov-action/pull/1472
+* fix: handle trailing commas by @joseph-sentry in https://github.com/codecov/codecov-action/pull/1470
+* build(deps-dev): bump @typescript-eslint/parser from 7.12.0 to 7.13.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1474
+* build(deps-dev): bump braces from 3.0.2 to 3.0.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1475
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.12.0 to 7.13.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1473
+* feat: add support for tokenless v3 by @joseph-sentry in https://github.com/codecov/codecov-action/pull/1410
+* Use an existing token even if the PR is from a fork by @leofeyer in https://github.com/codecov/codecov-action/pull/1471
+* chore(release): bump to 4.5.0 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1477
+
+## New Contributors
+* @joseph-sentry made their first contribution in https://github.com/codecov/codecov-action/pull/1470
+* @leofeyer made their first contribution in https://github.com/codecov/codecov-action/pull/1471
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.4.1...v4.5.0
+
+## v4.4.1
+### What's Changed
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.8.0 to 7.9.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1427
+* fix: prevent xlarge from running on forks by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1432
+* build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1439
+* build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in https://github.com/codecov/codecov-action/pull/1438
+* fix: isPullRequestFromFork returns false for any PR by @shahar-h in https://github.com/codecov/codecov-action/pull/1437
+* chore(release): 4.4.1 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1441
+
+## New Contributors
+* @shahar-h made their first contribution in https://github.com/codecov/codecov-action/pull/1437
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.4.0...v4.4.1
+
+## What's Changed
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.8.0 to 7.9.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1427
+* fix: prevent xlarge from running on forks by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1432
+* build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1439
+* build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in https://github.com/codecov/codecov-action/pull/1438
+* fix: isPullRequestFromFork returns false for any PR by @shahar-h in https://github.com/codecov/codecov-action/pull/1437
+* chore(release): 4.4.1 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1441
+
+## New Contributors
+* @shahar-h made their first contribution in https://github.com/codecov/codecov-action/pull/1437
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.4.0...v4.4.1
+
+## v4.4.0
+### What's Changed
+* chore: Clarify isPullRequestFromFork by @jsoref in https://github.com/codecov/codecov-action/pull/1411
+* build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1423
+* build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1421
+* build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1420
+* feat: remove GPG and run on spawn by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1426
+* build(deps-dev): bump @typescript-eslint/parser from 7.8.0 to 7.9.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1428
+* chore(release): 4.4.0 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1430
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.3.1...v4.4.0
+
+## v4.3.1
+### What's Changed
+* build(deps-dev): bump typescript from 5.4.4 to 5.4.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1370
+* fix: more verbose log message when failing to import pgp key by @ReenigneArcher in https://github.com/codecov/codecov-action/pull/1371
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.6.0 to 7.7.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1374
+* build(deps-dev): bump @typescript-eslint/parser from 7.6.0 to 7.7.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1375
+* build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1382
+* build(deps): bump github/codeql-action from 3.24.10 to 3.25.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1381
+* build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1380
+* build(deps-dev): bump @typescript-eslint/parser from 7.7.0 to 7.7.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1384
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.7.0 to 7.7.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1383
+* Update README.md to point to docs about tokenless by @rohan-at-sentry in https://github.com/codecov/codecov-action/pull/1395
+* build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1393
+* build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1392
+* build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1391
+* style: Node Packages by @marcobiedermann in https://github.com/codecov/codecov-action/pull/1394
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.7.1 to 7.8.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1402
+* build(deps-dev): bump @typescript-eslint/parser from 7.7.1 to 7.8.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1401
+* docs: Type Annotations by @marcobiedermann in https://github.com/codecov/codecov-action/pull/1397
+* docs: main branch by @marcobiedermann in https://github.com/codecov/codecov-action/pull/1396
+* fix: bypass token checks for forks and OIDC by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1404
+* chore(release): 4.3.1. by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1405
+
+## New Contributors
+* @ReenigneArcher made their first contribution in https://github.com/codecov/codecov-action/pull/1371
+* @rohan-at-sentry made their first contribution in https://github.com/codecov/codecov-action/pull/1395
+* @marcobiedermann made their first contribution in https://github.com/codecov/codecov-action/pull/1394
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.3.0...v4.3.1
+
+## v4.3.0
+### What's Changed
+* fix: automatically detect if using GitHub enterprise by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1356
+* build(deps-dev): bump typescript from 5.4.3 to 5.4.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1355
+* build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in https://github.com/codecov/codecov-action/pull/1360
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.5.0 to 7.6.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1364
+* build(deps-dev): bump @typescript-eslint/parser from 7.5.0 to 7.6.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1363
+* feat: add network params by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1365
+* build(deps): bump undici from 5.28.3 to 5.28.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1361
+* chore(release): v4.3.0 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1366
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.2.0...v4.3.0
+
+## v4.2.0
+### What's Changed
+* chore(deps): update deps by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1351
+* feat: allow for authentication via OIDC token by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1330
+* fix: use_oidc shoudl be required false by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1353
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.1.1...v4.2.0
+
+## v4.1.1
+### What's Changed
+* build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in https://github.com/codecov/codecov-action/pull/1315
+* build(deps-dev): bump typescript from 5.3.3 to 5.4.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1319
+* Removed mention of Mercurial by @drazisil-codecov in https://github.com/codecov/codecov-action/pull/1325
+* build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @dependabot in https://github.com/codecov/codecov-action/pull/1332
+* build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1331
+* fix: force version by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1329
+* build(deps-dev): bump typescript from 5.4.2 to 5.4.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1334
+* build(deps): bump undici from 5.28.2 to 5.28.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1338
+* build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 by @dependabot in https://github.com/codecov/codecov-action/pull/1341
+* fix: typo in disable_safe_directory by @mkroening in https://github.com/codecov/codecov-action/pull/1343
+* chore(release): 4.1.1 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1344
+
+## New Contributors
+* @mkroening made their first contribution in https://github.com/codecov/codecov-action/pull/1343
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.1.0...v4.1.1
+
+## v4.1.0
+### What's Changed
+* fix: set safe directory by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1304
+* build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1306
+* build(deps-dev): bump eslint from 8.56.0 to 8.57.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1305
+* chore(release): v4.1.0 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1307
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.0.2...v4.1.0
+
+## v4.0.2
+### What's Changed
+* Update README.md by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1251
+* build(deps-dev): bump @types/jest from 29.5.11 to 29.5.12 by @dependabot in https://github.com/codecov/codecov-action/pull/1257
+* build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1266
+* Escape pipes in table of arguments by @jwodder in https://github.com/codecov/codecov-action/pull/1265
+* Add link to docs on Dependabot secrets by @ianlewis in https://github.com/codecov/codecov-action/pull/1260
+* fix: working-directory input for all stages by @Bo98 in https://github.com/codecov/codecov-action/pull/1272
+* build(deps-dev): bump @typescript-eslint/parser from 6.20.0 to 6.21.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1271
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.20.0 to 6.21.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1269
+* build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1298
+* Use updated syntax for GitHub Markdown notes by @jamacku in https://github.com/codecov/codecov-action/pull/1300
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.21.0 to 7.0.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1290
+* build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1286
+* chore(release): bump to 4.0.2 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1302
+
+## New Contributors
+* @jwodder made their first contribution in https://github.com/codecov/codecov-action/pull/1265
+* @ianlewis made their first contribution in https://github.com/codecov/codecov-action/pull/1260
+* @Bo98 made their first contribution in https://github.com/codecov/codecov-action/pull/1272
+* @jamacku made their first contribution in https://github.com/codecov/codecov-action/pull/1300
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.0.1...v4.0.2
+
+## v4.0.1
+### What's Changed
+* Update README.md by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1243
+* Add all args by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1245
+* fix: show both token uses in readme by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1250
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.0.0...v4.0.1
+
+## v4.0.0
+#v4 of the Codecov Action uses the [CLI](https://docs.codecov.com/docs/the-codecov-cli) as the underlying upload. The CLI has helped to power new features including local upload, the global upload token, and new upcoming features.
+
+## Breaking Changes
+
+- The Codecov Action runs as a `node20` action due to `node16` deprecation. See [this post from GitHub](https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/) on how to migrate.
+- Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token). This [doc](https://docs.codecov.com/docs/adding-the-codecov-token#github-actions) shows instructions on how to add the Codecov token.
+- OS platforms have been added, though some may not be automatically detected. To see a list of platforms, see our [CLI download page](https://cli.codecov.io)
+- Various arguments to the Action have been changed. Please be aware that the arguments match with the CLI's needs
+
+`v3` versions and below will not have access to CLI features (e.g. global upload token, ATS).
+
+## What's Changed
+* build(deps): bump openpgp from 5.8.0 to 5.9.0 by @dependabot in https://github.com/codecov/codecov-action/pull/985
+* build(deps): bump actions/checkout from 3.0.0 to 3.5.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1000
+* build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1006
+* build(deps): bump tough-cookie from 4.0.0 to 4.1.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1013
+* build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1024
+* build(deps): bump node-fetch from 3.3.1 to 3.3.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1031
+* build(deps-dev): bump @types/node from 20.1.4 to 20.4.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1032
+* build(deps): bump github/codeql-action from 1.0.26 to 2.21.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1033
+* build commit,report and upload args based on codecovcli by @dana-yaish in https://github.com/codecov/codecov-action/pull/943
+* build(deps-dev): bump @types/node from 20.4.5 to 20.5.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1055
+* build(deps): bump github/codeql-action from 2.21.2 to 2.21.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1051
+* build(deps-dev): bump @types/node from 20.5.3 to 20.5.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1058
+* chore(deps): update outdated deps by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1059
+* build(deps-dev): bump @types/node from 20.5.4 to 20.5.6 by @dependabot in https://github.com/codecov/codecov-action/pull/1060
+* build(deps-dev): bump @typescript-eslint/parser from 6.4.1 to 6.5.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1065
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.4.1 to 6.5.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1064
+* build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1063
+* build(deps-dev): bump eslint from 8.47.0 to 8.48.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1061
+* build(deps-dev): bump @types/node from 20.5.6 to 20.5.7 by @dependabot in https://github.com/codecov/codecov-action/pull/1062
+* build(deps): bump openpgp from 5.9.0 to 5.10.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1066
+* build(deps-dev): bump @types/node from 20.5.7 to 20.5.9 by @dependabot in https://github.com/codecov/codecov-action/pull/1070
+* build(deps): bump github/codeql-action from 2.21.4 to 2.21.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1069
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.5.0 to 6.6.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1072
+* Update README.md by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1073
+* build(deps-dev): bump @typescript-eslint/parser from 6.5.0 to 6.6.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1071
+* build(deps-dev): bump @vercel/ncc from 0.36.1 to 0.38.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1074
+* build(deps): bump @actions/core from 1.10.0 to 1.10.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1081
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.6.0 to 6.7.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1080
+* build(deps): bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1078
+* build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1077
+* build(deps-dev): bump @types/node from 20.5.9 to 20.6.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1075
+* build(deps-dev): bump @typescript-eslint/parser from 6.6.0 to 6.7.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1079
+* build(deps-dev): bump eslint from 8.48.0 to 8.49.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1076
+* use cli instead of node uploader by @dana-yaish in https://github.com/codecov/codecov-action/pull/1068
+* chore(release): 4.0.0-beta.1 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1084
+* not adding -n if empty to do-upload command by @dana-yaish in https://github.com/codecov/codecov-action/pull/1085
+* 4.0.0-beta.2 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1086
+* build(deps-dev): bump jest from 29.6.4 to 29.7.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1082
+* build(deps-dev): bump @types/jest from 29.5.4 to 29.5.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1092
+* build(deps): bump github/codeql-action from 2.21.5 to 2.21.7 by @dependabot in https://github.com/codecov/codecov-action/pull/1094
+* build(deps-dev): bump @types/node from 20.6.0 to 20.6.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1093
+* build(deps): bump openpgp from 5.10.1 to 5.10.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1096
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.7.0 to 6.7.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1095
+* build(deps-dev): bump @types/node from 20.6.2 to 20.6.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1098
+* build(deps-dev): bump @typescript-eslint/parser from 6.7.0 to 6.7.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1097
+* feat: add plugins by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1099
+* build(deps-dev): bump eslint from 8.49.0 to 8.50.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1104
+* build(deps): bump github/codeql-action from 2.21.7 to 2.21.8 by @dependabot in https://github.com/codecov/codecov-action/pull/1102
+* build(deps): bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1101
+* build(deps-dev): bump @typescript-eslint/parser from 6.7.2 to 6.7.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1108
+* build(deps-dev): bump @types/node from 20.6.3 to 20.7.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1107
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.7.2 to 6.7.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1106
+* build(deps-dev): bump @types/node from 20.7.0 to 20.7.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1111
+* build(deps): bump github/codeql-action from 2.21.8 to 2.21.9 by @dependabot in https://github.com/codecov/codecov-action/pull/1113
+* build(deps-dev): bump @types/node from 20.7.1 to 20.8.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1112
+* build(deps-dev): bump @types/node from 20.8.0 to 20.8.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1114
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.7.3 to 6.7.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1115
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.7.4 to 6.7.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1123
+* build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1120
+* build(deps): bump github/codeql-action from 2.21.9 to 2.22.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1119
+* build(deps-dev): bump @typescript-eslint/parser from 6.7.3 to 6.7.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1122
+* build(deps-dev): bump @types/node from 20.8.2 to 20.8.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1121
+* build(deps-dev): bump eslint from 8.50.0 to 8.51.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1117
+* build(deps): bump @actions/github from 5.1.1 to 6.0.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1124
+* build(deps): bump github/codeql-action from 2.22.0 to 2.22.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1127
+* build(deps-dev): bump @types/node from 20.8.4 to 20.8.6 by @dependabot in https://github.com/codecov/codecov-action/pull/1126
+* build(deps-dev): bump @babel/traverse from 7.22.11 to 7.23.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1129
+* build(deps): bump undici from 5.25.4 to 5.26.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1128
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.7.5 to 6.8.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1130
+* build(deps-dev): bump @typescript-eslint/parser from 6.7.5 to 6.8.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1131
+* build(deps-dev): bump @types/node from 20.8.6 to 20.8.7 by @dependabot in https://github.com/codecov/codecov-action/pull/1135
+* build(deps-dev): bump @vercel/ncc from 0.38.0 to 0.38.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1136
+* build(deps-dev): bump @types/jest from 29.5.5 to 29.5.6 by @dependabot in https://github.com/codecov/codecov-action/pull/1137
+* build(deps): bump github/codeql-action from 2.22.3 to 2.22.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1142
+* build(deps): bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1141
+* build(deps-dev): bump eslint from 8.51.0 to 8.52.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1140
+* build(deps-dev): bump @typescript-eslint/parser from 6.8.0 to 6.9.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1147
+* build(deps-dev): bump @types/node from 20.8.7 to 20.8.8 by @dependabot in https://github.com/codecov/codecov-action/pull/1146
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.8.0 to 6.9.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1145
+* chore(deps): move from node-fetch to undici by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1148
+* build(deps): bump openpgp from 5.10.2 to 5.11.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1149
+* build(deps-dev): bump @typescript-eslint/parser from 6.9.0 to 6.9.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1155
+* build(deps): bump github/codeql-action from 2.22.4 to 2.22.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1152
+* build(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1151
+* build(deps): bump undici from 5.26.5 to 5.27.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1150
+* build(deps-dev): bump @types/jest from 29.5.6 to 29.5.7 by @dependabot in https://github.com/codecov/codecov-action/pull/1153
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.9.0 to 6.9.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1154
+* build(deps): bump undici from 5.27.0 to 5.27.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1157
+* build(deps-dev): bump eslint from 8.52.0 to 8.53.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1156
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.9.1 to 6.10.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1159
+* build(deps-dev): bump @typescript-eslint/parser from 6.9.1 to 6.10.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1158
+* build(deps-dev): bump @types/jest from 29.5.7 to 29.5.8 by @dependabot in https://github.com/codecov/codecov-action/pull/1161
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.10.0 to 6.11.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1164
+* build(deps-dev): bump @typescript-eslint/parser from 6.10.0 to 6.11.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1163
+* build(deps): bump github/codeql-action from 2.22.5 to 2.22.7 by @dependabot in https://github.com/codecov/codecov-action/pull/1167
+* build(deps-dev): bump eslint from 8.53.0 to 8.54.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1166
+* build(deps-dev): bump @types/jest from 29.5.8 to 29.5.9 by @dependabot in https://github.com/codecov/codecov-action/pull/1172
+* build(deps-dev): bump typescript from 5.2.2 to 5.3.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1171
+* build(deps-dev): bump @typescript-eslint/parser from 6.11.0 to 6.12.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1170
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.11.0 to 6.12.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1169
+* build(deps): bump github/codeql-action from 2.22.7 to 2.22.8 by @dependabot in https://github.com/codecov/codecov-action/pull/1175
+* build(deps): bump undici from 5.27.2 to 5.28.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1174
+* build(deps-dev): bump @types/jest from 29.5.9 to 29.5.10 by @dependabot in https://github.com/codecov/codecov-action/pull/1173
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.12.0 to 6.13.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1178
+* build(deps-dev): bump @typescript-eslint/parser from 6.12.0 to 6.13.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1180
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.13.0 to 6.13.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1181
+* build(deps): bump undici from 5.28.0 to 5.28.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1179
+* build(deps-dev): bump eslint from 8.54.0 to 8.55.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1183
+* build(deps): bump undici from 5.28.1 to 5.28.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1182
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.13.1 to 6.13.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1185
+* build(deps-dev): bump @typescript-eslint/parser from 6.13.1 to 6.13.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1184
+* build(deps-dev): bump @types/jest from 29.5.10 to 29.5.11 by @dependabot in https://github.com/codecov/codecov-action/pull/1187
+* build(deps): bump undici from 5.28.2 to 6.0.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1186
+* build(deps-dev): bump typescript from 5.3.2 to 5.3.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1189
+* build(deps): bump undici from 6.0.0 to 6.0.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1188
+* build(deps): bump github/codeql-action from 2.22.8 to 2.22.9 by @dependabot in https://github.com/codecov/codecov-action/pull/1191
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.13.2 to 6.14.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1193
+* build(deps-dev): bump @typescript-eslint/parser from 6.13.2 to 6.14.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1192
+* build(deps-dev): bump eslint from 8.55.0 to 8.56.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1194
+* build(deps): bump github/codeql-action from 2.22.9 to 3.22.11 by @dependabot in https://github.com/codecov/codecov-action/pull/1195
+* build(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1196
+* build(deps-dev): bump @typescript-eslint/parser from 6.14.0 to 6.15.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1198
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.14.0 to 6.15.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1197
+* build(deps): bump undici from 6.0.1 to 6.2.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1199
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.15.0 to 6.17.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1206
+* build(deps-dev): bump @typescript-eslint/parser from 6.15.0 to 6.17.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1205
+* build(deps): bump undici from 6.2.0 to 6.2.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1201
+* build(deps): bump github/codeql-action from 3.22.11 to 3.22.12 by @dependabot in https://github.com/codecov/codecov-action/pull/1200
+* build(deps-dev): bump @typescript-eslint/parser from 6.17.0 to 6.18.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1208
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.17.0 to 6.18.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1207
+* build(deps): bump undici from 6.2.1 to 6.3.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1211
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.18.0 to 6.18.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1210
+* build(deps-dev): bump @typescript-eslint/parser from 6.18.0 to 6.18.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1209
+* build(deps-dev): bump @typescript-eslint/parser from 6.18.1 to 6.19.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1215
+* build(deps): bump github/codeql-action from 3.22.12 to 3.23.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1213
+* build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1212
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.18.1 to 6.19.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1214
+* fix: downgrade undici as it has a breaking change by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1219
+* fix: remove openpgp dep due to licensing and use gpg by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1218
+* chore(ci): add fossa workflow by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1216
+* build(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1222
+* build(deps): bump github/codeql-action from 3.23.0 to 3.23.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1221
+* build(deps-dev): bump @typescript-eslint/parser from 6.19.0 to 6.19.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1225
+* build(deps-dev): bump ts-jest from 29.1.1 to 29.1.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1224
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.19.0 to 6.19.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1223
+* build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1232
+* build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1231
+* build(deps-dev): bump @typescript-eslint/parser from 6.19.1 to 6.20.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1235
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.19.1 to 6.20.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1234
+* chore(ci): bump to node20 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1236
+* Update README.md by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1237
+* Update package.json by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1238
+* fix: allow for other archs by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1239
+* fix: update action.yml by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1240
+
+## New Contributors
+* @dana-yaish made their first contribution in https://github.com/codecov/codecov-action/pull/943
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v3.1.6...v4.0.0
+
+## v3.1.6
+#**Full Changelog**: https://github.com/codecov/codecov-action/compare/v3.1.5...v3.1.6
+
+## v3.1.5
+### What's Changed
+* action.yml: Update to Node.js 20 by @hallabro in https://github.com/codecov/codecov-action/pull/1228
+
+## New Contributors
+* @hallabro made their first contribution in https://github.com/codecov/codecov-action/pull/1228
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v3.1.4...v3.1.5
+
+## v4.0.0-beta.3 (Prerelease)
+### What's Changed
+* build(deps-dev): bump jest from 29.6.4 to 29.7.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1082
+* build(deps-dev): bump @types/jest from 29.5.4 to 29.5.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1092
+* build(deps): bump github/codeql-action from 2.21.5 to 2.21.7 by @dependabot in https://github.com/codecov/codecov-action/pull/1094
+* build(deps-dev): bump @types/node from 20.6.0 to 20.6.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1093
+* build(deps): bump openpgp from 5.10.1 to 5.10.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1096
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.7.0 to 6.7.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1095
+* build(deps-dev): bump @types/node from 20.6.2 to 20.6.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1098
+* build(deps-dev): bump @typescript-eslint/parser from 6.7.0 to 6.7.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1097
+* feat: add plugins by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1099
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.0.0-beta.2...v4.0.0-beta.3
+
+## v4.0.0-beta.2 (Prerelease)
+### What's Changed
+* not adding -n if empty to do-upload command by @dana-yaish in https://github.com/codecov/codecov-action/pull/1085
+* 4.0.0-beta.2 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1086
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v4.0.0-beta.1...v4.0.0-beta.2
+
+## 4.0.0-beta.1 (Prerelease)
+#`v4` represents a move from the [universal uploader](https://github.com/codecov/uploader) to the [Codecov CLI](https://github.com/codecov/codecov-cli). Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.
+
+## Breaking Changes
+- No current support for `aarch64` and `alpine` architectures.
+- Tokenless uploading is unsuported
+- Various arguments to the Action have been removed
+
+## What's Changed
+* build(deps): bump openpgp from 5.8.0 to 5.9.0 by @dependabot in https://github.com/codecov/codecov-action/pull/985
+* build(deps): bump actions/checkout from 3.0.0 to 3.5.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1000
+* build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1006
+* build(deps): bump tough-cookie from 4.0.0 to 4.1.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1013
+* build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1024
+* build(deps): bump node-fetch from 3.3.1 to 3.3.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1031
+* build(deps-dev): bump @types/node from 20.1.4 to 20.4.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1032
+* build(deps): bump github/codeql-action from 1.0.26 to 2.21.2 by @dependabot in https://github.com/codecov/codecov-action/pull/1033
+* build commit,report and upload args based on codecovcli by @dana-yaish in https://github.com/codecov/codecov-action/pull/943
+* build(deps-dev): bump @types/node from 20.4.5 to 20.5.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1055
+* build(deps): bump github/codeql-action from 2.21.2 to 2.21.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1051
+* build(deps-dev): bump @types/node from 20.5.3 to 20.5.4 by @dependabot in https://github.com/codecov/codecov-action/pull/1058
+* chore(deps): update outdated deps by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1059
+* build(deps-dev): bump @types/node from 20.5.4 to 20.5.6 by @dependabot in https://github.com/codecov/codecov-action/pull/1060
+* build(deps-dev): bump @typescript-eslint/parser from 6.4.1 to 6.5.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1065
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.4.1 to 6.5.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1064
+* build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1063
+* build(deps-dev): bump eslint from 8.47.0 to 8.48.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1061
+* build(deps-dev): bump @types/node from 20.5.6 to 20.5.7 by @dependabot in https://github.com/codecov/codecov-action/pull/1062
+* build(deps): bump openpgp from 5.9.0 to 5.10.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1066
+* build(deps-dev): bump @types/node from 20.5.7 to 20.5.9 by @dependabot in https://github.com/codecov/codecov-action/pull/1070
+* build(deps): bump github/codeql-action from 2.21.4 to 2.21.5 by @dependabot in https://github.com/codecov/codecov-action/pull/1069
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.5.0 to 6.6.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1072
+* Update README.md by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1073
+* build(deps-dev): bump @typescript-eslint/parser from 6.5.0 to 6.6.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1071
+* build(deps-dev): bump @vercel/ncc from 0.36.1 to 0.38.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1074
+* build(deps): bump @actions/core from 1.10.0 to 1.10.1 by @dependabot in https://github.com/codecov/codecov-action/pull/1081
+* build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.6.0 to 6.7.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1080
+* build(deps): bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1078
+* build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in https://github.com/codecov/codecov-action/pull/1077
+* build(deps-dev): bump @types/node from 20.5.9 to 20.6.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1075
+* build(deps-dev): bump @typescript-eslint/parser from 6.6.0 to 6.7.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1079
+* build(deps-dev): bump eslint from 8.48.0 to 8.49.0 by @dependabot in https://github.com/codecov/codecov-action/pull/1076
+* use cli instead of node uploader by @dana-yaish in https://github.com/codecov/codecov-action/pull/1068
+* chore(release): 4.0.0-beta.1 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1084
+
+## New Contributors
+* @dana-yaish made their first contribution in https://github.com/codecov/codecov-action/pull/943
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v3.1.4...v4.0.0-beta.1
+
+## 3.1.4
+### What's Changed
+* build(deps-dev): bump @types/node from 18.15.12 to 18.16.3 by @dependabot in https://github.com/codecov/codecov-action/pull/970
+* Fix typo in README.md by @hisaac in https://github.com/codecov/codecov-action/pull/967
+* fix: add back in working dir by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/971
+* fix: CLI option names for uploader by @kleisauke in https://github.com/codecov/codecov-action/pull/969
+* build(deps-dev): bump @types/node from 18.16.3 to 20.1.0 by @dependabot in https://github.com/codecov/codecov-action/pull/975
+* build(deps-dev): bump @types/node from 20.1.0 to 20.1.2 by @dependabot in https://github.com/codecov/codecov-action/pull/979
+* build(deps-dev): bump @types/node from 20.1.2 to 20.1.4 by @dependabot in https://github.com/codecov/codecov-action/pull/981
+* release: 3.1.4 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/983
+
+## New Contributors
+* @hisaac made their first contribution in https://github.com/codecov/codecov-action/pull/967
+* @kleisauke made their first contribution in https://github.com/codecov/codecov-action/pull/969
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v3.1.3...v3.1.4
+
+## 3.1.3
+### What's Changed
+* build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0 by @dependabot in https://github.com/codecov/codecov-action/pull/957
+* build(deps): bump openpgp from 5.7.0 to 5.8.0 by @dependabot in https://github.com/codecov/codecov-action/pull/958
+* build(deps-dev): bump @types/node from 18.15.10 to 18.15.12 by @dependabot in https://github.com/codecov/codecov-action/pull/959
+* fix: allow for aarch64 build by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/960
+* chore(release): bump to 3.1.3 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/961
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v3.1.2...v3.1.3
+
+## 3.1.2
+### What's Changed
+* build(deps): bump node-fetch from 3.2.4 to 3.2.10 by @dependabot in https://github.com/codecov/codecov-action/pull/835
+* build(deps-dev): bump @types/node from 16.11.40 to 18.13.0 by @dependabot in https://github.com/codecov/codecov-action/pull/911
+* build(deps-dev): bump @vercel/ncc from 0.34.0 to 0.36.1 by @dependabot in https://github.com/codecov/codecov-action/pull/900
+* build(deps-dev): bump typescript from 4.7.4 to 4.9.5 by @dependabot in https://github.com/codecov/codecov-action/pull/905
+* Update README.md by @stefanomunarini in https://github.com/codecov/codecov-action/pull/718
+* build(deps): bump openpgp from 5.4.0 to 5.5.0 by @dependabot in https://github.com/codecov/codecov-action/pull/819
+* build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4 by @dependabot in https://github.com/codecov/codecov-action/pull/840
+* build(deps): bump @actions/core from 1.9.1 to 1.10.0 by @dependabot in https://github.com/codecov/codecov-action/pull/841
+* build(deps): bump @actions/github from 5.0.3 to 5.1.1 by @dependabot in https://github.com/codecov/codecov-action/pull/843
+* build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in https://github.com/codecov/codecov-action/pull/896
+* build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0 by @dependabot in https://github.com/codecov/codecov-action/pull/872
+* build(deps): bump node-fetch from 3.2.10 to 3.3.0 by @dependabot in https://github.com/codecov/codecov-action/pull/869
+* build(deps): bump decode-uri-component from 0.2.0 to 0.2.2 by @dependabot in https://github.com/codecov/codecov-action/pull/879
+* build(deps): bump json5 from 2.2.1 to 2.2.3 by @dependabot in https://github.com/codecov/codecov-action/pull/895
+* codeql-analysis.yml by @minumulasri in https://github.com/codecov/codecov-action/pull/898
+* build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2 by @dependabot in https://github.com/codecov/codecov-action/pull/889
+* build(deps-dev): bump @types/node from 18.13.0 to 18.14.0 by @dependabot in https://github.com/codecov/codecov-action/pull/922
+* build(deps): bump openpgp from 5.5.0 to 5.7.0 by @dependabot in https://github.com/codecov/codecov-action/pull/924
+* build(deps-dev): bump @types/node from 18.14.0 to 18.14.2 by @dependabot in https://github.com/codecov/codecov-action/pull/927
+* Remove unsupported path_to_write_report argument by @jsoref in https://github.com/codecov/codecov-action/pull/851
+* Update README to contain correct information - inputs and negate feature by @moshe-azaria-sage in https://github.com/codecov/codecov-action/pull/901
+* build(deps-dev): bump @types/node from 18.14.2 to 18.14.6 by @dependabot in https://github.com/codecov/codecov-action/pull/933
+* build(deps-dev): bump @types/node from 18.14.6 to 18.15.0 by @dependabot in https://github.com/codecov/codecov-action/pull/937
+* build(deps-dev): bump @types/node from 18.15.0 to 18.15.5 by @dependabot in https://github.com/codecov/codecov-action/pull/945
+* build(deps): bump node-fetch from 3.3.0 to 3.3.1 by @dependabot in https://github.com/codecov/codecov-action/pull/938
+* build(deps-dev): bump @types/node from 18.15.5 to 18.15.6 by @dependabot in https://github.com/codecov/codecov-action/pull/946
+* build(deps-dev): bump @types/node from 18.15.6 to 18.15.10 by @dependabot in https://github.com/codecov/codecov-action/pull/947
+* build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in https://github.com/codecov/codecov-action/pull/951
+* fix: add in all the extra arguments for uploader by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/955
+* chore(release): bump to 3.1.2 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/956
+
+## New Contributors
+* @stefanomunarini made their first contribution in https://github.com/codecov/codecov-action/pull/718
+* @minumulasri made their first contribution in https://github.com/codecov/codecov-action/pull/898
+* @jsoref made their first contribution in https://github.com/codecov/codecov-action/pull/851
+* @moshe-azaria-sage made their first contribution in https://github.com/codecov/codecov-action/pull/901
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v3.1.1...v3.1.2
+
+## 3.1.1
+### What's Changed
+* Update deprecation warning by @slifty in https://github.com/codecov/codecov-action/pull/661
+* Create codeql-analysis.yml by @mitchell-codecov in https://github.com/codecov/codecov-action/pull/593
+* build(deps): bump node-fetch from 3.2.3 to 3.2.4 by @dependabot in https://github.com/codecov/codecov-action/pull/714
+* build(deps-dev): bump typescript from 4.6.3 to 4.6.4 by @dependabot in https://github.com/codecov/codecov-action/pull/713
+* README: fix typo by @Evalir in https://github.com/codecov/codecov-action/pull/712
+* build(deps): bump github/codeql-action from 1 to 2 by @dependabot in https://github.com/codecov/codecov-action/pull/724
+* build(deps-dev): bump @types/jest from 27.4.1 to 27.5.0 by @dependabot in https://github.com/codecov/codecov-action/pull/717
+* fix: Remove a blank row by @johnmanjiro13 in https://github.com/codecov/codecov-action/pull/725
+* Update README.md with correct badge version by @gsheni in https://github.com/codecov/codecov-action/pull/726
+* build(deps-dev): bump @types/node from 17.0.25 to 17.0.33 by @dependabot in https://github.com/codecov/codecov-action/pull/729
+* build(deps-dev): downgrade @types/node to 16.11.35 by @dependabot in https://github.com/codecov/codecov-action/pull/734
+* build(deps): bump actions/checkout from 2 to 3 by @dependabot in https://github.com/codecov/codecov-action/pull/723
+* build(deps): bump @actions/github from 5.0.1 to 5.0.3 by @dependabot in https://github.com/codecov/codecov-action/pull/733
+* build(deps): bump @actions/core from 1.6.0 to 1.8.2 by @dependabot in https://github.com/codecov/codecov-action/pull/732
+* build(deps-dev): bump @types/node from 16.11.35 to 16.11.36 by @dependabot in https://github.com/codecov/codecov-action/pull/737
+* Create scorecards-analysis.yml by @mitchell-codecov in https://github.com/codecov/codecov-action/pull/633
+* build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0 by @dependabot in https://github.com/codecov/codecov-action/pull/749
+* fix: add more verbosity to validation by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/747
+* build(deps-dev): bump typescript from 4.6.4 to 4.7.3 by @dependabot in https://github.com/codecov/codecov-action/pull/755
+* Regenerate scorecards-analysis.yml by @mitchell-codecov in https://github.com/codecov/codecov-action/pull/750
+* build(deps-dev): bump @types/node from 16.11.36 to 16.11.39 by @dependabot in https://github.com/codecov/codecov-action/pull/759
+* build(deps-dev): bump @types/node from 16.11.39 to 16.11.40 by @dependabot in https://github.com/codecov/codecov-action/pull/762
+* build(deps-dev): bump @vercel/ncc from 0.33.4 to 0.34.0 by @dependabot in https://github.com/codecov/codecov-action/pull/746
+* build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1 by @dependabot in https://github.com/codecov/codecov-action/pull/757
+* build(deps): bump openpgp from 5.2.1 to 5.3.0 by @dependabot in https://github.com/codecov/codecov-action/pull/760
+* build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0 by @dependabot in https://github.com/codecov/codecov-action/pull/748
+* build(deps-dev): bump typescript from 4.7.3 to 4.7.4 by @dependabot in https://github.com/codecov/codecov-action/pull/766
+* Switch to v3 by @thomasrockhu in https://github.com/codecov/codecov-action/pull/774
+* Fix `network` entry in table by @kevmoo in https://github.com/codecov/codecov-action/pull/783
+* Trim arguments after splitting them by @mitchell-codecov in https://github.com/codecov/codecov-action/pull/791
+* build(deps): bump openpgp from 5.3.0 to 5.4.0 by @dependabot in https://github.com/codecov/codecov-action/pull/799
+* build(deps): bump @actions/core from 1.8.2 to 1.9.1 by @dependabot in https://github.com/codecov/codecov-action/pull/798
+* Plumb failCi into verification function. by @RobbieMcKinstry in https://github.com/codecov/codecov-action/pull/769
+* release: update changelog and version to 3.1.1 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/828
+
+## New Contributors
+* @slifty made their first contribution in https://github.com/codecov/codecov-action/pull/661
+* @Evalir made their first contribution in https://github.com/codecov/codecov-action/pull/712
+* @johnmanjiro13 made their first contribution in https://github.com/codecov/codecov-action/pull/725
+* @gsheni made their first contribution in https://github.com/codecov/codecov-action/pull/726
+* @kevmoo made their first contribution in https://github.com/codecov/codecov-action/pull/783
+* @RobbieMcKinstry made their first contribution in https://github.com/codecov/codecov-action/pull/769
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1
+
+## v3.1.0
+### 3.1.0
+### Features
+- #699 Incorporate `xcode` arguments for the Codecov uploader
+
+### Dependencies
+- #694 build(deps-dev): bump @vercel/ncc from 0.33.3 to 0.33.4
+- #696 build(deps-dev): bump @types/node from 17.0.23 to 17.0.25
+- #698 build(deps-dev): bump jest-junit from 13.0.0 to 13.2.0
+
+## v3.0.0
+#### Breaking Changes
+- #689 Bump to node16 and small fixes
+
+### Features
+- #688 Incorporate `gcov` arguments for the Codecov uploader
+
+### Dependencies
+- #548 build(deps-dev): bump jest-junit from 12.2.0 to 13.0.0
+- #603 [Snyk] Upgrade @actions/core from 1.5.0 to 1.6.0
+- #628 build(deps): bump node-fetch from 2.6.1 to 3.1.1
+- #634 build(deps): bump node-fetch from 3.1.1 to 3.2.0
+- #636 build(deps): bump openpgp from 5.0.1 to 5.1.0
+- #652 build(deps-dev): bump @vercel/ncc from 0.30.0 to 0.33.3
+- #653 build(deps-dev): bump @types/node from 16.11.21 to 17.0.18
+- #659 build(deps-dev): bump @types/jest from 27.4.0 to 27.4.1
+- #667 build(deps): bump actions/checkout from 2 to 3
+- #673 build(deps): bump node-fetch from 3.2.0 to 3.2.3
+- #683 build(deps): bump minimist from 1.2.5 to 1.2.6
+- #685 build(deps): bump @actions/github from 5.0.0 to 5.0.1
+- #681 build(deps-dev): bump @types/node from 17.0.18 to 17.0.23
+- #682 build(deps-dev): bump typescript from 4.5.5 to 4.6.3
+- #676 build(deps): bump @actions/exec from 1.1.0 to 1.1.1
+- #675 build(deps): bump openpgp from 5.1.0 to 5.2.1
+
+## v2.1.0
+### 2.1.0
+### Features
+- #515 Allow specifying version of Codecov uploader
+
+### Dependencies
+- #499 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.30.0
+- #508 build(deps): bump openpgp from 5.0.0-5 to 5.0.0
+- #514 build(deps-dev): bump @types/node from 16.6.0 to 16.9.0
+
+## v2.0.3
+### 2.0.3
+### Fixes
+- #464 Fix wrong link in the readme
+- #485 fix: Add override OS and linux default to platform
+
+### Dependencies
+- #447 build(deps): bump openpgp from 5.0.0-4 to 5.0.0-5
+- #458 build(deps-dev): bump eslint from 7.31.0 to 7.32.0
+- #465 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.28.4 to 4.29.1
+- #466 build(deps-dev): bump @typescript-eslint/parser from 4.28.4 to 4.29.1
+- #468 build(deps-dev): bump @types/jest from 26.0.24 to 27.0.0
+- #470 build(deps-dev): bump @types/node from 16.4.0 to 16.6.0
+- #472 build(deps): bump path-parse from 1.0.6 to 1.0.7
+- #473 build(deps-dev): bump @types/jest from 27.0.0 to 27.0.1
+- #478 build(deps-dev): bump @typescript-eslint/parser from 4.29.1 to 4.29.2
+- #479 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.29.1 to 4.29.2
+- #481 build(deps-dev): bump @types/node from 16.6.0 to 16.6.2
+- #483 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.29.2
+- #484 build(deps): bump @actions/core from 1.4.0 to 1.5.0
+
+## v2.0.2
+#### Fixes
+- Underlying uploader fixes issues with tokens not being sent properly for users seeing
+`Error!: Error: Error uploading to https://codecov.io: Error: Error uploading to Codecov: Error: Not Found`
+- #432 fix: use import to destructure package.json
+- #434 fix: openpgp and asn1.js
+- #440 2.0.2 token fixes
+
+### Dependencies
+- #420 Bump eslint from 7.30.0 to 7.31.0
+- #433 build(deps-dev): bump @types/node from 16.3.3 to 16.4.0
+- #425 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.28.3 to 4.28.4
+- #426 build(deps-dev): bump @typescript-eslint/parser from 4.28.3 to 4.28.4
+- #438 Set up Dependabot for github-actions dependencies
+
+
+
 ## 2.0.1
 ### Fixes
 - #424 fix: Issue in building all deep dependencies
@@ -115,4 +957,4 @@ for the full list.
 ### Dependencies and Misc
 - #166 Bump requestretry from 4.1.1 to 4.1.2
 - #169 Bump typescript from 4.0.5 to 4.1.2
-- #178 Bump @types/jest from 26.0.15 to 26.0.19
+- #178 Bump @types/jest from 26.0.15 to 26.0.19

Makefile

@@ -1,7 +1,7 @@
 deploy:
-	$(eval VERSION := $(shell cat package.json | grep '"version": ' | cut -d\" -f4))
-	git tag -d v2
-	git push origin :v2
-	git tag v2
-	git tag v$(VERSION) -m ""
+	$(eval VERSION := $(shell cat src/version | grep 'CODECOV_ACTION_VERSION=' | cut -d\" -f2))
+	git tag -d v5
+	git push origin :v5
+	git tag v5
+	git tag v$(VERSION) -s -m ""
 	git push origin --tags

README.md

@@ -1,79 +1,155 @@
 # Codecov GitHub Action
 
-[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v1-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
+[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v5-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action?ref=badge_shield)
 [![Workflow for Codecov Action](https://github.com/codecov/codecov-action/actions/workflows/main.yml/badge.svg)](https://github.com/codecov/codecov-action/actions/workflows/main.yml)
 ### Easily upload coverage reports to Codecov from GitHub Actions
 
->The latest release of this Action adds support for tokenless uploads from GitHub Actions!
+## v5 Release
+`v5` of the Codecov GitHub Action will use the [Codecov Wrapper](https://github.com/codecov/wrapper) to encapsulate the [CLI](https://github.com/codecov/codecov-cli). This will help ensure that the Action gets updates quicker.
 
-## ⚠️  Deprecration of v1
-**On February 1, 2022, this version will be fully sunset and no longer function**
+### Migration Guide
+The `v5` release also coincides with the opt-out feature for tokens for public repositories. In the `Global Upload Token` section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see [how to upload without a token](https://docs.codecov.com/docs/codecov-tokens#uploading-without-a-token).
 
-Due to the [deprecation](https://about.codecov.io/blog/introducting-codecovs-new-uploader/) of the underlying bash uploader,
-the Codecov GitHub Action has released `v2` which will use the new [uploader](https://github.com/codecov/uploader). You can learn
-more about our deprecation plan and the new uploader on our [blog](https://about.codecov.io/blog/introducing-codecovs-new-uploader/).
+> [!WARNING]
+> **The following arguments have been changed**
+> - `file` (this has been deprecated in favor of `files`)
+> - `plugin` (this has been deprecated in favor of `plugins`)
 
-We will be restricting any updates to the `v1` Action to security updates and hotfixes.
+The following arguments have been added:
 
-### Migration from `v1` to `v2`
-The `v2` uploader has a few breaking changes for users
-- Multiple fields have not been transferred from the bash uploader or have been deprecated. Notably
-many of the `functionalities` and `gcov_` arguments have been removed. Please check the documentation
-below for the full list.
+- `binary`
+- `gcov_args`
+- `gcov_executable`
+- `gcov_ignore`
+- `gcov_include`
+- `report_type`
+- `skip_validation`
+- `swift_project`
+
+You can see their usage in the `action.yml` [file](https://github.com/codecov/codecov-action/blob/main/action.yml).
+
+## v4 Release
+`v4` of the Codecov GitHub Action will use the [Codecov CLI](https://github.com/codecov/codecov-cli) to upload coverage reports to Codecov.
+
+### Breaking Changes
+- Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OSS projects do not need the upstream repo's Codecov token). For details, [see our docs](https://docs.codecov.com/docs/codecov-uploader#supporting-token-less-uploads-for-forks-of-open-source-repos-using-codecov)
+- Various arguments to the Action have been removed
+
+### Dependabot
+- For repositories using `Dependabot`, users will need to ensure that it has access to the Codecov token for PRs from Dependabot to upload coverage. To do this, please add your `CODECOV_TOKEN` as a Dependabot Secret. For more information, see ["Configuring access to private registries for Dependabot."](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#storing-credentials-for-dependabot-to-use)
+
+`v3` versions and below will not have access to CLI features (e.g. global upload token, ATS).
 
 ## Usage
 
-To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v2` is recommended) as a `step` within your `workflow.yml` file.
+To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v5` is recommended) as a `step` within your `workflow.yml` file.
 
-If you have a *private repository*, this Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, store it as a `secret`). Optionally, you can choose to include up to four additional inputs to customize the upload context. **For public repositories, no token is needed**
+This Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, [store it](https://docs.codecov.com/docs/adding-the-codecov-token#github-actions) as a `secret`).
+
+Currently, the Action will identify linux, macos, and windows runners. However, the Action may misidentify other architectures. The OS can be specified as
+- alpine
+- alpine-arm64
+- linux
+- linux-arm64
+- macos
+- windows
 
 Inside your `.github/workflows/workflow.yml` file:
 
 ```yaml
 steps:
-- uses: actions/checkout@master
-- uses: codecov/codecov-action@v2
+- uses: actions/checkout@main
+- uses: codecov/codecov-action@v5
   with:
-    token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
+    fail_ci_if_error: true # optional (default = false)
     files: ./coverage1.xml,./coverage2.xml # optional
     flags: unittests # optional
     name: codecov-umbrella # optional
-    fail_ci_if_error: true # optional (default = false)
+    token: ${{ secrets.CODECOV_TOKEN }}
     verbose: true # optional (default = false)
 ```
->**Note**: This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories.
+
+The Codecov token can also be passed in via environment variables:
+
+```yaml
+steps:
+- uses: actions/checkout@main
+- uses: codecov/codecov-action@v5
+  with:
+    fail_ci_if_error: true # optional (default = false)
+    files: ./coverage1.xml,./coverage2.xml # optional
+    flags: unittests # optional
+    name: codecov-umbrella # optional
+    verbose: true # optional (default = false)
+  env:
+    CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+```
+> [!NOTE]
+> This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories.
+
+### Using OIDC
+For users with [OpenID Connect(OIDC) enabled](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect), the Codecov token is not necessary. You can use OIDC with the `use_oidc` argument as following.
+
+```yaml
+- uses: codecov/codecov-action@v5
+  with:
+    use_oidc: true
+```
+
+Any token supplied will be ignored, as Codecov will default to the OIDC token for verification.
 
 ## Arguments
 
-Codecov's Action currently supports five inputs from the user: `token`, `file`, `flags`,`name`, and `fail_ci_if_error`. These inputs, along with their descriptions and usage contexts, are listed in the table below:
+Codecov's Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below:
 
-| Input  | Description | Usage |
-| :---:     |     :---:   |    :---:   |
-| `token`  | Used to authorize coverage report uploads  | *Required for private repos* |
-| `files`  | Comma-separated paths to the coverage report(s) | Optional
-| `directory` | Directory to search for coverage reports. | Optional
+| Input  | Description | Required |
+| :---       |     :---     |    :---:   |
+| `binary` | The file location of a pre-downloaded version of the CLI. If specified, integrity checking will be bypassed. | Optional
+| `codecov_yml_path` | The location of the codecov.yml file. This is crrently ONLY used for automated test selection (https://docs.codecov.com/docs/getting-started-with-ats). Note that for all other cases, the Codecov yaml will need to be locate
+d as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-file-codecovyml | Optional
+| `commit_parent` | SHA (with 40 chars) of what should be the parent of this commit. | Optional
+| `directory` | Folder to search for coverage files. Default to the current working directory | Optional
+| `disable_file_fixes` | Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets). Read more here https://docs.codecov.com/docs/fixing-reports | Optional
+| `disable_search` | Disable search for coverage files. This is helpful when specifying what files you want to upload with the files option. | Optional
+| `disable_safe_directory` | Disable setting safe directory. Set to true to disable. | Optional
 | `dry_run` | Don't upload files to Codecov | Optional
-| `flags`  | Flag the upload to group coverage metrics (unittests, uitests, etc.). Multiple flags are separated by a comma (ui,chrome) | Optional
-| | |
-| `commit_parent` | The commit SHA of the parent for which you are uploading coverage. If not present, the parent will be determined using the API of your repository provider.  When using the repository provider's API, the parent is determined via finding the closest ancestor to the commit. | Optional
-| `env_vars`  | Environment variables to tag the upload with. Multiple env variables can be separated with commas (e.g. `OS,PYTHON`) | Optional
-| `fail_ci_if_error`  | Specify if CI pipeline should fail when Codecov runs into errors during upload. *Defaults to **false*** | Optional
--| `functionalities` | Toggle functionalities | Optional
--| | `network` Disable uploading the file network |
-| `move_coverage_to_trash` | Move discovered coverage reports to the trash | Optional
-| `name`  | Custom defined name for the upload | Optional
-| `override_branch` | Specify the branch name | Optional
-| `override_build` | Specify the build number | Optional
-| `override_commit` | Specify the commit SHA | Optional
-| `override_pr` | Specify the pull request number | Optional
-| `override_tag` | Specify the git tag | Optional
-| `path_to_write_report` | Write upload file to path before uploading | Optional
-| `root_dir` | Used when not in git/hg project to identify project root directory | Optional
-| `slug` | Specify the slug manually (Enterprise use) | Optional
-| `url` | Change the upload host (Enterprise use) | Optional
-| `verbose` | Specify whether the Codecov output should be verbose | Optional
-| `working-directory` | Directory in which to execute `codecov.sh` | Optional
+| `env_vars` | Environment variables to tag the upload with (e.g. PYTHON \| OS,PYTHON) | Optional
+| `exclude` | Comma-separated list of folders to exclude from search. | Optional
+| `fail_ci_if_error` | On error, exit with non-zero code | Optional
+| `files` | Comma-separated explicit list of files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using "disable-search" to disable uploading other files. | Optional
+tional
+| `flags` | Comma-separated list of flags to upload to group coverage metrics. | Optional
+| `git_service` | Override the git_service (e.g. github_enterprise) | Optional
+| `gcov_args` | Extra arguments to pass to gcov | Optional
+| `gcov_executable` | gcov executable to run. Defaults to 'gcov' | Optional
+| `gcov_ignore` | Paths to ignore during gcov gathering | Optional
+| `gcov_include` | Paths to include during gcov gathering | Optional
+| `handle_no_reports_found` | If no coverage reports are found, do not raise an exception. | Optional
+| `job_code` |  | Optional
+| `name` | Custom defined name of the upload. Visible in the Codecov UI | Optional
+| `network_filter` | Specify a filter on the files listed in the network section of the Codecov report. This will only add files whose path begin with the specified filter. Useful for upload-specific path fixing. | Optional
+| `network_prefix` | Specify a prefix on files listed in the network section of the Codecov report. Useful to help resolve path fixing. | Optional
+| `os` | Override the assumed OS. Options available at cli.codecov.io | Optional
+| `override_branch` | Specify the branch to be displayed with this commit on Codecov | Optional
+| `override_build` | Specify the build number manually | Optional
+| `override_build_url` | The URL of the build where this is running | Optional
+| `override_commit` | Commit SHA (with 40 chars) | Optional
+| `override_pr` | Specify the pull request number manually. Used to override pre-existing CI environment variables. | Optional
+| `plugins` | Comma-separated list of plugins to run. Specify `noop` to turn off all plugins | Optional
+| `report_code` | The code of the report if using local upload. If unsure, leave unset. Read more here https://docs.codecov.com/docs/the-codecov-cli#how-to-use-local-upload | Optional
+| `report_type` | The type of file to upload, coverage by default. Possible values are "testing", "coverage". | Optional
+| `root_dir` | Root folder from which to consider paths on the network section. Defaults to current working directory. | Optional
+| `skip_validation` | Skip integrity checking of the CLI. This is NOT recommended. | Optional
+| `slug` | [Required when using the org token] Set to the owner/repo slug used instead of the private repo token. Only applicable to some Enterprise users. | Optional
+| `swift_project` | Specify the swift project name. Useful for optimization. | Optional
+| `token` | Repository Codecov token. Used to authorize report uploads | Optional
+| `url` | Set to the Codecov instance URl. Used by Dedicated Enterprise Cloud customers. | Optional
+| `use_legacy_upload_endpoint` | Use the legacy upload endpoint. | Optional
+| `use_oidc` | Use OIDC instead of token. This will ignore any token supplied | Optional
+| `verbose` | Enable verbose logging | Optional
+| `version` | Which version of the Codecov CLI to use (defaults to 'latest') | Optional
+| `working-directory` | Directory in which to execute codecov.sh | Optional
 
 ### Example `workflow.yml` with Codecov Action
 
@@ -88,29 +164,28 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
     env:
       OS: ${{ matrix.os }}
-      PYTHON: '3.7'
+      PYTHON: '3.10'
     steps:
-    - uses: actions/checkout@master
+    - uses: actions/checkout@main
     - name: Setup Python
-      uses: actions/setup-python@master
+      uses: actions/setup-python@main
       with:
-        python-version: 3.7
+        python-version: 3.10
     - name: Generate coverage report
       run: |
         pip install pytest
         pip install pytest-cov
         pytest --cov=./ --cov-report=xml
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v2
+      uses: codecov/codecov-action@v5
       with:
-        token: ${{ secrets.CODECOV_TOKEN }}
         directory: ./coverage/reports/
         env_vars: OS,PYTHON
         fail_ci_if_error: true
-        files: ./coverage1.xml,./coverage2.xml
+        files: ./coverage1.xml,./coverage2.xml,!./cache
         flags: unittests
         name: codecov-umbrella
-        path_to_write_report: ./coverage/codecov_report.txt
+        token: ${{ secrets.CODECOV_TOKEN }}
         verbose: true
 ```
 ## Contributing

action.yml

@@ -1,76 +1,263 @@
+---
+# yamllint disable rule:line-length
 name: 'Codecov'
 description: 'GitHub Action that uploads coverage reports for your repository to codecov.io'
-author: 'Ibrahim Ali <@ibrahim0814> & Thomas Hu <@thomasrockhu> | Codecov'
+author: 'Thomas Hu <@thomasrockhu-codecov> | Codecov'
 inputs:
-  token:
-    description: 'Repository upload token - get it from codecov.io. Required only for private repositories'
+  binary:
+    description: 'The file location of a pre-downloaded version of the CLI. If specified, integrity checking will be bypassed.'
     required: false
-  files:
-    description: 'Comma-separated list of files to upload'
-    required: false
-  directory:
-    description: 'Directory to search for coverage reports.'
-    required: false
-  flags:
-    description: 'Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)'
+  codecov_yml_path:
+    description: 'The location of the codecov.yml file. This is crrently ONLY used for automated test selection (https://docs.codecov.com/docs/getting-started-with-ats). Note that for all other cases, the Codecov yaml will need to be located as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-file-codecovyml'
     required: false
   commit_parent:
-    description: 'The commit SHA of the parent for which you are uploading coverage. If not present, the parent will be determined using the API of your repository provider.  When using the repository providers API, the parent is determined via finding the closest ancestor to the commit.'
+    description: 'SHA (with 40 chars) of what should be the parent of this commit.'
     required: false
+  directory:
+    description: 'Folder to search for coverage files. Default to the current working directory'
+    required: false
+  disable_file_fixes:
+    description: 'Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets). Read more here https://docs.codecov.com/docs/fixing-reports'
+    required: false
+    default: 'false'
+  disable_search:
+    description: 'Disable search for coverage files. This is helpful when specifying what files you want to upload with the files option.'
+    required: false
+    default: 'false'
+  disable_safe_directory:
+    description: 'Disable setting safe directory. Set to true to disable.'
+    required: false
+    default: 'false'
   dry_run:
     description: "Don't upload files to Codecov"
     required: false
+    default: 'false'
   env_vars:
     description: 'Environment variables to tag the upload with (e.g. PYTHON | OS,PYTHON)'
     required: false
+  exclude:
+    description: 'Comma-separated list of folders to exclude from search.'
+    required: false
   fail_ci_if_error:
-    description: 'Specify whether or not CI build should fail if Codecov runs into an error during upload'
+    description: 'On error, exit with non-zero code'
     required: false
-  file:
-    description: 'Path to coverage file to upload'
+    default: 'false'
+  files:
+    description: 'Comma-separated list of explicit files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using disable-search to disable uploading other files.'
     required: false
-  functionalities:
-    description: 'Comma-separated list, see the README for options and their usage'
+  flags:
+    description: 'Comma-separated list of flags to upload to group coverage metrics.'
     required: false
-  move_coverage_to_trash:
-    description: 'Move discovered coverage reports to the trash'
+  git_service:
+    description: 'Override the git_service (e.g. github_enterprise)'
+    required: false
+    default: 'github'
+  gcov_args:
+    description: 'Extra arguments to pass to gcov'
+    required: false
+  gcov_executable:
+    description: "gcov executable to run. Defaults to 'gcov'"
+    required: false
+    default: 'gcov'
+  gcov_ignore:
+    description: 'Paths to ignore during gcov gathering'
+    required: false
+  gcov_include:
+    description: "Paths to include during gcov gathering"
+    required: false
+  handle_no_reports_found:
+    description: 'If no coverage reports are found, do not raise an exception.'
+    required: false
+    default: 'false'
+  job_code:
+    description: ''
     required: false
   name:
-    description: 'User defined upload name. Visible in Codecov UI'
+    description: 'Custom defined name of the upload. Visible in the Codecov UI'
+    required: false
+  network_filter:
+    description: 'Specify a filter on the files listed in the network section of the Codecov report. This will only add files whose path begin with the specified filter. Useful for upload-specific path fixing.'
+    required: false
+  network_prefix:
+    description: 'Specify a prefix on files listed in the network section of the Codecov report. Useful to help resolve path fixing.'
+    required: false
+  os:
+    description: 'Override the assumed OS. Options available at cli.codecov.io'
     required: false
   override_branch:
-    description: 'Specify the branch name'
+    description: 'Specify the branch to be displayed with this commit on Codecov'
     required: false
   override_build:
-    description: 'Specify the build number'
+    description: 'Specify the build number manually'
+    required: false
+  override_build_url:
+    description: 'The URL of the build where this is running'
     required: false
   override_commit:
-    description: 'Specify the commit SHA'
+    description: 'Commit SHA (with 40 chars)'
     required: false
   override_pr:
-    description: 'Specify the pull request number'
+    description: 'Specify the pull request number manually. Used to override pre-existing CI environment variables.'
     required: false
-  override_tag:
-    description: 'Specify the git tag'
+  plugins:
+    description: 'Comma-separated list of plugins to run. Specify `noop` to turn off all plugins'
+    required: false
+  report_code:
+    description: 'The code of the report if using local upload. If unsure, leave default. Read more here https://docs.codecov.com/docs/the-codecov-cli#how-to-use-local-upload'
+    required: false
+  report_type:
+    description: 'The type of file to upload, coverage by default. Possible values are "testing", "coverage".'
     required: false
   root_dir:
-    description: 'Used when not in git/hg project to identify project root directory'
+    description: 'Root folder from which to consider paths on the network section. Defaults to current working directory.'
     required: false
+  skip_validation:
+    description: 'Skip integrity checking of the CLI. This is NOT recommended.'
+    required: false
+    default: 'false'
   slug:
-    description: 'Specify the slug manually (Enterprise use)'
+    description: '[Required when using the org token] Set to the owner/repo slug used instead of the private repo token. Only applicable to some Enterprise users.'
+    required: false
+  swift_project:
+    description: 'Specify the swift project name. Useful for optimization.'
+    required: false
+  token:
+    description: 'Repository Codecov token. Used to authorize report uploads'
     required: false
   url:
-    description: 'Change the upload host (Enterprise use)'
+    description: 'Set to the Codecov instance URl. Used by Dedicated Enterprise Cloud customers.'
     required: false
+  use_legacy_upload_endpoint:
+    description: 'Use the legacy upload endpoint.'
+    required: false
+    default: 'false'
+  use_oidc:
+    description: 'Use OIDC instead of token. This will ignore any token supplied'
+    required: false
+    default: 'false'
   verbose:
-    description: 'Specify whether the Codecov output should be verbose'
+    description: 'Enable verbose logging'
     required: false
+    default: 'false'
+  version:
+    description: "Which version of the Codecov CLI to use (defaults to 'latest')"
+    required: false
+    default: 'latest'
   working-directory:
     description: 'Directory in which to execute codecov.sh'
     required: false
+
 branding:
   color: 'red'
   icon: 'umbrella'
+
 runs:
-  using: 'node12'
-  main: 'dist/index.js'
+  using: "composite"
+  steps:
+    - name: Action version
+      shell: bash
+      run: |
+        CC_ACTION_VERSION=$(cat ${GITHUB_ACTION_PATH}/src/version | grep 'CODECOV_ACTION_VERSION=' | cut -d\" -f2)
+        echo -e "\033[0;32m==>\033[0m Running Action version $CC_ACTION_VERSION"
+    - name: Set safe directory
+      if: ${{ inputs.disable_safe_directory != 'true' }}
+      shell: bash
+      run: |
+        git config --global --add safe.directory ${{ github.workspace }}
+
+    - name: Get and set token
+      shell: bash
+      run: |
+        if [ "${{ inputs.use_oidc }}" == 'true' ];
+        then
+          # {"count":1984,"value":"***"}
+          CC_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://codecov.io" | cut -d\" -f6)
+          echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
+        else
+          if [ -n ${{ inputs.token }} ];
+          then
+            CC_TOKEN=$(echo ${{ inputs.token }} | tr -d '\n')
+            echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
+          fi
+        fi
+
+    - name: Override branch for forks
+      shell: bash
+      run: |
+        if [ -z "$CC_BRANCH" ] && [ -z "$CC_TOKEN" ] && [ -n "$GITHUB_EVENT_PULL_REQUEST_REPO_FULL_NAME"] && [ "${GITHUB_EVENT_PULL_REQUEST_REPO_FULL_NAME}" != "$GITHUB_REPOSITORY" ];
+        then
+          echo -e "\033[0;32m==>\033[0m Fork detected, tokenless uploading used"
+          TOKENLESS="$GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL"
+          CC_BRANCH="$GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL"
+          echo "TOKENLESS=$TOKENLESS" >> "$GITHUB_ENV"
+        fi
+
+        echo "CC_BRANCH=$CC_BRANCH" >> "$GITHUB_ENV"
+      env:
+        CC_BRANCH: ${{ inputs.override_branch }}
+        GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL: ${{ github.event.pull_request.head.label }}
+        GITHUB_EVENT_PULL_REQUEST_REPO_FULL_NAME: ${{ github.event.pull_request.repo.full_name }}
+        GITHUB_REPOSITORY: ${{ github.repository }}
+
+    - name: Override commits and pr for pull requests
+      shell: bash
+      run: |
+        if [ -z "$CC_SHA" ];
+        then
+          CC_SHA="$GITHUB_EVENT_PULL_REQUEST_HEAD_SHA"
+        fi
+        if [ -z "$CC_PR" ] && [ "${GITHUB_EVENT_NAME}" == "pull_request_target" ];
+        then
+          CC_PR="$GITHUB_EVENT_NUMBER"
+        fi
+
+        echo "CC_SHA=$CC_SHA" >> "$GITHUB_ENV"
+        echo "CC_PR=$CC_PR" >> "$GITHUB_ENV"
+      env:
+        CC_PR: ${{ inputs.override_pr }}
+        CC_SHA: ${{ inputs.override_commit }}
+        GITHUB_EVENT_NAME: ${{ github.event_name }}
+        GITHUB_EVENT_NUMBER: ${{ github.event.number }}
+        GITHUB_EVENT_PULL_REQUEST_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+
+    - name: Upload coverage to Codecov
+      run: ${GITHUB_ACTION_PATH}/dist/codecov.sh
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      env:
+        CC_BINARY: ${{ inputs.binary }}
+        CC_BUILD: ${{ inputs.override_build }}
+        CC_BUILD_URL: ${{ inputs.override_build_url }}
+        CC_CODE: ${{ inputs.report_code }}
+        CC_DIR: ${{ inputs.directory }}
+        CC_DISABLE_FILE_FIXES: ${{ inputs.disable_file_fixes }}
+        CC_DISABLE_SEARCH: ${{ inputs.disable_search }}
+        CC_DRY_RUN: ${{ inputs.dry_run }}
+        CC_ENTERPRISE_URL: ${{ inputs.url }}
+        CC_ENV: ${{ inputs.env_vars }}
+        CC_EXCLUDES: ${{ inputs.exclude }}
+        CC_FAIL_ON_ERROR: ${{ inputs.fail_ci_if_error }}
+        CC_FILES: ${{ inputs.files }}
+        CC_FLAGS: ${{ inputs.flags }}
+        CC_GCOV_ARGS: ${{ inputs.gcov_args }}
+        CC_GCOV_EXECUTABLE: ${{ inputs.gcov_executable }}
+        CC_GCOV_IGNORE: ${{ inputs.gcov_ignore }}
+        CC_GCOV_INCLUDE: ${{ inputs.gcov_include }}
+        CC_GIT_SERVICE: ${{ inputs.git_service }}
+        CC_HANDLE_NO_REPORTS_FOUND: ${{ inputs.handle_no_reports_found }}
+        CC_JOB_CODE: ${{ inputs.job_code }}
+        CC_LEGACY: ${{ inputs.use_legacy_upload_endpoint }}
+        CC_NAME: ${{ inputs.name }}
+        CC_NETWORK_FILTER: ${{ inputs.network_filter }}
+        CC_NETWORK_PREFIX: ${{ inputs.network_prefix }}
+        CC_NETWORK_ROOT_FOLDER: ${{ inputs.root_dir }}
+        CC_OS: ${{ inputs.os }}
+        CC_PARENT_SHA: ${{ inputs.commit_parent }}
+        CC_PLUGINS: ${{ inputs.plugins }}
+        CC_REPORT_TYPE: ${{ inputs.report_type }}
+        CC_SKIP_VALIDATION: ${{ inputs.skip_validation }}
+        CC_SLUG: ${{ inputs.slug }}
+        CC_SWIFT_PROJECT: ${{ inputs.swift_project }}
+        CC_VERBOSE: ${{ inputs.verbose }}
+        CC_VERSION: ${{ inputs.version }}
+        CC_YML_PATH: ${{ inputs.codecov_yml_path }}

changelog.py

@@ -0,0 +1,77 @@
+import json
+import re
+import subprocess
+
+def update_changelog():
+    with open('src/version', 'r') as f:
+        raw_version = f.read()
+    version = re.search('\"(.*)\"', raw_version).groups()[0]
+    changelog = [f"## v{version}"]
+    changelog.append("### What\'s Changed")
+
+    with open('CHANGELOG.md', 'r') as f:
+        previous = f.readline().replace("##", '').strip()
+
+    if previous == version:
+        print(f"No changes to version {version}")
+        return
+    print(f"Adding logs from {previous}..v{version}")
+
+    raw_current_branch = subprocess.run([
+        "git",
+        "branch",
+        "--show-current",
+    ], capture_output=True)
+    current_branch = raw_current_branch.stdout.decode('utf-8').strip()
+
+    raw_commits = subprocess.run([
+        "git",
+        "log",
+        f"{previous}..{current_branch}",
+        "--oneline",
+    ], capture_output=True)
+    commits = [line[:7] for line in raw_commits.stdout.decode('utf-8').split('\n')]
+    print(commits)
+
+    prs = set()
+    for commit in commits:
+        if not commit:
+            continue
+        commit_output = subprocess.run([
+            'gh',
+            'pr',
+            'list',
+            '--json',
+            'author,number,title,url',
+            '--search',
+            f'"{commit}"',
+            '--state',
+            'merged',
+        ], capture_output=True)
+
+        commit_details = commit_output.stdout.decode('utf-8')
+        if not commit_details or not json.loads(commit_details):
+            continue
+        commit_details = json.loads(commit_details)[0]
+
+
+        if not commit_details['number']:
+            continue
+        if commit_details['number'] in prs:
+            continue
+        prs.add(commit_details['number'])
+        changelog.append(f"* {commit_details['title']} by @{commit_details['author']['login']} in {commit_details['url']}")
+
+    changelog.append('\n')
+    changelog.append(f"**Full Changelog**: https://github.com/codecov/codecov-action/compare/{previous}..v{version}\n")
+
+    with open('CHANGELOG.md', 'r') as f:
+        for line in f:
+            changelog.append(line.strip())
+
+    with open('CHANGELOG.md', 'w') as f:
+        f.write('\n'.join(changelog))
+
+
+if __name__=="__main__":
+    update_changelog()

dist/codecov.sh

@@ -0,0 +1,247 @@
+#!/usr/bin/env bash
+CC_WRAPPER_VERSION="0.0.26"
+set +u
+say() {
+  echo -e "$1"
+}
+exit_if_error() {
+  say "$r==> $1$x"
+  if [ $CC_FAIL_ON_ERROR = true ];
+  then
+     say "$r    Exiting...$x"
+     exit 1;
+  fi
+}
+lower() {
+  echo $(echo $1 | sed 's/CC//' | sed 's/_/-/g' | tr '[:upper:]' '[:lower:]')
+}
+k_arg() {
+  if [ -n "$(eval echo \$"CC_$1")" ];
+  then
+    echo "--$(lower "$1")"
+  fi
+}
+v_arg() {
+  if [ -n "$(eval echo \$"CC_$1")" ];
+  then
+    echo "$(eval echo \$"CC_$1")"
+  fi
+}
+write_truthy_args() {
+  if [ "$(eval echo \$$1)" = "true" ] || [ "$(eval echo \$$1)" = "1" ];
+  then
+    echo "-$(lower $1)"
+  fi
+}
+b="\033[0;36m"  # variables/constants
+g="\033[0;32m"  # info/debug
+r="\033[0;31m"  # errors
+x="\033[0m"
+say "     _____          _
+    / ____|        | |
+   | |     ___   __| | ___  ___ _____   __
+   | |    / _ \\ / _\` |/ _ \\/ __/ _ \\ \\ / /
+   | |___| (_) | (_| |  __/ (_| (_) \\ V /
+    \\_____\\___/ \\__,_|\\___|\\___\\___/ \\_/
+                           $r Wrapper-$CC_WRAPPER_VERSION$x
+                                  "
+CC_VERSION="${CC_VERSION:-latest}"
+CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}"
+if [ -n "$CC_BINARY" ];
+then
+  if [ -f "$CC_BINARY" ];
+  then
+    cc_filename=$CC_BINARY
+  else
+    exit_if_error "Could not find binary file $CC_BINARY"
+  fi
+else
+  if [ -n "$CC_OS" ];
+  then
+    say "$g==>$x Overridden OS: $b${CC_OS}$x"
+    export cc_os=${CC_OS}
+  else
+    CC_OS="linux"
+    family=$(uname -s | tr '[:upper:]' '[:lower:]')
+    cc_os="windows"
+    [[ $family == "darwin" ]] && cc_os="macos"
+    [[ $family == "linux" ]] && cc_os="linux"
+    [[ $cc_os == "linux" ]] && \
+      osID=$(grep -e "^ID=" /etc/os-release | cut -c4-)
+    [[ $osID == "alpine" ]] && cc_os="alpine"
+    [[ $(arch) == "aarch64" && $family == "linux" ]] && cc_os+="-arm64"
+    say "$g==>$x Detected $b${cc_os}$x"
+    export cc_os=${cc_os}
+  fi
+  export cc_version=${CC_VERSION}
+  cc_filename="codecov"
+  [[ $cc_os == "windows" ]] && cc_filename+=".exe"
+  export cc_filename=${cc_filename}
+  [[ $cc_os == "macos" ]]  && \
+    ! command -v gpg 2>&1 >/dev/null && \
+    HOMEBREW_NO_AUTO_UPDATE=1 brew install gpg
+  cc_url="https://cli.codecov.io"
+  cc_url="$cc_url/${CC_VERSION}"
+  cc_url="$cc_url/${cc_os}/${cc_filename}"
+  say "$g ->$x Downloading $b${cc_url}$x"
+  curl -Os $cc_url
+  say "$g==>$x Finishing downloading $b${cc_os}:${CC_VERSION}$x"
+  version_url="https://cli.codecov.io/${cc_os}/${CC_VERSION}"
+  version=$(curl -s $version_url -H "Accept:application/json" | jq -r '.version')
+  say "      Version: $b$version$x"
+  say " "
+fi
+if [ "$CC_SKIP_VALIDATION" = "true" ] || [ -n "$CC_BINARY" ];
+then
+  say "$r==>$x Bypassing validation as requested by user"
+else
+CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)
+  echo "${CC_PUBLIC_PGP_KEY}"  | \
+    gpg --no-default-keyring --import
+  # One-time step
+  say "$g==>$x Verifying GPG signature integrity"
+  sha_url="https://cli.codecov.io"
+  sha_url="${sha_url}/${cc_version}/${cc_os}"
+  sha_url="${sha_url}/${cc_filename}.SHA256SUM"
+  say "$g ->$x Downloading $b${sha_url}$x"
+  say "$g ->$x Downloading $b${sha_url}.sig$x"
+  say " "
+  curl -Os --retry 5 --retry-delay 2 --connect-timeout 2 "$sha_url"
+  curl -Os --retry 5 --retry-delay 2 --connect-timeout 2 "${sha_url}.sig"
+  if ! gpg --verify "${cc_filename}.SHA256SUM.sig" "${cc_filename}.SHA256SUM";
+  then
+    exit_if_error "Could not verify signature. Please contact Codecov if problem continues"
+  fi
+  if ! (shasum -a 256 -c "${cc_filename}.SHA256SUM" || \
+    sha256sum -c "${cc_filename}.SHA256SUM");
+  then
+    exit_if_error "Could not verify SHASUM. Please contact Codecov if problem continues"
+  fi
+  say "$g==>$x CLI integrity verified"
+  say
+fi
+cc_cli_args=()
+cc_cli_args+=( $(k_arg AUTO_LOAD_PARAMS_FROM) $(v_arg AUTO_LOAD_PARAMS_FROM))
+cc_cli_args+=( $(k_arg ENTERPRISE_URL) $(v_arg ENTERPRISE_URL))
+cc_cli_args+=( $(k_arg YML_PATH) $(v_arg YML_PATH))
+cc_cli_args+=( $(write_truthy_args CC_VERBOSE) )
+cc_cc_args=()
+cc_cc_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) )
+cc_du_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE))
+cc_du_args+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA))
+cc_du_args+=( $(k_arg PR) $(v_arg PR))
+cc_du_args+=( $(k_arg SHA) $(v_arg SHA))
+cc_du_args+=( $(k_arg SLUG) $(v_arg SLUG))
+cc_create_report_args=()
+cc_cr_args+=( $(k_arg CODE) $(v_arg CODE))
+cc_cr_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) )
+cc_cr_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE))
+cc_cr_args+=( $(k_arg PR) $(v_arg PR))
+cc_cr_args+=( $(k_arg SHA) $(v_arg SHA))
+cc_cr_args+=( $(k_arg SLUG) $(v_arg SLUG))
+cc_du_args=()
+cc_du_args+=( $(k_arg ENV) $(v_arg ENV))
+OLDIFS=$IFS;IFS=,
+cc_du_args+=( $(k_arg BRANCH) $(v_arg BRANCH))
+cc_du_args+=( $(k_arg BUILD) $(v_arg BUILD))
+cc_du_args+=( $(k_arg BUILD_URL) $(v_arg BUILD_URL))
+cc_du_args+=( $(k_arg CODE) $(v_arg CODE))
+cc_du_args+=( $(k_arg DIR) $(v_arg DIR))
+cc_du_args+=( $(write_truthy_args CC_DISABLE_FILE_FIXES) )
+cc_du_args+=( $(write_truthy_args CC_DISABLE_SEARCH) )
+cc_du_args+=( $(write_truthy_args CC_DRY_RUN) )
+if [ -n "$CC_EXCLUDES" ];
+then
+  for directory in $CC_EXCLUDES; do
+    cc_du_args+=( "--exclude" "$directory" )
+  done
+fi
+cc_du_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) )
+if [ -n "$CC_FILES" ];
+then
+  for file in $CC_FILES; do
+    cc_du_args+=( "--file" "$file" )
+  done
+fi
+if [ -n "$CC_FLAGS" ];
+then
+  for flag in $CC_FLAGS; do
+    cc_du_args+=( "--flag" "$flag" )
+  done
+fi
+cc_du_args+=( $(k_arg GCOV_ARGS) $(v_arg GCOV_ARGS))
+cc_du_args+=( $(k_arg GCOV_EXECUTABLE) $(v_arg GCOV_EXECUTABLE))
+cc_du_args+=( $(k_arg GCOV_IGNORE) $(v_arg GCOV_IGNORE))
+cc_du_args+=( $(k_arg GCOV_INCLUDE) $(v_arg GCOV_INCLUDE))
+cc_du_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE))
+cc_du_args+=( $(write_truthy_args CC_HANDLE_NO_REPORTS_FOUND) )
+cc_du_args+=( $(k_arg JOB_CODE) $(v_arg JOB_CODE))
+cc_du_args+=( $(write_truthy_args CC_LEGACY) )
+if [ -n "$CC_NAME" ];
+then
+  cc_du_args+=( "--name" "$CC_NAME" )
+fi
+cc_du_args+=( $(k_arg NETWORK_FILTER) $(v_arg NETWORK_FILTER))
+cc_du_args+=( $(k_arg NETWORK_PREFIX) $(v_arg NETWORK_PREFIX))
+cc_du_args+=( $(k_arg NETWORK_ROOT_FOLDER) $(v_arg NETWORK_ROOT_FOLDER))
+if [ -n "$CC_PLUGINS" ];
+then
+  for plugin in $CC_PLUGINS; do
+    cc_du_args+=( "--plugin" "$plugin" )
+  done
+fi
+cc_du_args+=( $(k_arg PR) $(v_arg PR))
+cc_du_args+=( $(k_arg REPORT_TYPE) $(v_arg REPORT_TYPE))
+cc_du_args+=( $(k_arg SHA) $(v_arg SHA))
+cc_du_args+=( $(k_arg SLUG) $(v_arg SLUG))
+cc_du_args+=( $(k_arg SWIFT_PROJECT) $(v_arg SWIFT_PROJECT))
+IFS=$OLDIFS
+unset NODE_OPTIONS
+# See https://github.com/codecov/uploader/issues/475
+chmod +x $cc_filename
+if [ -n "$CC_TOKEN_VAR" ];
+then
+  token="$(eval echo \$$CC_TOKEN_VAR)"
+else
+  token="$(eval echo $CC_TOKEN)"
+fi
+say "$g ->$x Token of length ${#token} detected"
+token_str=""
+token_arg=()
+if [ -n "$token" ];
+then
+  token_str+=" -t <redacted>"
+  token_arg+=( " -t " "$token")
+fi
+say "$g==>$x Running create-commit"
+say "      $b./$cc_filename $(echo "${cc_cli_args[@]}") create-commit$token_str $(echo "${cc_cc_args[@]}")$x"
+if ! ./$cc_filename \
+  ${cc_cli_args[*]} \
+  create-commit \
+  ${token_arg[*]} \
+  "${cc_cc_args[@]}";
+then
+  exit_if_error "Failed to create-commit"
+fi
+say " "
+say "$g==>$x Running create-report"
+say "      $b./$cc_filename $(echo "${cc_cli_args[@]}") create-report$token_str $(echo "${cc_cr_args[@]}")$x"
+if ! ./$cc_filename \
+  ${cc_cli_args[*]} \
+  create-report \
+  ${token_arg[*]} \
+  "${cc_cr_args[@]}";
+then
+  exit_if_error "Failed to create-report"
+fi
+say " "
+say "$g==>$x Running do-upload"
+say "      $b./$cc_filename $(echo "${cc_cli_args[@]}") do-upload$token_str $(echo "${cc_du_args[@]}")$x"
+if ! ./$cc_filename \
+  ${cc_cli_args[*]} \
+  do-upload \
+  ${token_arg[*]} \
+  "${cc_du_args[@]}";
+then
+  exit_if_error "Failed to upload"
+fi

dist/node_modules/asn1.js/.eslintrc.js

@@ -1,27 +0,0 @@
-module.exports = {
-  'env': {
-    'browser': false,
-    'commonjs': true,
-    'es6': true,
-    'node': true
-  },
-  'extends': 'eslint:recommended',
-  'rules': {
-    'indent': [
-      'error',
-      2
-    ],
-    'linebreak-style': [
-      'error',
-      'unix'
-    ],
-    'quotes': [
-      'error',
-      'single'
-    ],
-    'semi': [
-      'error',
-      'always'
-    ]
-  }
-};

dist/node_modules/asn1.js/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2017 Fedor Indutny
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

dist/node_modules/asn1.js/README.md

@@ -1,100 +0,0 @@
-# ASN1.js
-
-ASN.1 DER Encoder/Decoder and DSL.
-
-## Example
-
-Define model:
-
-```javascript
-var asn = require('asn1.js');
-
-var Human = asn.define('Human', function() {
-  this.seq().obj(
-    this.key('firstName').octstr(),
-    this.key('lastName').octstr(),
-    this.key('age').int(),
-    this.key('gender').enum({ 0: 'male', 1: 'female' }),
-    this.key('bio').seqof(Bio)
-  );
-});
-
-var Bio = asn.define('Bio', function() {
-  this.seq().obj(
-    this.key('time').gentime(),
-    this.key('description').octstr()
-  );
-});
-```
-
-Encode data:
-
-```javascript
-var output = Human.encode({
-  firstName: 'Thomas',
-  lastName: 'Anderson',
-  age: 28,
-  gender: 'male',
-  bio: [
-    {
-      time: +new Date('31 March 1999'),
-      description: 'freedom of mind'
-    }
-  ]
-}, 'der');
-```
-
-Decode data:
-
-```javascript
-var human = Human.decode(output, 'der');
-console.log(human);
-/*
-{ firstName: <Buffer 54 68 6f 6d 61 73>,
-  lastName: <Buffer 41 6e 64 65 72 73 6f 6e>,
-  age: 28,
-  gender: 'male',
-  bio:
-   [ { time: 922820400000,
-       description: <Buffer 66 72 65 65 64 6f 6d 20 6f 66 20 6d 69 6e 64> } ] }
-*/
-```
-
-### Partial decode
-
-Its possible to parse data without stopping on first error. In order to do it,
-you should call:
-
-```javascript
-var human = Human.decode(output, 'der', { partial: true });
-console.log(human);
-/*
-{ result: { ... },
-  errors: [ ... ] }
-*/
-```
-
-#### LICENSE
-
-This software is licensed under the MIT License.
-
-Copyright Fedor Indutny, 2017.
-
-Permission is hereby granted, free of charge, to any person obtaining a
-copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to permit
-persons to whom the Software is furnished to do so, subject to the
-following conditions:
-
-The above copyright notice and this permission notice shall be included
-in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
-NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
-DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
-OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
-USE OR OTHER DEALINGS IN THE SOFTWARE.

dist/node_modules/asn1.js/lib/asn1.js

@@ -1,11 +0,0 @@
-'use strict';
-
-const asn1 = exports;
-
-asn1.bignum = require('bn.js');
-
-asn1.define = require('./asn1/api').define;
-asn1.base = require('./asn1/base');
-asn1.constants = require('./asn1/constants');
-asn1.decoders = require('./asn1/decoders');
-asn1.encoders = require('./asn1/encoders');

dist/node_modules/asn1.js/lib/asn1/api.js

@@ -1,57 +0,0 @@
-'use strict';
-
-const encoders = require('./encoders');
-const decoders = require('./decoders');
-const inherits = require('inherits');
-
-const api = exports;
-
-api.define = function define(name, body) {
-  return new Entity(name, body);
-};
-
-function Entity(name, body) {
-  this.name = name;
-  this.body = body;
-
-  this.decoders = {};
-  this.encoders = {};
-}
-
-Entity.prototype._createNamed = function createNamed(Base) {
-  const name = this.name;
-
-  function Generated(entity) {
-    this._initNamed(entity, name);
-  }
-  inherits(Generated, Base);
-  Generated.prototype._initNamed = function _initNamed(entity, name) {
-    Base.call(this, entity, name);
-  };
-
-  return new Generated(this);
-};
-
-Entity.prototype._getDecoder = function _getDecoder(enc) {
-  enc = enc || 'der';
-  // Lazily create decoder
-  if (!this.decoders.hasOwnProperty(enc))
-    this.decoders[enc] = this._createNamed(decoders[enc]);
-  return this.decoders[enc];
-};
-
-Entity.prototype.decode = function decode(data, enc, options) {
-  return this._getDecoder(enc).decode(data, options);
-};
-
-Entity.prototype._getEncoder = function _getEncoder(enc) {
-  enc = enc || 'der';
-  // Lazily create encoder
-  if (!this.encoders.hasOwnProperty(enc))
-    this.encoders[enc] = this._createNamed(encoders[enc]);
-  return this.encoders[enc];
-};
-
-Entity.prototype.encode = function encode(data, enc, /* internal */ reporter) {
-  return this._getEncoder(enc).encode(data, reporter);
-};

dist/node_modules/asn1.js/lib/asn1/base/buffer.js

@@ -1,153 +0,0 @@
-'use strict';
-
-const inherits = require('inherits');
-const Reporter = require('../base/reporter').Reporter;
-const Buffer = require('safer-buffer').Buffer;
-
-function DecoderBuffer(base, options) {
-  Reporter.call(this, options);
-  if (!Buffer.isBuffer(base)) {
-    this.error('Input not Buffer');
-    return;
-  }
-
-  this.base = base;
-  this.offset = 0;
-  this.length = base.length;
-}
-inherits(DecoderBuffer, Reporter);
-exports.DecoderBuffer = DecoderBuffer;
-
-DecoderBuffer.isDecoderBuffer = function isDecoderBuffer(data) {
-  if (data instanceof DecoderBuffer) {
-    return true;
-  }
-
-  // Or accept compatible API
-  const isCompatible = typeof data === 'object' &&
-    Buffer.isBuffer(data.base) &&
-    data.constructor.name === 'DecoderBuffer' &&
-    typeof data.offset === 'number' &&
-    typeof data.length === 'number' &&
-    typeof data.save === 'function' &&
-    typeof data.restore === 'function' &&
-    typeof data.isEmpty === 'function' &&
-    typeof data.readUInt8 === 'function' &&
-    typeof data.skip === 'function' &&
-    typeof data.raw === 'function';
-
-  return isCompatible;
-};
-
-DecoderBuffer.prototype.save = function save() {
-  return { offset: this.offset, reporter: Reporter.prototype.save.call(this) };
-};
-
-DecoderBuffer.prototype.restore = function restore(save) {
-  // Return skipped data
-  const res = new DecoderBuffer(this.base);
-  res.offset = save.offset;
-  res.length = this.offset;
-
-  this.offset = save.offset;
-  Reporter.prototype.restore.call(this, save.reporter);
-
-  return res;
-};
-
-DecoderBuffer.prototype.isEmpty = function isEmpty() {
-  return this.offset === this.length;
-};
-
-DecoderBuffer.prototype.readUInt8 = function readUInt8(fail) {
-  if (this.offset + 1 <= this.length)
-    return this.base.readUInt8(this.offset++, true);
-  else
-    return this.error(fail || 'DecoderBuffer overrun');
-};
-
-DecoderBuffer.prototype.skip = function skip(bytes, fail) {
-  if (!(this.offset + bytes <= this.length))
-    return this.error(fail || 'DecoderBuffer overrun');
-
-  const res = new DecoderBuffer(this.base);
-
-  // Share reporter state
-  res._reporterState = this._reporterState;
-
-  res.offset = this.offset;
-  res.length = this.offset + bytes;
-  this.offset += bytes;
-  return res;
-};
-
-DecoderBuffer.prototype.raw = function raw(save) {
-  return this.base.slice(save ? save.offset : this.offset, this.length);
-};
-
-function EncoderBuffer(value, reporter) {
-  if (Array.isArray(value)) {
-    this.length = 0;
-    this.value = value.map(function(item) {
-      if (!EncoderBuffer.isEncoderBuffer(item))
-        item = new EncoderBuffer(item, reporter);
-      this.length += item.length;
-      return item;
-    }, this);
-  } else if (typeof value === 'number') {
-    if (!(0 <= value && value <= 0xff))
-      return reporter.error('non-byte EncoderBuffer value');
-    this.value = value;
-    this.length = 1;
-  } else if (typeof value === 'string') {
-    this.value = value;
-    this.length = Buffer.byteLength(value);
-  } else if (Buffer.isBuffer(value)) {
-    this.value = value;
-    this.length = value.length;
-  } else {
-    return reporter.error('Unsupported type: ' + typeof value);
-  }
-}
-exports.EncoderBuffer = EncoderBuffer;
-
-EncoderBuffer.isEncoderBuffer = function isEncoderBuffer(data) {
-  if (data instanceof EncoderBuffer) {
-    return true;
-  }
-
-  // Or accept compatible API
-  const isCompatible = typeof data === 'object' &&
-    data.constructor.name === 'EncoderBuffer' &&
-    typeof data.length === 'number' &&
-    typeof data.join === 'function';
-
-  return isCompatible;
-};
-
-EncoderBuffer.prototype.join = function join(out, offset) {
-  if (!out)
-    out = Buffer.alloc(this.length);
-  if (!offset)
-    offset = 0;
-
-  if (this.length === 0)
-    return out;
-
-  if (Array.isArray(this.value)) {
-    this.value.forEach(function(item) {
-      item.join(out, offset);
-      offset += item.length;
-    });
-  } else {
-    if (typeof this.value === 'number')
-      out[offset] = this.value;
-    else if (typeof this.value === 'string')
-      out.write(this.value, offset);
-    else if (Buffer.isBuffer(this.value))
-      this.value.copy(out, offset);
-    offset += this.length;
-  }
-
-  return out;
-};

dist/node_modules/asn1.js/lib/asn1/base/index.js

@@ -1,8 +0,0 @@
-'use strict';
-
-const base = exports;
-
-base.Reporter = require('./reporter').Reporter;
-base.DecoderBuffer = require('./buffer').DecoderBuffer;
-base.EncoderBuffer = require('./buffer').EncoderBuffer;
-base.Node = require('./node');

dist/node_modules/asn1.js/lib/asn1/base/node.js

@@ -1,638 +0,0 @@
-'use strict';
-
-const Reporter = require('../base/reporter').Reporter;
-const EncoderBuffer = require('../base/buffer').EncoderBuffer;
-const DecoderBuffer = require('../base/buffer').DecoderBuffer;
-const assert = require('minimalistic-assert');
-
-// Supported tags
-const tags = [
-  'seq', 'seqof', 'set', 'setof', 'objid', 'bool',
-  'gentime', 'utctime', 'null_', 'enum', 'int', 'objDesc',
-  'bitstr', 'bmpstr', 'charstr', 'genstr', 'graphstr', 'ia5str', 'iso646str',
-  'numstr', 'octstr', 'printstr', 't61str', 'unistr', 'utf8str', 'videostr'
-];
-
-// Public methods list
-const methods = [
-  'key', 'obj', 'use', 'optional', 'explicit', 'implicit', 'def', 'choice',
-  'any', 'contains'
-].concat(tags);
-
-// Overrided methods list
-const overrided = [
-  '_peekTag', '_decodeTag', '_use',
-  '_decodeStr', '_decodeObjid', '_decodeTime',
-  '_decodeNull', '_decodeInt', '_decodeBool', '_decodeList',
-
-  '_encodeComposite', '_encodeStr', '_encodeObjid', '_encodeTime',
-  '_encodeNull', '_encodeInt', '_encodeBool'
-];
-
-function Node(enc, parent, name) {
-  const state = {};
-  this._baseState = state;
-
-  state.name = name;
-  state.enc = enc;
-
-  state.parent = parent || null;
-  state.children = null;
-
-  // State
-  state.tag = null;
-  state.args = null;
-  state.reverseArgs = null;
-  state.choice = null;
-  state.optional = false;
-  state.any = false;
-  state.obj = false;
-  state.use = null;
-  state.useDecoder = null;
-  state.key = null;
-  state['default'] = null;
-  state.explicit = null;
-  state.implicit = null;
-  state.contains = null;
-
-  // Should create new instance on each method
-  if (!state.parent) {
-    state.children = [];
-    this._wrap();
-  }
-}
-module.exports = Node;
-
-const stateProps = [
-  'enc', 'parent', 'children', 'tag', 'args', 'reverseArgs', 'choice',
-  'optional', 'any', 'obj', 'use', 'alteredUse', 'key', 'default', 'explicit',
-  'implicit', 'contains'
-];
-
-Node.prototype.clone = function clone() {
-  const state = this._baseState;
-  const cstate = {};
-  stateProps.forEach(function(prop) {
-    cstate[prop] = state[prop];
-  });
-  const res = new this.constructor(cstate.parent);
-  res._baseState = cstate;
-  return res;
-};
-
-Node.prototype._wrap = function wrap() {
-  const state = this._baseState;
-  methods.forEach(function(method) {
-    this[method] = function _wrappedMethod() {
-      const clone = new this.constructor(this);
-      state.children.push(clone);
-      return clone[method].apply(clone, arguments);
-    };
-  }, this);
-};
-
-Node.prototype._init = function init(body) {
-  const state = this._baseState;
-
-  assert(state.parent === null);
-  body.call(this);
-
-  // Filter children
-  state.children = state.children.filter(function(child) {
-    return child._baseState.parent === this;
-  }, this);
-  assert.equal(state.children.length, 1, 'Root node can have only one child');
-};
-
-Node.prototype._useArgs = function useArgs(args) {
-  const state = this._baseState;
-
-  // Filter children and args
-  const children = args.filter(function(arg) {
-    return arg instanceof this.constructor;
-  }, this);
-  args = args.filter(function(arg) {
-    return !(arg instanceof this.constructor);
-  }, this);
-
-  if (children.length !== 0) {
-    assert(state.children === null);
-    state.children = children;
-
-    // Replace parent to maintain backward link
-    children.forEach(function(child) {
-      child._baseState.parent = this;
-    }, this);
-  }
-  if (args.length !== 0) {
-    assert(state.args === null);
-    state.args = args;
-    state.reverseArgs = args.map(function(arg) {
-      if (typeof arg !== 'object' || arg.constructor !== Object)
-        return arg;
-
-      const res = {};
-      Object.keys(arg).forEach(function(key) {
-        if (key == (key | 0))
-          key |= 0;
-        const value = arg[key];
-        res[value] = key;
-      });
-      return res;
-    });
-  }
-};
-
-//
-// Overrided methods
-//
-
-overrided.forEach(function(method) {
-  Node.prototype[method] = function _overrided() {
-    const state = this._baseState;
-    throw new Error(method + ' not implemented for encoding: ' + state.enc);
-  };
-});
-
-//
-// Public methods
-//
-
-tags.forEach(function(tag) {
-  Node.prototype[tag] = function _tagMethod() {
-    const state = this._baseState;
-    const args = Array.prototype.slice.call(arguments);
-
-    assert(state.tag === null);
-    state.tag = tag;
-
-    this._useArgs(args);
-
-    return this;
-  };
-});
-
-Node.prototype.use = function use(item) {
-  assert(item);
-  const state = this._baseState;
-
-  assert(state.use === null);
-  state.use = item;
-
-  return this;
-};
-
-Node.prototype.optional = function optional() {
-  const state = this._baseState;
-
-  state.optional = true;
-
-  return this;
-};
-
-Node.prototype.def = function def(val) {
-  const state = this._baseState;
-
-  assert(state['default'] === null);
-  state['default'] = val;
-  state.optional = true;
-
-  return this;
-};
-
-Node.prototype.explicit = function explicit(num) {
-  const state = this._baseState;
-
-  assert(state.explicit === null && state.implicit === null);
-  state.explicit = num;
-
-  return this;
-};
-
-Node.prototype.implicit = function implicit(num) {
-  const state = this._baseState;
-
-  assert(state.explicit === null && state.implicit === null);
-  state.implicit = num;
-
-  return this;
-};
-
-Node.prototype.obj = function obj() {
-  const state = this._baseState;
-  const args = Array.prototype.slice.call(arguments);
-
-  state.obj = true;
-
-  if (args.length !== 0)
-    this._useArgs(args);
-
-  return this;
-};
-
-Node.prototype.key = function key(newKey) {
-  const state = this._baseState;
-
-  assert(state.key === null);
-  state.key = newKey;
-
-  return this;
-};
-
-Node.prototype.any = function any() {
-  const state = this._baseState;
-
-  state.any = true;
-
-  return this;
-};
-
-Node.prototype.choice = function choice(obj) {
-  const state = this._baseState;
-
-  assert(state.choice === null);
-  state.choice = obj;
-  this._useArgs(Object.keys(obj).map(function(key) {
-    return obj[key];
-  }));
-
-  return this;
-};
-
-Node.prototype.contains = function contains(item) {
-  const state = this._baseState;
-
-  assert(state.use === null);
-  state.contains = item;
-
-  return this;
-};
-
-//
-// Decoding
-//
-
-Node.prototype._decode = function decode(input, options) {
-  const state = this._baseState;
-
-  // Decode root node
-  if (state.parent === null)
-    return input.wrapResult(state.children[0]._decode(input, options));
-
-  let result = state['default'];
-  let present = true;
-
-  let prevKey = null;
-  if (state.key !== null)
-    prevKey = input.enterKey(state.key);
-
-  // Check if tag is there
-  if (state.optional) {
-    let tag = null;
-    if (state.explicit !== null)
-      tag = state.explicit;
-    else if (state.implicit !== null)
-      tag = state.implicit;
-    else if (state.tag !== null)
-      tag = state.tag;
-
-    if (tag === null && !state.any) {
-      // Trial and Error
-      const save = input.save();
-      try {
-        if (state.choice === null)
-          this._decodeGeneric(state.tag, input, options);
-        else
-          this._decodeChoice(input, options);
-        present = true;
-      } catch (e) {
-        present = false;
-      }
-      input.restore(save);
-    } else {
-      present = this._peekTag(input, tag, state.any);
-
-      if (input.isError(present))
-        return present;
-    }
-  }
-
-  // Push object on stack
-  let prevObj;
-  if (state.obj && present)
-    prevObj = input.enterObject();
-
-  if (present) {
-    // Unwrap explicit values
-    if (state.explicit !== null) {
-      const explicit = this._decodeTag(input, state.explicit);
-      if (input.isError(explicit))
-        return explicit;
-      input = explicit;
-    }
-
-    const start = input.offset;
-
-    // Unwrap implicit and normal values
-    if (state.use === null && state.choice === null) {
-      let save;
-      if (state.any)
-        save = input.save();
-      const body = this._decodeTag(
-        input,
-        state.implicit !== null ? state.implicit : state.tag,
-        state.any
-      );
-      if (input.isError(body))
-        return body;
-
-      if (state.any)
-        result = input.raw(save);
-      else
-        input = body;
-    }
-
-    if (options && options.track && state.tag !== null)
-      options.track(input.path(), start, input.length, 'tagged');
-
-    if (options && options.track && state.tag !== null)
-      options.track(input.path(), input.offset, input.length, 'content');
-
-    // Select proper method for tag
-    if (state.any) {
-      // no-op
-    } else if (state.choice === null) {
-      result = this._decodeGeneric(state.tag, input, options);
-    } else {
-      result = this._decodeChoice(input, options);
-    }
-
-    if (input.isError(result))
-      return result;
-
-    // Decode children
-    if (!state.any && state.choice === null && state.children !== null) {
-      state.children.forEach(function decodeChildren(child) {
-        // NOTE: We are ignoring errors here, to let parser continue with other
-        // parts of encoded data
-        child._decode(input, options);
-      });
-    }
-
-    // Decode contained/encoded by schema, only in bit or octet strings
-    if (state.contains && (state.tag === 'octstr' || state.tag === 'bitstr')) {
-      const data = new DecoderBuffer(result);
-      result = this._getUse(state.contains, input._reporterState.obj)
-        ._decode(data, options);
-    }
-  }
-
-  // Pop object
-  if (state.obj && present)
-    result = input.leaveObject(prevObj);
-
-  // Set key
-  if (state.key !== null && (result !== null || present === true))
-    input.leaveKey(prevKey, state.key, result);
-  else if (prevKey !== null)
-    input.exitKey(prevKey);
-
-  return result;
-};
-
-Node.prototype._decodeGeneric = function decodeGeneric(tag, input, options) {
-  const state = this._baseState;
-
-  if (tag === 'seq' || tag === 'set')
-    return null;
-  if (tag === 'seqof' || tag === 'setof')
-    return this._decodeList(input, tag, state.args[0], options);
-  else if (/str$/.test(tag))
-    return this._decodeStr(input, tag, options);
-  else if (tag === 'objid' && state.args)
-    return this._decodeObjid(input, state.args[0], state.args[1], options);
-  else if (tag === 'objid')
-    return this._decodeObjid(input, null, null, options);
-  else if (tag === 'gentime' || tag === 'utctime')
-    return this._decodeTime(input, tag, options);
-  else if (tag === 'null_')
-    return this._decodeNull(input, options);
-  else if (tag === 'bool')
-    return this._decodeBool(input, options);
-  else if (tag === 'objDesc')
-    return this._decodeStr(input, tag, options);
-  else if (tag === 'int' || tag === 'enum')
-    return this._decodeInt(input, state.args && state.args[0], options);
-
-  if (state.use !== null) {
-    return this._getUse(state.use, input._reporterState.obj)
-      ._decode(input, options);
-  } else {
-    return input.error('unknown tag: ' + tag);
-  }
-};
-
-Node.prototype._getUse = function _getUse(entity, obj) {
-
-  const state = this._baseState;
-  // Create altered use decoder if implicit is set
-  state.useDecoder = this._use(entity, obj);
-  assert(state.useDecoder._baseState.parent === null);
-  state.useDecoder = state.useDecoder._baseState.children[0];
-  if (state.implicit !== state.useDecoder._baseState.implicit) {
-    state.useDecoder = state.useDecoder.clone();
-    state.useDecoder._baseState.implicit = state.implicit;
-  }
-  return state.useDecoder;
-};
-
-Node.prototype._decodeChoice = function decodeChoice(input, options) {
-  const state = this._baseState;
-  let result = null;
-  let match = false;
-
-  Object.keys(state.choice).some(function(key) {
-    const save = input.save();
-    const node = state.choice[key];
-    try {
-      const value = node._decode(input, options);
-      if (input.isError(value))
-        return false;
-
-      result = { type: key, value: value };
-      match = true;
-    } catch (e) {
-      input.restore(save);
-      return false;
-    }
-    return true;
-  }, this);
-
-  if (!match)
-    return input.error('Choice not matched');
-
-  return result;
-};
-
-//
-// Encoding
-//
-
-Node.prototype._createEncoderBuffer = function createEncoderBuffer(data) {
-  return new EncoderBuffer(data, this.reporter);
-};
-
-Node.prototype._encode = function encode(data, reporter, parent) {
-  const state = this._baseState;
-  if (state['default'] !== null && state['default'] === data)
-    return;
-
-  const result = this._encodeValue(data, reporter, parent);
-  if (result === undefined)
-    return;
-
-  if (this._skipDefault(result, reporter, parent))
-    return;
-
-  return result;
-};
-
-Node.prototype._encodeValue = function encode(data, reporter, parent) {
-  const state = this._baseState;
-
-  // Decode root node
-  if (state.parent === null)
-    return state.children[0]._encode(data, reporter || new Reporter());
-
-  let result = null;
-
-  // Set reporter to share it with a child class
-  this.reporter = reporter;
-
-  // Check if data is there
-  if (state.optional && data === undefined) {
-    if (state['default'] !== null)
-      data = state['default'];
-    else
-      return;
-  }
-
-  // Encode children first
-  let content = null;
-  let primitive = false;
-  if (state.any) {
-    // Anything that was given is translated to buffer
-    result = this._createEncoderBuffer(data);
-  } else if (state.choice) {
-    result = this._encodeChoice(data, reporter);
-  } else if (state.contains) {
-    content = this._getUse(state.contains, parent)._encode(data, reporter);
-    primitive = true;
-  } else if (state.children) {
-    content = state.children.map(function(child) {
-      if (child._baseState.tag === 'null_')
-        return child._encode(null, reporter, data);
-
-      if (child._baseState.key === null)
-        return reporter.error('Child should have a key');
-      const prevKey = reporter.enterKey(child._baseState.key);
-
-      if (typeof data !== 'object')
-        return reporter.error('Child expected, but input is not object');
-
-      const res = child._encode(data[child._baseState.key], reporter, data);
-      reporter.leaveKey(prevKey);
-
-      return res;
-    }, this).filter(function(child) {
-      return child;
-    });
-    content = this._createEncoderBuffer(content);
-  } else {
-    if (state.tag === 'seqof' || state.tag === 'setof') {
-      // TODO(indutny): this should be thrown on DSL level
-      if (!(state.args && state.args.length === 1))
-        return reporter.error('Too many args for : ' + state.tag);
-
-      if (!Array.isArray(data))
-        return reporter.error('seqof/setof, but data is not Array');
-
-      const child = this.clone();
-      child._baseState.implicit = null;
-      content = this._createEncoderBuffer(data.map(function(item) {
-        const state = this._baseState;
-
-        return this._getUse(state.args[0], data)._encode(item, reporter);
-      }, child));
-    } else if (state.use !== null) {
-      result = this._getUse(state.use, parent)._encode(data, reporter);
-    } else {
-      content = this._encodePrimitive(state.tag, data);
-      primitive = true;
-    }
-  }
-
-  // Encode data itself
-  if (!state.any && state.choice === null) {
-    const tag = state.implicit !== null ? state.implicit : state.tag;
-    const cls = state.implicit === null ? 'universal' : 'context';
-
-    if (tag === null) {
-      if (state.use === null)
-        reporter.error('Tag could be omitted only for .use()');
-    } else {
-      if (state.use === null)
-        result = this._encodeComposite(tag, primitive, cls, content);
-    }
-  }
-
-  // Wrap in explicit
-  if (state.explicit !== null)
-    result = this._encodeComposite(state.explicit, false, 'context', result);
-
-  return result;
-};
-
-Node.prototype._encodeChoice = function encodeChoice(data, reporter) {
-  const state = this._baseState;
-
-  const node = state.choice[data.type];
-  if (!node) {
-    assert(
-      false,
-      data.type + ' not found in ' +
-            JSON.stringify(Object.keys(state.choice)));
-  }
-  return node._encode(data.value, reporter);
-};
-
-Node.prototype._encodePrimitive = function encodePrimitive(tag, data) {
-  const state = this._baseState;
-
-  if (/str$/.test(tag))
-    return this._encodeStr(data, tag);
-  else if (tag === 'objid' && state.args)
-    return this._encodeObjid(data, state.reverseArgs[0], state.args[1]);
-  else if (tag === 'objid')
-    return this._encodeObjid(data, null, null);
-  else if (tag === 'gentime' || tag === 'utctime')
-    return this._encodeTime(data, tag);
-  else if (tag === 'null_')
-    return this._encodeNull();
-  else if (tag === 'int' || tag === 'enum')
-    return this._encodeInt(data, state.args && state.reverseArgs[0]);
-  else if (tag === 'bool')
-    return this._encodeBool(data);
-  else if (tag === 'objDesc')
-    return this._encodeStr(data, tag);
-  else
-    throw new Error('Unsupported tag: ' + tag);
-};
-
-Node.prototype._isNumstr = function isNumstr(str) {
-  return /^[0-9 ]*$/.test(str);
-};
-
-Node.prototype._isPrintstr = function isPrintstr(str) {
-  return /^[A-Za-z0-9 '()+,-./:=?]*$/.test(str);
-};

dist/node_modules/asn1.js/lib/asn1/base/reporter.js

@@ -1,123 +0,0 @@
-'use strict';
-
-const inherits = require('inherits');
-
-function Reporter(options) {
-  this._reporterState = {
-    obj: null,
-    path: [],
-    options: options || {},
-    errors: []
-  };
-}
-exports.Reporter = Reporter;
-
-Reporter.prototype.isError = function isError(obj) {
-  return obj instanceof ReporterError;
-};
-
-Reporter.prototype.save = function save() {
-  const state = this._reporterState;
-
-  return { obj: state.obj, pathLen: state.path.length };
-};
-
-Reporter.prototype.restore = function restore(data) {
-  const state = this._reporterState;
-
-  state.obj = data.obj;
-  state.path = state.path.slice(0, data.pathLen);
-};
-
-Reporter.prototype.enterKey = function enterKey(key) {
-  return this._reporterState.path.push(key);
-};
-
-Reporter.prototype.exitKey = function exitKey(index) {
-  const state = this._reporterState;
-
-  state.path = state.path.slice(0, index - 1);
-};
-
-Reporter.prototype.leaveKey = function leaveKey(index, key, value) {
-  const state = this._reporterState;
-
-  this.exitKey(index);
-  if (state.obj !== null)
-    state.obj[key] = value;
-};
-
-Reporter.prototype.path = function path() {
-  return this._reporterState.path.join('/');
-};
-
-Reporter.prototype.enterObject = function enterObject() {
-  const state = this._reporterState;
-
-  const prev = state.obj;
-  state.obj = {};
-  return prev;
-};
-
-Reporter.prototype.leaveObject = function leaveObject(prev) {
-  const state = this._reporterState;
-
-  const now = state.obj;
-  state.obj = prev;
-  return now;
-};
-
-Reporter.prototype.error = function error(msg) {
-  let err;
-  const state = this._reporterState;
-
-  const inherited = msg instanceof ReporterError;
-  if (inherited) {
-    err = msg;
-  } else {
-    err = new ReporterError(state.path.map(function(elem) {
-      return '[' + JSON.stringify(elem) + ']';
-    }).join(''), msg.message || msg, msg.stack);
-  }
-
-  if (!state.options.partial)
-    throw err;
-
-  if (!inherited)
-    state.errors.push(err);
-
-  return err;
-};
-
-Reporter.prototype.wrapResult = function wrapResult(result) {
-  const state = this._reporterState;
-  if (!state.options.partial)
-    return result;
-
-  return {
-    result: this.isError(result) ? null : result,
-    errors: state.errors
-  };
-};
-
-function ReporterError(path, msg) {
-  this.path = path;
-  this.rethrow(msg);
-}
-inherits(ReporterError, Error);
-
-ReporterError.prototype.rethrow = function rethrow(msg) {
-  this.message = msg + ' at: ' + (this.path || '(shallow)');
-  if (Error.captureStackTrace)
-    Error.captureStackTrace(this, ReporterError);
-
-  if (!this.stack) {
-    try {
-      // IE only adds stack when thrown
-      throw new Error(this.message);
-    } catch (e) {
-      this.stack = e.stack;
-    }
-  }
-  return this;
-};

dist/node_modules/asn1.js/lib/asn1/constants/der.js

@@ -1,58 +0,0 @@
-'use strict';
-
-// Helper
-function reverse(map) {
-  const res = {};
-
-  Object.keys(map).forEach(function(key) {
-    // Convert key to integer if it is stringified
-    if ((key | 0) == key)
-      key = key | 0;
-
-    const value = map[key];
-    res[value] = key;
-  });
-
-  return res;
-}
-
-exports.tagClass = {
-  0: 'universal',
-  1: 'application',
-  2: 'context',
-  3: 'private'
-};
-exports.tagClassByName = reverse(exports.tagClass);
-
-exports.tag = {
-  0x00: 'end',
-  0x01: 'bool',
-  0x02: 'int',
-  0x03: 'bitstr',
-  0x04: 'octstr',
-  0x05: 'null_',
-  0x06: 'objid',
-  0x07: 'objDesc',
-  0x08: 'external',
-  0x09: 'real',
-  0x0a: 'enum',
-  0x0b: 'embed',
-  0x0c: 'utf8str',
-  0x0d: 'relativeOid',
-  0x10: 'seq',
-  0x11: 'set',
-  0x12: 'numstr',
-  0x13: 'printstr',
-  0x14: 't61str',
-  0x15: 'videostr',
-  0x16: 'ia5str',
-  0x17: 'utctime',
-  0x18: 'gentime',
-  0x19: 'graphstr',
-  0x1a: 'iso646str',
-  0x1b: 'genstr',
-  0x1c: 'unistr',
-  0x1d: 'charstr',
-  0x1e: 'bmpstr'
-};
-exports.tagByName = reverse(exports.tag);

dist/node_modules/asn1.js/lib/asn1/constants/index.js

@@ -1,21 +0,0 @@
-'use strict';
-
-const constants = exports;
-
-// Helper
-constants._reverse = function reverse(map) {
-  const res = {};
-
-  Object.keys(map).forEach(function(key) {
-    // Convert key to integer if it is stringified
-    if ((key | 0) == key)
-      key = key | 0;
-
-    const value = map[key];
-    res[value] = key;
-  });
-
-  return res;
-};
-
-constants.der = require('./der');

dist/node_modules/asn1.js/lib/asn1/decoders/der.js

@@ -1,335 +0,0 @@
-'use strict';
-
-const inherits = require('inherits');
-
-const bignum = require('bn.js');
-const DecoderBuffer = require('../base/buffer').DecoderBuffer;
-const Node = require('../base/node');
-
-// Import DER constants
-const der = require('../constants/der');
-
-function DERDecoder(entity) {
-  this.enc = 'der';
-  this.name = entity.name;
-  this.entity = entity;
-
-  // Construct base tree
-  this.tree = new DERNode();
-  this.tree._init(entity.body);
-}
-module.exports = DERDecoder;
-
-DERDecoder.prototype.decode = function decode(data, options) {
-  if (!DecoderBuffer.isDecoderBuffer(data)) {
-    data = new DecoderBuffer(data, options);
-  }
-
-  return this.tree._decode(data, options);
-};
-
-// Tree methods
-
-function DERNode(parent) {
-  Node.call(this, 'der', parent);
-}
-inherits(DERNode, Node);
-
-DERNode.prototype._peekTag = function peekTag(buffer, tag, any) {
-  if (buffer.isEmpty())
-    return false;
-
-  const state = buffer.save();
-  const decodedTag = derDecodeTag(buffer, 'Failed to peek tag: "' + tag + '"');
-  if (buffer.isError(decodedTag))
-    return decodedTag;
-
-  buffer.restore(state);
-
-  return decodedTag.tag === tag || decodedTag.tagStr === tag ||
-    (decodedTag.tagStr + 'of') === tag || any;
-};
-
-DERNode.prototype._decodeTag = function decodeTag(buffer, tag, any) {
-  const decodedTag = derDecodeTag(buffer,
-    'Failed to decode tag of "' + tag + '"');
-  if (buffer.isError(decodedTag))
-    return decodedTag;
-
-  let len = derDecodeLen(buffer,
-    decodedTag.primitive,
-    'Failed to get length of "' + tag + '"');
-
-  // Failure
-  if (buffer.isError(len))
-    return len;
-
-  if (!any &&
-      decodedTag.tag !== tag &&
-      decodedTag.tagStr !== tag &&
-      decodedTag.tagStr + 'of' !== tag) {
-    return buffer.error('Failed to match tag: "' + tag + '"');
-  }
-
-  if (decodedTag.primitive || len !== null)
-    return buffer.skip(len, 'Failed to match body of: "' + tag + '"');
-
-  // Indefinite length... find END tag
-  const state = buffer.save();
-  const res = this._skipUntilEnd(
-    buffer,
-    'Failed to skip indefinite length body: "' + this.tag + '"');
-  if (buffer.isError(res))
-    return res;
-
-  len = buffer.offset - state.offset;
-  buffer.restore(state);
-  return buffer.skip(len, 'Failed to match body of: "' + tag + '"');
-};
-
-DERNode.prototype._skipUntilEnd = function skipUntilEnd(buffer, fail) {
-  for (;;) {
-    const tag = derDecodeTag(buffer, fail);
-    if (buffer.isError(tag))
-      return tag;
-    const len = derDecodeLen(buffer, tag.primitive, fail);
-    if (buffer.isError(len))
-      return len;
-
-    let res;
-    if (tag.primitive || len !== null)
-      res = buffer.skip(len);
-    else
-      res = this._skipUntilEnd(buffer, fail);
-
-    // Failure
-    if (buffer.isError(res))
-      return res;
-
-    if (tag.tagStr === 'end')
-      break;
-  }
-};
-
-DERNode.prototype._decodeList = function decodeList(buffer, tag, decoder,
-  options) {
-  const result = [];
-  while (!buffer.isEmpty()) {
-    const possibleEnd = this._peekTag(buffer, 'end');
-    if (buffer.isError(possibleEnd))
-      return possibleEnd;
-
-    const res = decoder.decode(buffer, 'der', options);
-    if (buffer.isError(res) && possibleEnd)
-      break;
-    result.push(res);
-  }
-  return result;
-};
-
-DERNode.prototype._decodeStr = function decodeStr(buffer, tag) {
-  if (tag === 'bitstr') {
-    const unused = buffer.readUInt8();
-    if (buffer.isError(unused))
-      return unused;
-    return { unused: unused, data: buffer.raw() };
-  } else if (tag === 'bmpstr') {
-    const raw = buffer.raw();
-    if (raw.length % 2 === 1)
-      return buffer.error('Decoding of string type: bmpstr length mismatch');
-
-    let str = '';
-    for (let i = 0; i < raw.length / 2; i++) {
-      str += String.fromCharCode(raw.readUInt16BE(i * 2));
-    }
-    return str;
-  } else if (tag === 'numstr') {
-    const numstr = buffer.raw().toString('ascii');
-    if (!this._isNumstr(numstr)) {
-      return buffer.error('Decoding of string type: ' +
-                          'numstr unsupported characters');
-    }
-    return numstr;
-  } else if (tag === 'octstr') {
-    return buffer.raw();
-  } else if (tag === 'objDesc') {
-    return buffer.raw();
-  } else if (tag === 'printstr') {
-    const printstr = buffer.raw().toString('ascii');
-    if (!this._isPrintstr(printstr)) {
-      return buffer.error('Decoding of string type: ' +
-                          'printstr unsupported characters');
-    }
-    return printstr;
-  } else if (/str$/.test(tag)) {
-    return buffer.raw().toString();
-  } else {
-    return buffer.error('Decoding of string type: ' + tag + ' unsupported');
-  }
-};
-
-DERNode.prototype._decodeObjid = function decodeObjid(buffer, values, relative) {
-  let result;
-  const identifiers = [];
-  let ident = 0;
-  let subident = 0;
-  while (!buffer.isEmpty()) {
-    subident = buffer.readUInt8();
-    ident <<= 7;
-    ident |= subident & 0x7f;
-    if ((subident & 0x80) === 0) {
-      identifiers.push(ident);
-      ident = 0;
-    }
-  }
-  if (subident & 0x80)
-    identifiers.push(ident);
-
-  const first = (identifiers[0] / 40) | 0;
-  const second = identifiers[0] % 40;
-
-  if (relative)
-    result = identifiers;
-  else
-    result = [first, second].concat(identifiers.slice(1));
-
-  if (values) {
-    let tmp = values[result.join(' ')];
-    if (tmp === undefined)
-      tmp = values[result.join('.')];
-    if (tmp !== undefined)
-      result = tmp;
-  }
-
-  return result;
-};
-
-DERNode.prototype._decodeTime = function decodeTime(buffer, tag) {
-  const str = buffer.raw().toString();
-
-  let year;
-  let mon;
-  let day;
-  let hour;
-  let min;
-  let sec;
-  if (tag === 'gentime') {
-    year = str.slice(0, 4) | 0;
-    mon = str.slice(4, 6) | 0;
-    day = str.slice(6, 8) | 0;
-    hour = str.slice(8, 10) | 0;
-    min = str.slice(10, 12) | 0;
-    sec = str.slice(12, 14) | 0;
-  } else if (tag === 'utctime') {
-    year = str.slice(0, 2) | 0;
-    mon = str.slice(2, 4) | 0;
-    day = str.slice(4, 6) | 0;
-    hour = str.slice(6, 8) | 0;
-    min = str.slice(8, 10) | 0;
-    sec = str.slice(10, 12) | 0;
-    if (year < 70)
-      year = 2000 + year;
-    else
-      year = 1900 + year;
-  } else {
-    return buffer.error('Decoding ' + tag + ' time is not supported yet');
-  }
-
-  return Date.UTC(year, mon - 1, day, hour, min, sec, 0);
-};
-
-DERNode.prototype._decodeNull = function decodeNull() {
-  return null;
-};
-
-DERNode.prototype._decodeBool = function decodeBool(buffer) {
-  const res = buffer.readUInt8();
-  if (buffer.isError(res))
-    return res;
-  else
-    return res !== 0;
-};
-
-DERNode.prototype._decodeInt = function decodeInt(buffer, values) {
-  // Bigint, return as it is (assume big endian)
-  const raw = buffer.raw();
-  let res = new bignum(raw);
-
-  if (values)
-    res = values[res.toString(10)] || res;
-
-  return res;
-};
-
-DERNode.prototype._use = function use(entity, obj) {
-  if (typeof entity === 'function')
-    entity = entity(obj);
-  return entity._getDecoder('der').tree;
-};
-
-// Utility methods
-
-function derDecodeTag(buf, fail) {
-  let tag = buf.readUInt8(fail);
-  if (buf.isError(tag))
-    return tag;
-
-  const cls = der.tagClass[tag >> 6];
-  const primitive = (tag & 0x20) === 0;
-
-  // Multi-octet tag - load
-  if ((tag & 0x1f) === 0x1f) {
-    let oct = tag;
-    tag = 0;
-    while ((oct & 0x80) === 0x80) {
-      oct = buf.readUInt8(fail);
-      if (buf.isError(oct))
-        return oct;
-
-      tag <<= 7;
-      tag |= oct & 0x7f;
-    }
-  } else {
-    tag &= 0x1f;
-  }
-  const tagStr = der.tag[tag];
-
-  return {
-    cls: cls,
-    primitive: primitive,
-    tag: tag,
-    tagStr: tagStr
-  };
-}
-
-function derDecodeLen(buf, primitive, fail) {
-  let len = buf.readUInt8(fail);
-  if (buf.isError(len))
-    return len;
-
-  // Indefinite form
-  if (!primitive && len === 0x80)
-    return null;
-
-  // Definite form
-  if ((len & 0x80) === 0) {
-    // Short form
-    return len;
-  }
-
-  // Long form
-  const num = len & 0x7f;
-  if (num > 4)
-    return buf.error('length octect is too long');
-
-  len = 0;
-  for (let i = 0; i < num; i++) {
-    len <<= 8;
-    const j = buf.readUInt8(fail);
-    if (buf.isError(j))
-      return j;
-    len |= j;
-  }
-
-  return len;
-}

dist/node_modules/asn1.js/lib/asn1/decoders/index.js

@@ -1,6 +0,0 @@
-'use strict';
-
-const decoders = exports;
-
-decoders.der = require('./der');
-decoders.pem = require('./pem');

dist/node_modules/asn1.js/lib/asn1/decoders/pem.js

@@ -1,51 +0,0 @@
-'use strict';
-
-const inherits = require('inherits');
-const Buffer = require('safer-buffer').Buffer;
-
-const DERDecoder = require('./der');
-
-function PEMDecoder(entity) {
-  DERDecoder.call(this, entity);
-  this.enc = 'pem';
-}
-inherits(PEMDecoder, DERDecoder);
-module.exports = PEMDecoder;
-
-PEMDecoder.prototype.decode = function decode(data, options) {
-  const lines = data.toString().split(/[\r\n]+/g);
-
-  const label = options.label.toUpperCase();
-
-  const re = /^-----(BEGIN|END) ([^-]+)-----$/;
-  let start = -1;
-  let end = -1;
-  for (let i = 0; i < lines.length; i++) {
-    const match = lines[i].match(re);
-    if (match === null)
-      continue;
-
-    if (match[2] !== label)
-      continue;
-
-    if (start === -1) {
-      if (match[1] !== 'BEGIN')
-        break;
-      start = i;
-    } else {
-      if (match[1] !== 'END')
-        break;
-      end = i;
-      break;
-    }
-  }
-  if (start === -1 || end === -1)
-    throw new Error('PEM section not found for: ' + label);
-
-  const base64 = lines.slice(start + 1, end).join('');
-  // Remove excessive symbols
-  base64.replace(/[^a-z0-9+/=]+/gi, '');
-
-  const input = Buffer.from(base64, 'base64');
-  return DERDecoder.prototype.decode.call(this, input, options);
-};

dist/node_modules/asn1.js/lib/asn1/encoders/der.js

@@ -1,295 +0,0 @@
-'use strict';
-
-const inherits = require('inherits');
-const Buffer = require('safer-buffer').Buffer;
-const Node = require('../base/node');
-
-// Import DER constants
-const der = require('../constants/der');
-
-function DEREncoder(entity) {
-  this.enc = 'der';
-  this.name = entity.name;
-  this.entity = entity;
-
-  // Construct base tree
-  this.tree = new DERNode();
-  this.tree._init(entity.body);
-}
-module.exports = DEREncoder;
-
-DEREncoder.prototype.encode = function encode(data, reporter) {
-  return this.tree._encode(data, reporter).join();
-};
-
-// Tree methods
-
-function DERNode(parent) {
-  Node.call(this, 'der', parent);
-}
-inherits(DERNode, Node);
-
-DERNode.prototype._encodeComposite = function encodeComposite(tag,
-  primitive,
-  cls,
-  content) {
-  const encodedTag = encodeTag(tag, primitive, cls, this.reporter);
-
-  // Short form
-  if (content.length < 0x80) {
-    const header = Buffer.alloc(2);
-    header[0] = encodedTag;
-    header[1] = content.length;
-    return this._createEncoderBuffer([ header, content ]);
-  }
-
-  // Long form
-  // Count octets required to store length
-  let lenOctets = 1;
-  for (let i = content.length; i >= 0x100; i >>= 8)
-    lenOctets++;
-
-  const header = Buffer.alloc(1 + 1 + lenOctets);
-  header[0] = encodedTag;
-  header[1] = 0x80 | lenOctets;
-
-  for (let i = 1 + lenOctets, j = content.length; j > 0; i--, j >>= 8)
-    header[i] = j & 0xff;
-
-  return this._createEncoderBuffer([ header, content ]);
-};
-
-DERNode.prototype._encodeStr = function encodeStr(str, tag) {
-  if (tag === 'bitstr') {
-    return this._createEncoderBuffer([ str.unused | 0, str.data ]);
-  } else if (tag === 'bmpstr') {
-    const buf = Buffer.alloc(str.length * 2);
-    for (let i = 0; i < str.length; i++) {
-      buf.writeUInt16BE(str.charCodeAt(i), i * 2);
-    }
-    return this._createEncoderBuffer(buf);
-  } else if (tag === 'numstr') {
-    if (!this._isNumstr(str)) {
-      return this.reporter.error('Encoding of string type: numstr supports ' +
-                                 'only digits and space');
-    }
-    return this._createEncoderBuffer(str);
-  } else if (tag === 'printstr') {
-    if (!this._isPrintstr(str)) {
-      return this.reporter.error('Encoding of string type: printstr supports ' +
-                                 'only latin upper and lower case letters, ' +
-                                 'digits, space, apostrophe, left and rigth ' +
-                                 'parenthesis, plus sign, comma, hyphen, ' +
-                                 'dot, slash, colon, equal sign, ' +
-                                 'question mark');
-    }
-    return this._createEncoderBuffer(str);
-  } else if (/str$/.test(tag)) {
-    return this._createEncoderBuffer(str);
-  } else if (tag === 'objDesc') {
-    return this._createEncoderBuffer(str);
-  } else {
-    return this.reporter.error('Encoding of string type: ' + tag +
-                               ' unsupported');
-  }
-};
-
-DERNode.prototype._encodeObjid = function encodeObjid(id, values, relative) {
-  if (typeof id === 'string') {
-    if (!values)
-      return this.reporter.error('string objid given, but no values map found');
-    if (!values.hasOwnProperty(id))
-      return this.reporter.error('objid not found in values map');
-    id = values[id].split(/[\s.]+/g);
-    for (let i = 0; i < id.length; i++)
-      id[i] |= 0;
-  } else if (Array.isArray(id)) {
-    id = id.slice();
-    for (let i = 0; i < id.length; i++)
-      id[i] |= 0;
-  }
-
-  if (!Array.isArray(id)) {
-    return this.reporter.error('objid() should be either array or string, ' +
-                               'got: ' + JSON.stringify(id));
-  }
-
-  if (!relative) {
-    if (id[1] >= 40)
-      return this.reporter.error('Second objid identifier OOB');
-    id.splice(0, 2, id[0] * 40 + id[1]);
-  }
-
-  // Count number of octets
-  let size = 0;
-  for (let i = 0; i < id.length; i++) {
-    let ident = id[i];
-    for (size++; ident >= 0x80; ident >>= 7)
-      size++;
-  }
-
-  const objid = Buffer.alloc(size);
-  let offset = objid.length - 1;
-  for (let i = id.length - 1; i >= 0; i--) {
-    let ident = id[i];
-    objid[offset--] = ident & 0x7f;
-    while ((ident >>= 7) > 0)
-      objid[offset--] = 0x80 | (ident & 0x7f);
-  }
-
-  return this._createEncoderBuffer(objid);
-};
-
-function two(num) {
-  if (num < 10)
-    return '0' + num;
-  else
-    return num;
-}
-
-DERNode.prototype._encodeTime = function encodeTime(time, tag) {
-  let str;
-  const date = new Date(time);
-
-  if (tag === 'gentime') {
-    str = [
-      two(date.getUTCFullYear()),
-      two(date.getUTCMonth() + 1),
-      two(date.getUTCDate()),
-      two(date.getUTCHours()),
-      two(date.getUTCMinutes()),
-      two(date.getUTCSeconds()),
-      'Z'
-    ].join('');
-  } else if (tag === 'utctime') {
-    str = [
-      two(date.getUTCFullYear() % 100),
-      two(date.getUTCMonth() + 1),
-      two(date.getUTCDate()),
-      two(date.getUTCHours()),
-      two(date.getUTCMinutes()),
-      two(date.getUTCSeconds()),
-      'Z'
-    ].join('');
-  } else {
-    this.reporter.error('Encoding ' + tag + ' time is not supported yet');
-  }
-
-  return this._encodeStr(str, 'octstr');
-};
-
-DERNode.prototype._encodeNull = function encodeNull() {
-  return this._createEncoderBuffer('');
-};
-
-DERNode.prototype._encodeInt = function encodeInt(num, values) {
-  if (typeof num === 'string') {
-    if (!values)
-      return this.reporter.error('String int or enum given, but no values map');
-    if (!values.hasOwnProperty(num)) {
-      return this.reporter.error('Values map doesn\'t contain: ' +
-                                 JSON.stringify(num));
-    }
-    num = values[num];
-  }
-
-  // Bignum, assume big endian
-  if (typeof num !== 'number' && !Buffer.isBuffer(num)) {
-    const numArray = num.toArray();
-    if (!num.sign && numArray[0] & 0x80) {
-      numArray.unshift(0);
-    }
-    num = Buffer.from(numArray);
-  }
-
-  if (Buffer.isBuffer(num)) {
-    let size = num.length;
-    if (num.length === 0)
-      size++;
-
-    const out = Buffer.alloc(size);
-    num.copy(out);
-    if (num.length === 0)
-      out[0] = 0;
-    return this._createEncoderBuffer(out);
-  }
-
-  if (num < 0x80)
-    return this._createEncoderBuffer(num);
-
-  if (num < 0x100)
-    return this._createEncoderBuffer([0, num]);
-
-  let size = 1;
-  for (let i = num; i >= 0x100; i >>= 8)
-    size++;
-
-  const out = new Array(size);
-  for (let i = out.length - 1; i >= 0; i--) {
-    out[i] = num & 0xff;
-    num >>= 8;
-  }
-  if(out[0] & 0x80) {
-    out.unshift(0);
-  }
-
-  return this._createEncoderBuffer(Buffer.from(out));
-};
-
-DERNode.prototype._encodeBool = function encodeBool(value) {
-  return this._createEncoderBuffer(value ? 0xff : 0);
-};
-
-DERNode.prototype._use = function use(entity, obj) {
-  if (typeof entity === 'function')
-    entity = entity(obj);
-  return entity._getEncoder('der').tree;
-};
-
-DERNode.prototype._skipDefault = function skipDefault(dataBuffer, reporter, parent) {
-  const state = this._baseState;
-  let i;
-  if (state['default'] === null)
-    return false;
-
-  const data = dataBuffer.join();
-  if (state.defaultBuffer === undefined)
-    state.defaultBuffer = this._encodeValue(state['default'], reporter, parent).join();
-
-  if (data.length !== state.defaultBuffer.length)
-    return false;
-
-  for (i=0; i < data.length; i++)
-    if (data[i] !== state.defaultBuffer[i])
-      return false;
-
-  return true;
-};
-
-// Utility methods
-
-function encodeTag(tag, primitive, cls, reporter) {
-  let res;
-
-  if (tag === 'seqof')
-    tag = 'seq';
-  else if (tag === 'setof')
-    tag = 'set';
-
-  if (der.tagByName.hasOwnProperty(tag))
-    res = der.tagByName[tag];
-  else if (typeof tag === 'number' && (tag | 0) === tag)
-    res = tag;
-  else
-    return reporter.error('Unknown tag: ' + tag);
-
-  if (res >= 0x1f)
-    return reporter.error('Multi-octet tag encoding unsupported');
-
-  if (!primitive)
-    res |= 0x20;
-
-  res |= (der.tagClassByName[cls || 'universal'] << 6);
-
-  return res;
-}

dist/node_modules/asn1.js/lib/asn1/encoders/index.js

@@ -1,6 +0,0 @@
-'use strict';
-
-const encoders = exports;
-
-encoders.der = require('./der');
-encoders.pem = require('./pem');

dist/node_modules/asn1.js/lib/asn1/encoders/pem.js

@@ -1,23 +0,0 @@
-'use strict';
-
-const inherits = require('inherits');
-
-const DEREncoder = require('./der');
-
-function PEMEncoder(entity) {
-  DEREncoder.call(this, entity);
-  this.enc = 'pem';
-}
-inherits(PEMEncoder, DEREncoder);
-module.exports = PEMEncoder;
-
-PEMEncoder.prototype.encode = function encode(data, options) {
-  const buf = DEREncoder.prototype.encode.call(this, data);
-
-  const p = buf.toString('base64');
-  const out = [ '-----BEGIN ' + options.label + '-----' ];
-  for (let i = 0; i < p.length; i += 64)
-    out.push(p.slice(i, i + 64));
-  out.push('-----END ' + options.label + '-----');
-  return out.join('\n');
-};

dist/node_modules/asn1.js/package.json

@@ -1,63 +0,0 @@
-{
-  "_from": "asn1.js@^5.0.0",
-  "_id": "asn1.js@5.4.1",
-  "_inBundle": false,
-  "_integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==",
-  "_location": "/asn1.js",
-  "_phantomChildren": {},
-  "_requested": {
-    "type": "range",
-    "registry": true,
-    "raw": "asn1.js@^5.0.0",
-    "name": "asn1.js",
-    "escapedName": "asn1.js",
-    "rawSpec": "^5.0.0",
-    "saveSpec": null,
-    "fetchSpec": "^5.0.0"
-  },
-  "_requiredBy": [
-    "/openpgp"
-  ],
-  "_resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz",
-  "_shasum": "11a980b84ebb91781ce35b0fdc2ee294e3783f07",
-  "_spec": "asn1.js@^5.0.0",
-  "_where": "/Users/thomashu/src/github/codecov/codecov-action/node_modules/openpgp",
-  "author": {
-    "name": "Fedor Indutny"
-  },
-  "bugs": {
-    "url": "https://github.com/indutny/asn1.js/issues"
-  },
-  "bundleDependencies": false,
-  "dependencies": {
-    "bn.js": "^4.0.0",
-    "inherits": "^2.0.1",
-    "minimalistic-assert": "^1.0.0",
-    "safer-buffer": "^2.1.0"
-  },
-  "deprecated": false,
-  "description": "ASN.1 encoder and decoder",
-  "devDependencies": {
-    "eslint": "^4.10.0",
-    "mocha": "^7.0.0"
-  },
-  "homepage": "https://github.com/indutny/asn1.js",
-  "keywords": [
-    "asn.1",
-    "der"
-  ],
-  "license": "MIT",
-  "main": "lib/asn1.js",
-  "name": "asn1.js",
-  "repository": {
-    "type": "git",
-    "url": "git+ssh://git@github.com/indutny/asn1.js.git"
-  },
-  "scripts": {
-    "lint": "eslint --fix lib/*.js lib/**/*.js lib/**/**/*.js && npm run lint-2560 && npm run lint-5280",
-    "lint-2560": "eslint --fix rfc/2560/*.js rfc/2560/test/*.js",
-    "lint-5280": "eslint --fix rfc/5280/*.js rfc/5280/test/*.js",
-    "test": "mocha --reporter spec test/*-test.js && cd rfc/2560 && npm i && npm test && cd ../../rfc/5280 && npm i && npm test && cd ../../ && npm run lint"
-  },
-  "version": "5.4.1"
-}

dist/node_modules/bn.js/LICENSE

@@ -1,19 +0,0 @@
-Copyright Fedor Indutny, 2015.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

dist/node_modules/bn.js/README.md

@@ -1,200 +0,0 @@
-# <img src="./logo.png" alt="bn.js" width="160" height="160" />
-
-> BigNum in pure javascript
-
-[![Build Status](https://secure.travis-ci.org/indutny/bn.js.png)](http://travis-ci.org/indutny/bn.js)
-
-## Install
-`npm install --save bn.js`
-
-## Usage
-
-```js
-const BN = require('bn.js');
-
-var a = new BN('dead', 16);
-var b = new BN('101010', 2);
-
-var res = a.add(b);
-console.log(res.toString(10));  // 57047
-```
-
-**Note**: decimals are not supported in this library.
-
-## Notation
-
-### Prefixes
-
-There are several prefixes to instructions that affect the way the work. Here
-is the list of them in the order of appearance in the function name:
-
-* `i` - perform operation in-place, storing the result in the host object (on
-  which the method was invoked). Might be used to avoid number allocation costs
-* `u` - unsigned, ignore the sign of operands when performing operation, or
-  always return positive value. Second case applies to reduction operations
-  like `mod()`. In such cases if the result will be negative - modulo will be
-  added to the result to make it positive
-
-### Postfixes
-
-The only available postfix at the moment is:
-
-* `n` - which means that the argument of the function must be a plain JavaScript
-  Number. Decimals are not supported.
-
-### Examples
-
-* `a.iadd(b)` - perform addition on `a` and `b`, storing the result in `a`
-* `a.umod(b)` - reduce `a` modulo `b`, returning positive value
-* `a.iushln(13)` - shift bits of `a` left by 13
-
-## Instructions
-
-Prefixes/postfixes are put in parens at the of the line. `endian` - could be
-either `le` (little-endian) or `be` (big-endian).
-
-### Utilities
-
-* `a.clone()` - clone number
-* `a.toString(base, length)` - convert to base-string and pad with zeroes
-* `a.toNumber()` - convert to Javascript Number (limited to 53 bits)
-* `a.toJSON()` - convert to JSON compatible hex string (alias of `toString(16)`)
-* `a.toArray(endian, length)` - convert to byte `Array`, and optionally zero
-  pad to length, throwing if already exceeding
-* `a.toArrayLike(type, endian, length)` - convert to an instance of `type`,
-  which must behave like an `Array`
-* `a.toBuffer(endian, length)` - convert to Node.js Buffer (if available). For
-  compatibility with browserify and similar tools, use this instead:
-  `a.toArrayLike(Buffer, endian, length)`
-* `a.bitLength()` - get number of bits occupied
-* `a.zeroBits()` - return number of less-significant consequent zero bits
-  (example: `1010000` has 4 zero bits)
-* `a.byteLength()` - return number of bytes occupied
-* `a.isNeg()` - true if the number is negative
-* `a.isEven()` - no comments
-* `a.isOdd()` - no comments
-* `a.isZero()` - no comments
-* `a.cmp(b)` - compare numbers and return `-1` (a `<` b), `0` (a `==` b), or `1` (a `>` b)
-  depending on the comparison result (`ucmp`, `cmpn`)
-* `a.lt(b)` - `a` less than `b` (`n`)
-* `a.lte(b)` - `a` less than or equals `b` (`n`)
-* `a.gt(b)` - `a` greater than `b` (`n`)
-* `a.gte(b)` - `a` greater than or equals `b` (`n`)
-* `a.eq(b)` - `a` equals `b` (`n`)
-* `a.toTwos(width)` - convert to two's complement representation, where `width` is bit width
-* `a.fromTwos(width)` - convert from two's complement representation, where `width` is the bit width
-* `BN.isBN(object)` - returns true if the supplied `object` is a BN.js instance
-
-### Arithmetics
-
-* `a.neg()` - negate sign (`i`)
-* `a.abs()` - absolute value (`i`)
-* `a.add(b)` - addition (`i`, `n`, `in`)
-* `a.sub(b)` - subtraction (`i`, `n`, `in`)
-* `a.mul(b)` - multiply (`i`, `n`, `in`)
-* `a.sqr()` - square (`i`)
-* `a.pow(b)` - raise `a` to the power of `b`
-* `a.div(b)` - divide (`divn`, `idivn`)
-* `a.mod(b)` - reduct (`u`, `n`) (but no `umodn`)
-* `a.divRound(b)` - rounded division
-
-### Bit operations
-
-* `a.or(b)` - or (`i`, `u`, `iu`)
-* `a.and(b)` - and (`i`, `u`, `iu`, `andln`) (NOTE: `andln` is going to be replaced
-  with `andn` in future)
-* `a.xor(b)` - xor (`i`, `u`, `iu`)
-* `a.setn(b)` - set specified bit to `1`
-* `a.shln(b)` - shift left (`i`, `u`, `iu`)
-* `a.shrn(b)` - shift right (`i`, `u`, `iu`)
-* `a.testn(b)` - test if specified bit is set
-* `a.maskn(b)` - clear bits with indexes higher or equal to `b` (`i`)
-* `a.bincn(b)` - add `1 << b` to the number
-* `a.notn(w)` - not (for the width specified by `w`) (`i`)
-
-### Reduction
-
-* `a.gcd(b)` - GCD
-* `a.egcd(b)` - Extended GCD results (`{ a: ..., b: ..., gcd: ... }`)
-* `a.invm(b)` - inverse `a` modulo `b`
-
-## Fast reduction
-
-When doing lots of reductions using the same modulo, it might be beneficial to
-use some tricks: like [Montgomery multiplication][0], or using special algorithm
-for [Mersenne Prime][1].
-
-### Reduction context
-
-To enable this tricks one should create a reduction context:
-
-```js
-var red = BN.red(num);
-```
-where `num` is just a BN instance.
-
-Or:
-
-```js
-var red = BN.red(primeName);
-```
-
-Where `primeName` is either of these [Mersenne Primes][1]:
-
-* `'k256'`
-* `'p224'`
-* `'p192'`
-* `'p25519'`
-
-Or:
-
-```js
-var red = BN.mont(num);
-```
-
-To reduce numbers with [Montgomery trick][0]. `.mont()` is generally faster than
-`.red(num)`, but slower than `BN.red(primeName)`.
-
-### Converting numbers
-
-Before performing anything in reduction context - numbers should be converted
-to it. Usually, this means that one should:
-
-* Convert inputs to reducted ones
-* Operate on them in reduction context
-* Convert outputs back from the reduction context
-
-Here is how one may convert numbers to `red`:
-
-```js
-var redA = a.toRed(red);
-```
-Where `red` is a reduction context created using instructions above
-
-Here is how to convert them back:
-
-```js
-var a = redA.fromRed();
-```
-
-### Red instructions
-
-Most of the instructions from the very start of this readme have their
-counterparts in red context:
-
-* `a.redAdd(b)`, `a.redIAdd(b)`
-* `a.redSub(b)`, `a.redISub(b)`
-* `a.redShl(num)`
-* `a.redMul(b)`, `a.redIMul(b)`
-* `a.redSqr()`, `a.redISqr()`
-* `a.redSqrt()` - square root modulo reduction context's prime
-* `a.redInvm()` - modular inverse of the number
-* `a.redNeg()`
-* `a.redPow(b)` - modular exponentiation
-
-## LICENSE
-
-This software is licensed under the MIT License.
-
-[0]: https://en.wikipedia.org/wiki/Montgomery_modular_multiplication
-[1]: https://en.wikipedia.org/wiki/Mersenne_prime

dist/node_modules/bn.js/package.json

@@ -1,64 +0,0 @@
-{
-  "_from": "bn.js@^4.0.0",
-  "_id": "bn.js@4.12.0",
-  "_inBundle": false,
-  "_integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==",
-  "_location": "/bn.js",
-  "_phantomChildren": {},
-  "_requested": {
-    "type": "range",
-    "registry": true,
-    "raw": "bn.js@^4.0.0",
-    "name": "bn.js",
-    "escapedName": "bn.js",
-    "rawSpec": "^4.0.0",
-    "saveSpec": null,
-    "fetchSpec": "^4.0.0"
-  },
-  "_requiredBy": [
-    "/asn1.js"
-  ],
-  "_resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz",
-  "_shasum": "775b3f278efbb9718eec7361f483fb36fbbfea88",
-  "_spec": "bn.js@^4.0.0",
-  "_where": "/Users/thomashu/src/github/codecov/codecov-action/node_modules/asn1.js",
-  "author": {
-    "name": "Fedor Indutny",
-    "email": "fedor@indutny.com"
-  },
-  "browser": {
-    "buffer": false
-  },
-  "bugs": {
-    "url": "https://github.com/indutny/bn.js/issues"
-  },
-  "bundleDependencies": false,
-  "deprecated": false,
-  "description": "Big number implementation in pure javascript",
-  "devDependencies": {
-    "istanbul": "^0.3.5",
-    "mocha": "^2.1.0",
-    "semistandard": "^7.0.4"
-  },
-  "homepage": "https://github.com/indutny/bn.js",
-  "keywords": [
-    "BN",
-    "BigNum",
-    "Big number",
-    "Modulo",
-    "Montgomery"
-  ],
-  "license": "MIT",
-  "main": "lib/bn.js",
-  "name": "bn.js",
-  "repository": {
-    "type": "git",
-    "url": "git+ssh://git@github.com/indutny/bn.js.git"
-  },
-  "scripts": {
-    "lint": "semistandard",
-    "test": "npm run lint && npm run unit",
-    "unit": "mocha --reporter=spec test/*-test.js"
-  },
-  "version": "4.12.0"
-}

dist/node_modules/inherits/LICENSE

@@ -1,16 +0,0 @@
-The ISC License
-
-Copyright (c) Isaac Z. Schlueter
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-

dist/node_modules/inherits/README.md

@@ -1,42 +0,0 @@
-Browser-friendly inheritance fully compatible with standard node.js
-[inherits](http://nodejs.org/api/util.html#util_util_inherits_constructor_superconstructor).
-
-This package exports standard `inherits` from node.js `util` module in
-node environment, but also provides alternative browser-friendly
-implementation through [browser
-field](https://gist.github.com/shtylman/4339901). Alternative
-implementation is a literal copy of standard one located in standalone
-module to avoid requiring of `util`. It also has a shim for old
-browsers with no `Object.create` support.
-
-While keeping you sure you are using standard `inherits`
-implementation in node.js environment, it allows bundlers such as
-[browserify](https://github.com/substack/node-browserify) to not
-include full `util` package to your client code if all you need is
-just `inherits` function. It worth, because browser shim for `util`
-package is large and `inherits` is often the single function you need
-from it.
-
-It's recommended to use this package instead of
-`require('util').inherits` for any code that has chances to be used
-not only in node.js but in browser too.
-
-## usage
-
-```js
-var inherits = require('inherits');
-// then use exactly as the standard one
-```
-
-## note on version ~1.0
-
-Version ~1.0 had completely different motivation and is not compatible
-neither with 2.0 nor with standard node.js `inherits`.
-
-If you are using version ~1.0 and planning to switch to ~2.0, be
-careful:
-
-* new version uses `super_` instead of `super` for referencing
-  superclass
-* new version overwrites current prototype while old one preserves any
-  existing fields on it

dist/node_modules/inherits/inherits.js

@@ -1,9 +0,0 @@
-try {
-  var util = require('util');
-  /* istanbul ignore next */
-  if (typeof util.inherits !== 'function') throw '';
-  module.exports = util.inherits;
-} catch (e) {
-  /* istanbul ignore next */
-  module.exports = require('./inherits_browser.js');
-}

dist/node_modules/inherits/inherits_browser.js

@@ -1,27 +0,0 @@
-if (typeof Object.create === 'function') {
-  // implementation from standard node.js 'util' module
-  module.exports = function inherits(ctor, superCtor) {
-    if (superCtor) {
-      ctor.super_ = superCtor
-      ctor.prototype = Object.create(superCtor.prototype, {
-        constructor: {
-          value: ctor,
-          enumerable: false,
-          writable: true,
-          configurable: true
-        }
-      })
-    }
-  };
-} else {
-  // old school shim for old browsers
-  module.exports = function inherits(ctor, superCtor) {
-    if (superCtor) {
-      ctor.super_ = superCtor
-      var TempCtor = function () {}
-      TempCtor.prototype = superCtor.prototype
-      ctor.prototype = new TempCtor()
-      ctor.prototype.constructor = ctor
-    }
-  }
-}

dist/node_modules/inherits/package.json

@@ -1,65 +0,0 @@
-{
-  "_args": [
-    [
-      "inherits@2.0.4",
-      "/Users/thomashu/src/github/codecov/codecov-action"
-    ]
-  ],
-  "_development": true,
-  "_from": "inherits@2.0.4",
-  "_id": "inherits@2.0.4",
-  "_inBundle": false,
-  "_integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
-  "_location": "/inherits",
-  "_phantomChildren": {},
-  "_requested": {
-    "type": "version",
-    "registry": true,
-    "raw": "inherits@2.0.4",
-    "name": "inherits",
-    "escapedName": "inherits",
-    "rawSpec": "2.0.4",
-    "saveSpec": null,
-    "fetchSpec": "2.0.4"
-  },
-  "_requiredBy": [
-    "/glob"
-  ],
-  "_resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
-  "_spec": "2.0.4",
-  "_where": "/Users/thomashu/src/github/codecov/codecov-action",
-  "browser": "./inherits_browser.js",
-  "bugs": {
-    "url": "https://github.com/isaacs/inherits/issues"
-  },
-  "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()",
-  "devDependencies": {
-    "tap": "^14.2.4"
-  },
-  "files": [
-    "inherits.js",
-    "inherits_browser.js"
-  ],
-  "homepage": "https://github.com/isaacs/inherits#readme",
-  "keywords": [
-    "inheritance",
-    "class",
-    "klass",
-    "oop",
-    "object-oriented",
-    "inherits",
-    "browser",
-    "browserify"
-  ],
-  "license": "ISC",
-  "main": "./inherits.js",
-  "name": "inherits",
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/isaacs/inherits.git"
-  },
-  "scripts": {
-    "test": "tap"
-  },
-  "version": "2.0.4"
-}

dist/node_modules/minimalistic-assert/LICENSE

@@ -1,13 +0,0 @@
-Copyright 2015 Calvin Metcalf
-
-Permission to use, copy, modify, and/or distribute this software for any purpose
-with or without fee is hereby granted, provided that the above copyright notice
-and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.

dist/node_modules/minimalistic-assert/index.js

@@ -1,11 +0,0 @@
-module.exports = assert;
-
-function assert(val, msg) {
-  if (!val)
-    throw new Error(msg || 'Assertion failed');
-}
-
-assert.equal = function assertEqual(l, r, msg) {
-  if (l != r)
-    throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r));
-};

dist/node_modules/minimalistic-assert/package.json

@@ -1,44 +0,0 @@
-{
-  "_from": "minimalistic-assert@^1.0.0",
-  "_id": "minimalistic-assert@1.0.1",
-  "_inBundle": false,
-  "_integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==",
-  "_location": "/minimalistic-assert",
-  "_phantomChildren": {},
-  "_requested": {
-    "type": "range",
-    "registry": true,
-    "raw": "minimalistic-assert@^1.0.0",
-    "name": "minimalistic-assert",
-    "escapedName": "minimalistic-assert",
-    "rawSpec": "^1.0.0",
-    "saveSpec": null,
-    "fetchSpec": "^1.0.0"
-  },
-  "_requiredBy": [
-    "/asn1.js"
-  ],
-  "_resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
-  "_shasum": "2e194de044626d4a10e7f7fbc00ce73e83e4d5c7",
-  "_spec": "minimalistic-assert@^1.0.0",
-  "_where": "/Users/thomashu/src/github/codecov/codecov-action/node_modules/asn1.js",
-  "author": "",
-  "bugs": {
-    "url": "https://github.com/calvinmetcalf/minimalistic-assert/issues"
-  },
-  "bundleDependencies": false,
-  "deprecated": false,
-  "description": "minimalistic-assert ===",
-  "homepage": "https://github.com/calvinmetcalf/minimalistic-assert",
-  "license": "ISC",
-  "main": "index.js",
-  "name": "minimalistic-assert",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/calvinmetcalf/minimalistic-assert.git"
-  },
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
-  "version": "1.0.1"
-}

dist/node_modules/minimalistic-assert/readme.md

@@ -1,4 +0,0 @@
-minimalistic-assert
-===
-
-very minimalistic assert module.

dist/node_modules/safer-buffer/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2018 Nikita Skovoroda <chalkerx@gmail.com>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

dist/node_modules/safer-buffer/Porting-Buffer.md

@@ -1,268 +0,0 @@
-# Porting to the Buffer.from/Buffer.alloc API
-
-<a id="overview"></a>
-## Overview
-
-- [Variant 1: Drop support for Node.js ≤ 4.4.x and 5.0.0 — 5.9.x.](#variant-1) (*recommended*)
-- [Variant 2: Use a polyfill](#variant-2)
-- [Variant 3: manual detection, with safeguards](#variant-3)
-
-### Finding problematic bits of code using grep
-
-Just run `grep -nrE '[^a-zA-Z](Slow)?Buffer\s*\(' --exclude-dir node_modules`.
-
-It will find all the potentially unsafe places in your own code (with some considerably unlikely
-exceptions).
-
-### Finding problematic bits of code using Node.js 8
-
-If you’re using Node.js ≥ 8.0.0 (which is recommended), Node.js exposes multiple options that help with finding the relevant pieces of code:
-
-- `--trace-warnings` will make Node.js show a stack trace for this warning and other warnings that are printed by Node.js.
-- `--trace-deprecation` does the same thing, but only for deprecation warnings.
-- `--pending-deprecation` will show more types of deprecation warnings. In particular, it will show the `Buffer()` deprecation warning, even on Node.js 8.
-
-You can set these flags using an environment variable:
-
-```console
-$ export NODE_OPTIONS='--trace-warnings --pending-deprecation'
-$ cat example.js
-'use strict';
-const foo = new Buffer('foo');
-$ node example.js
-(node:7147) [DEP0005] DeprecationWarning: The Buffer() and new Buffer() constructors are not recommended for use due to security and usability concerns. Please use the new Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() construction methods instead.
-    at showFlaggedDeprecation (buffer.js:127:13)
-    at new Buffer (buffer.js:148:3)
-    at Object.<anonymous> (/path/to/example.js:2:13)
-    [... more stack trace lines ...]
-```
-
-### Finding problematic bits of code using linters
-
-Eslint rules [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
-or
-[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
-also find calls to deprecated `Buffer()` API. Those rules are included in some pre-sets.
-
-There is a drawback, though, that it doesn't always
-[work correctly](https://github.com/chalker/safer-buffer#why-not-safe-buffer) when `Buffer` is
-overriden e.g. with a polyfill, so recommended is a combination of this and some other method
-described above.
-
-<a id="variant-1"></a>
-## Variant 1: Drop support for Node.js ≤ 4.4.x and 5.0.0 — 5.9.x.
-
-This is the recommended solution nowadays that would imply only minimal overhead.
-
-The Node.js 5.x release line has been unsupported since July 2016, and the Node.js 4.x release line reaches its End of Life in April 2018 (→ [Schedule](https://github.com/nodejs/Release#release-schedule)). This means that these versions of Node.js will *not* receive any updates, even in case of security issues, so using these release lines should be avoided, if at all possible.
-
-What you would do in this case is to convert all `new Buffer()` or `Buffer()` calls to use `Buffer.alloc()` or `Buffer.from()`, in the following way:
-
-- For `new Buffer(number)`, replace it with `Buffer.alloc(number)`.
-- For `new Buffer(string)` (or `new Buffer(string, encoding)`), replace it with `Buffer.from(string)` (or `Buffer.from(string, encoding)`).
-- For all other combinations of arguments (these are much rarer), also replace `new Buffer(...arguments)` with `Buffer.from(...arguments)`.
-
-Note that `Buffer.alloc()` is also _faster_ on the current Node.js versions than
-`new Buffer(size).fill(0)`, which is what you would otherwise need to ensure zero-filling.
-
-Enabling eslint rule [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
-or
-[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
-is recommended to avoid accidential unsafe Buffer API usage.
-
-There is also a [JSCodeshift codemod](https://github.com/joyeecheung/node-dep-codemod#dep005)
-for automatically migrating Buffer constructors to `Buffer.alloc()` or `Buffer.from()`.
-Note that it currently only works with cases where the arguments are literals or where the
-constructor is invoked with two arguments.
-
-_If you currently support those older Node.js versions and dropping them would be a semver-major change
-for you, or if you support older branches of your packages, consider using [Variant 2](#variant-2)
-or [Variant 3](#variant-3) on older branches, so people using those older branches will also receive
-the fix. That way, you will eradicate potential issues caused by unguarded Buffer API usage and
-your users will not observe a runtime deprecation warning when running your code on Node.js 10._
-
-<a id="variant-2"></a>
-## Variant 2: Use a polyfill
-
-Utilize [safer-buffer](https://www.npmjs.com/package/safer-buffer) as a polyfill to support older
-Node.js versions.
-
-You would take exacly the same steps as in [Variant 1](#variant-1), but with a polyfill
-`const Buffer = require('safer-buffer').Buffer` in all files where you use the new `Buffer` api.
-
-Make sure that you do not use old `new Buffer` API — in any files where the line above is added,
-using old `new Buffer()` API will _throw_. It will be easy to notice that in CI, though.
-
-Alternatively, you could use [buffer-from](https://www.npmjs.com/package/buffer-from) and/or
-[buffer-alloc](https://www.npmjs.com/package/buffer-alloc) [ponyfills](https://ponyfill.com/) —
-those are great, the only downsides being 4 deps in the tree and slightly more code changes to
-migrate off them (as you would be using e.g. `Buffer.from` under a different name). If you need only
-`Buffer.from` polyfilled — `buffer-from` alone which comes with no extra dependencies.
-
-_Alternatively, you could use [safe-buffer](https://www.npmjs.com/package/safe-buffer) — it also
-provides a polyfill, but takes a different approach which has
-[it's drawbacks](https://github.com/chalker/safer-buffer#why-not-safe-buffer). It will allow you
-to also use the older `new Buffer()` API in your code, though — but that's arguably a benefit, as
-it is problematic, can cause issues in your code, and will start emitting runtime deprecation
-warnings starting with Node.js 10._
-
-Note that in either case, it is important that you also remove all calls to the old Buffer
-API manually — just throwing in `safe-buffer` doesn't fix the problem by itself, it just provides
-a polyfill for the new API. I have seen people doing that mistake.
-
-Enabling eslint rule [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
-or
-[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
-is recommended.
-
-_Don't forget to drop the polyfill usage once you drop support for Node.js < 4.5.0._
-
-<a id="variant-3"></a>
-## Variant 3 — manual detection, with safeguards
-
-This is useful if you create Buffer instances in only a few places (e.g. one), or you have your own
-wrapper around them.
-
-### Buffer(0)
-
-This special case for creating empty buffers can be safely replaced with `Buffer.concat([])`, which
-returns the same result all the way down to Node.js 0.8.x.
-
-### Buffer(notNumber)
-
-Before:
-
-```js
-var buf = new Buffer(notNumber, encoding);
-```
-
-After:
-
-```js
-var buf;
-if (Buffer.from && Buffer.from !== Uint8Array.from) {
-  buf = Buffer.from(notNumber, encoding);
-} else {
-  if (typeof notNumber === 'number')
-    throw new Error('The "size" argument must be of type number.');
-  buf = new Buffer(notNumber, encoding);
-}
-```
-
-`encoding` is optional.
-
-Note that the `typeof notNumber` before `new Buffer` is required (for cases when `notNumber` argument is not
-hard-coded) and _is not caused by the deprecation of Buffer constructor_ — it's exactly _why_ the
-Buffer constructor is deprecated. Ecosystem packages lacking this type-check caused numereous
-security issues — situations when unsanitized user input could end up in the `Buffer(arg)` create
-problems ranging from DoS to leaking sensitive information to the attacker from the process memory.
-
-When `notNumber` argument is hardcoded (e.g. literal `"abc"` or `[0,1,2]`), the `typeof` check can
-be omitted.
-
-Also note that using TypeScript does not fix this problem for you — when libs written in
-`TypeScript` are used from JS, or when user input ends up there — it behaves exactly as pure JS, as
-all type checks are translation-time only and are not present in the actual JS code which TS
-compiles to.
-
-### Buffer(number)
-
-For Node.js 0.10.x (and below) support:
-
-```js
-var buf;
-if (Buffer.alloc) {
-  buf = Buffer.alloc(number);
-} else {
-  buf = new Buffer(number);
-  buf.fill(0);
-}
-```
-
-Otherwise (Node.js ≥ 0.12.x):
-
-```js
-const buf = Buffer.alloc ? Buffer.alloc(number) : new Buffer(number).fill(0);
-```
-
-## Regarding Buffer.allocUnsafe
-
-Be extra cautious when using `Buffer.allocUnsafe`:
- * Don't use it if you don't have a good reason to
-   * e.g. you probably won't ever see a performance difference for small buffers, in fact, those
-     might be even faster with `Buffer.alloc()`,
-   * if your code is not in the hot code path — you also probably won't notice a difference,
-   * keep in mind that zero-filling minimizes the potential risks.
- * If you use it, make sure that you never return the buffer in a partially-filled state,
-   * if you are writing to it sequentially — always truncate it to the actuall written length
-
-Errors in handling buffers allocated with `Buffer.allocUnsafe` could result in various issues,
-ranged from undefined behaviour of your code to sensitive data (user input, passwords, certs)
-leaking to the remote attacker.
-
-_Note that the same applies to `new Buffer` usage without zero-filling, depending on the Node.js
-version (and lacking type checks also adds DoS to the list of potential problems)._
-
-<a id="faq"></a>
-## FAQ
-
-<a id="design-flaws"></a>
-### What is wrong with the `Buffer` constructor?
-
-The `Buffer` constructor could be used to create a buffer in many different ways:
-
-- `new Buffer(42)` creates a `Buffer` of 42 bytes. Before Node.js 8, this buffer contained
-  *arbitrary memory* for performance reasons, which could include anything ranging from
-  program source code to passwords and encryption keys.
-- `new Buffer('abc')` creates a `Buffer` that contains the UTF-8-encoded version of
-  the string `'abc'`. A second argument could specify another encoding: For example,
-  `new Buffer(string, 'base64')` could be used to convert a Base64 string into the original
-  sequence of bytes that it represents.
-- There are several other combinations of arguments.
-
-This meant that, in code like `var buffer = new Buffer(foo);`, *it is not possible to tell
-what exactly the contents of the generated buffer are* without knowing the type of `foo`.
-
-Sometimes, the value of `foo` comes from an external source. For example, this function
-could be exposed as a service on a web server, converting a UTF-8 string into its Base64 form:
-
-```
-function stringToBase64(req, res) {
-  // The request body should have the format of `{ string: 'foobar' }`
-  const rawBytes = new Buffer(req.body.string)
-  const encoded = rawBytes.toString('base64')
-  res.end({ encoded: encoded })
-}
-```
-
-Note that this code does *not* validate the type of `req.body.string`:
-
-- `req.body.string` is expected to be a string. If this is the case, all goes well.
-- `req.body.string` is controlled by the client that sends the request.
-- If `req.body.string` is the *number* `50`, the `rawBytes` would be 50 bytes:
-  - Before Node.js 8, the content would be uninitialized
-  - After Node.js 8, the content would be `50` bytes with the value `0`
-
-Because of the missing type check, an attacker could intentionally send a number
-as part of the request. Using this, they can either:
-
-- Read uninitialized memory. This **will** leak passwords, encryption keys and other
-  kinds of sensitive information. (Information leak)
-- Force the program to allocate a large amount of memory. For example, when specifying
-  `500000000` as the input value, each request will allocate 500MB of memory.
-  This can be used to either exhaust the memory available of a program completely
-  and make it crash, or slow it down significantly. (Denial of Service)
-
-Both of these scenarios are considered serious security issues in a real-world
-web server context.
-
-when using `Buffer.from(req.body.string)` instead, passing a number will always
-throw an exception instead, giving a controlled behaviour that can always be
-handled by the program.
-
-<a id="ecosystem-usage"></a>
-### The `Buffer()` constructor has been deprecated for a while. Is this really an issue?
-
-Surveys of code in the `npm` ecosystem have shown that the `Buffer()` constructor is still
-widely used. This includes new code, and overall usage of such code has actually been
-*increasing*.

dist/node_modules/safer-buffer/Readme.md

@@ -1,156 +0,0 @@
-# safer-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![javascript style guide][standard-image]][standard-url] [![Security Responsible Disclosure][secuirty-image]][secuirty-url]
-
-[travis-image]: https://travis-ci.org/ChALkeR/safer-buffer.svg?branch=master
-[travis-url]: https://travis-ci.org/ChALkeR/safer-buffer
-[npm-image]: https://img.shields.io/npm/v/safer-buffer.svg
-[npm-url]: https://npmjs.org/package/safer-buffer
-[standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg
-[standard-url]: https://standardjs.com
-[secuirty-image]: https://img.shields.io/badge/Security-Responsible%20Disclosure-green.svg
-[secuirty-url]: https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md
-
-Modern Buffer API polyfill without footguns, working on Node.js from 0.8 to current.
-
-## How to use?
-
-First, port all `Buffer()` and `new Buffer()` calls to `Buffer.alloc()` and `Buffer.from()` API.
-
-Then, to achieve compatibility with outdated Node.js versions (`<4.5.0` and 5.x `<5.9.0`), use
-`const Buffer = require('safer-buffer').Buffer` in all files where you make calls to the new
-Buffer API. _Use `var` instead of `const` if you need that for your Node.js version range support._
-
-Also, see the
-[porting Buffer](https://github.com/ChALkeR/safer-buffer/blob/master/Porting-Buffer.md) guide.
-
-## Do I need it?
-
-Hopefully, not — dropping support for outdated Node.js versions should be fine nowdays, and that
-is the recommended path forward. You _do_ need to port to the `Buffer.alloc()` and `Buffer.from()`
-though.
-
-See the [porting guide](https://github.com/ChALkeR/safer-buffer/blob/master/Porting-Buffer.md)
-for a better description.
-
-## Why not [safe-buffer](https://npmjs.com/safe-buffer)?
-
-_In short: while `safe-buffer` serves as a polyfill for the new API, it allows old API usage and
-itself contains footguns._
-
-`safe-buffer` could be used safely to get the new API while still keeping support for older
-Node.js versions (like this module), but while analyzing ecosystem usage of the old Buffer API
-I found out that `safe-buffer` is itself causing problems in some cases.
-
-For example, consider the following snippet:
-
-```console
-$ cat example.unsafe.js
-console.log(Buffer(20))
-$ ./node-v6.13.0-linux-x64/bin/node example.unsafe.js
-<Buffer 0a 00 00 00 00 00 00 00 28 13 de 02 00 00 00 00 05 00 00 00>
-$ standard example.unsafe.js
-standard: Use JavaScript Standard Style (https://standardjs.com)
-  /home/chalker/repo/safer-buffer/example.unsafe.js:2:13: 'Buffer()' was deprecated since v6. Use 'Buffer.alloc()' or 'Buffer.from()' (use 'https://www.npmjs.com/package/safe-buffer' for '<4.5.0') instead.
-```
-
-This is allocates and writes to console an uninitialized chunk of memory.
-[standard](https://www.npmjs.com/package/standard) linter (among others) catch that and warn people
-to avoid using unsafe API.
-
-Let's now throw in `safe-buffer`!
-
-```console
-$ cat example.safe-buffer.js
-const Buffer = require('safe-buffer').Buffer
-console.log(Buffer(20))
-$ standard example.safe-buffer.js
-$ ./node-v6.13.0-linux-x64/bin/node example.safe-buffer.js
-<Buffer 08 00 00 00 00 00 00 00 28 58 01 82 fe 7f 00 00 00 00 00 00>
-```
-
-See the problem? Adding in `safe-buffer` _magically removes the lint warning_, but the behavior
-remains identiсal to what we had before, and when launched on Node.js 6.x LTS — this dumps out
-chunks of uninitialized memory.
-_And this code will still emit runtime warnings on Node.js 10.x and above._
-
-That was done by design. I first considered changing `safe-buffer`, prohibiting old API usage or
-emitting warnings on it, but that significantly diverges from `safe-buffer` design. After some
-discussion, it was decided to move my approach into a separate package, and _this is that separate
-package_.
-
-This footgun is not imaginary — I observed top-downloaded packages doing that kind of thing,
-«fixing» the lint warning by blindly including `safe-buffer` without any actual changes.
-
-Also in some cases, even if the API _was_ migrated to use of safe Buffer API — a random pull request
-can bring unsafe Buffer API usage back to the codebase by adding new calls — and that could go
-unnoticed even if you have a linter prohibiting that (becase of the reason stated above), and even
-pass CI. _I also observed that being done in popular packages._
-
-Some examples:
- * [webdriverio](https://github.com/webdriverio/webdriverio/commit/05cbd3167c12e4930f09ef7cf93b127ba4effae4#diff-124380949022817b90b622871837d56cR31)
-   (a module with 548 759 downloads/month),
- * [websocket-stream](https://github.com/maxogden/websocket-stream/commit/c9312bd24d08271687d76da0fe3c83493871cf61)
-   (218 288 d/m, fix in [maxogden/websocket-stream#142](https://github.com/maxogden/websocket-stream/pull/142)),
- * [node-serialport](https://github.com/node-serialport/node-serialport/commit/e8d9d2b16c664224920ce1c895199b1ce2def48c)
-   (113 138 d/m, fix in [node-serialport/node-serialport#1510](https://github.com/node-serialport/node-serialport/pull/1510)),
- * [karma](https://github.com/karma-runner/karma/commit/3d94b8cf18c695104ca195334dc75ff054c74eec)
-   (3 973 193 d/m, fix in [karma-runner/karma#2947](https://github.com/karma-runner/karma/pull/2947)),
- * [spdy-transport](https://github.com/spdy-http2/spdy-transport/commit/5375ac33f4a62a4f65bcfc2827447d42a5dbe8b1)
-   (5 970 727 d/m, fix in [spdy-http2/spdy-transport#53](https://github.com/spdy-http2/spdy-transport/pull/53)).
- * And there are a lot more over the ecosystem.
-
-I filed a PR at
-[mysticatea/eslint-plugin-node#110](https://github.com/mysticatea/eslint-plugin-node/pull/110) to
-partially fix that (for cases when that lint rule is used), but it is a semver-major change for
-linter rules and presets, so it would take significant time for that to reach actual setups.
-_It also hasn't been released yet (2018-03-20)._
-
-Also, `safer-buffer` discourages the usage of `.allocUnsafe()`, which is often done by a mistake.
-It still supports it with an explicit concern barier, by placing it under
-`require('safer-buffer/dangereous')`.
-
-## But isn't throwing bad?
-
-Not really. It's an error that could be noticed and fixed early, instead of causing havoc later like
-unguarded `new Buffer()` calls that end up receiving user input can do.
-
-This package affects only the files where `var Buffer = require('safer-buffer').Buffer` was done, so
-it is really simple to keep track of things and make sure that you don't mix old API usage with that.
-Also, CI should hint anything that you might have missed.
-
-New commits, if tested, won't land new usage of unsafe Buffer API this way.
-_Node.js 10.x also deals with that by printing a runtime depecation warning._
-
-### Would it affect third-party modules?
-
-No, unless you explicitly do an awful thing like monkey-patching or overriding the built-in `Buffer`.
-Don't do that.
-
-### But I don't want throwing…
-
-That is also fine!
-
-Also, it could be better in some cases when you don't comprehensive enough test coverage.
-
-In that case — just don't override `Buffer` and use
-`var SaferBuffer = require('safer-buffer').Buffer` instead.
-
-That way, everything using `Buffer` natively would still work, but there would be two drawbacks:
-
-* `Buffer.from`/`Buffer.alloc` won't be polyfilled — use `SaferBuffer.from` and
-  `SaferBuffer.alloc` instead.
-* You are still open to accidentally using the insecure deprecated API — use a linter to catch that.
-
-Note that using a linter to catch accidential `Buffer` constructor usage in this case is strongly
-recommended. `Buffer` is not overriden in this usecase, so linters won't get confused.
-
-## «Without footguns»?
-
-Well, it is still possible to do _some_ things with `Buffer` API, e.g. accessing `.buffer` property
-on older versions and duping things from there. You shouldn't do that in your code, probabably.
-
-The intention is to remove the most significant footguns that affect lots of packages in the
-ecosystem, and to do it in the proper way.
-
-Also, this package doesn't protect against security issues affecting some Node.js versions, so for
-usage in your own production code, it is still recommended to update to a Node.js version
-[supported by upstream](https://github.com/nodejs/release#release-schedule).

dist/node_modules/safer-buffer/dangerous.js

@@ -1,58 +0,0 @@
-/* eslint-disable node/no-deprecated-api */
-
-'use strict'
-
-var buffer = require('buffer')
-var Buffer = buffer.Buffer
-var safer = require('./safer.js')
-var Safer = safer.Buffer
-
-var dangerous = {}
-
-var key
-
-for (key in safer) {
-  if (!safer.hasOwnProperty(key)) continue
-  dangerous[key] = safer[key]
-}
-
-var Dangereous = dangerous.Buffer = {}
-
-// Copy Safer API
-for (key in Safer) {
-  if (!Safer.hasOwnProperty(key)) continue
-  Dangereous[key] = Safer[key]
-}
-
-// Copy those missing unsafe methods, if they are present
-for (key in Buffer) {
-  if (!Buffer.hasOwnProperty(key)) continue
-  if (Dangereous.hasOwnProperty(key)) continue
-  Dangereous[key] = Buffer[key]
-}
-
-if (!Dangereous.allocUnsafe) {
-  Dangereous.allocUnsafe = function (size) {
-    if (typeof size !== 'number') {
-      throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
-    }
-    if (size < 0 || size >= 2 * (1 << 30)) {
-      throw new RangeError('The value "' + size + '" is invalid for option "size"')
-    }
-    return Buffer(size)
-  }
-}
-
-if (!Dangereous.allocUnsafeSlow) {
-  Dangereous.allocUnsafeSlow = function (size) {
-    if (typeof size !== 'number') {
-      throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
-    }
-    if (size < 0 || size >= 2 * (1 << 30)) {
-      throw new RangeError('The value "' + size + '" is invalid for option "size"')
-    }
-    return buffer.SlowBuffer(size)
-  }
-}
-
-module.exports = dangerous

dist/node_modules/safer-buffer/package.json

@@ -1,66 +0,0 @@
-{
-  "_args": [
-    [
-      "safer-buffer@2.1.2",
-      "/Users/thomashu/src/github/codecov/codecov-action"
-    ]
-  ],
-  "_from": "safer-buffer@2.1.2",
-  "_id": "safer-buffer@2.1.2",
-  "_inBundle": false,
-  "_integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
-  "_location": "/safer-buffer",
-  "_phantomChildren": {},
-  "_requested": {
-    "type": "version",
-    "registry": true,
-    "raw": "safer-buffer@2.1.2",
-    "name": "safer-buffer",
-    "escapedName": "safer-buffer",
-    "rawSpec": "2.1.2",
-    "saveSpec": null,
-    "fetchSpec": "2.1.2"
-  },
-  "_requiredBy": [
-    "/asn1",
-    "/ecc-jsbn",
-    "/iconv-lite",
-    "/sshpk"
-  ],
-  "_resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
-  "_spec": "2.1.2",
-  "_where": "/Users/thomashu/src/github/codecov/codecov-action",
-  "author": {
-    "name": "Nikita Skovoroda",
-    "email": "chalkerx@gmail.com",
-    "url": "https://github.com/ChALkeR"
-  },
-  "bugs": {
-    "url": "https://github.com/ChALkeR/safer-buffer/issues"
-  },
-  "description": "Modern Buffer API polyfill without footguns",
-  "devDependencies": {
-    "standard": "^11.0.1",
-    "tape": "^4.9.0"
-  },
-  "files": [
-    "Porting-Buffer.md",
-    "Readme.md",
-    "tests.js",
-    "dangerous.js",
-    "safer.js"
-  ],
-  "homepage": "https://github.com/ChALkeR/safer-buffer#readme",
-  "license": "MIT",
-  "main": "safer.js",
-  "name": "safer-buffer",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/ChALkeR/safer-buffer.git"
-  },
-  "scripts": {
-    "browserify-test": "browserify --external tape tests.js > browserify-tests.js && tape browserify-tests.js",
-    "test": "standard && tape tests.js"
-  },
-  "version": "2.1.2"
-}

dist/node_modules/safer-buffer/safer.js

@@ -1,77 +0,0 @@
-/* eslint-disable node/no-deprecated-api */
-
-'use strict'
-
-var buffer = require('buffer')
-var Buffer = buffer.Buffer
-
-var safer = {}
-
-var key
-
-for (key in buffer) {
-  if (!buffer.hasOwnProperty(key)) continue
-  if (key === 'SlowBuffer' || key === 'Buffer') continue
-  safer[key] = buffer[key]
-}
-
-var Safer = safer.Buffer = {}
-for (key in Buffer) {
-  if (!Buffer.hasOwnProperty(key)) continue
-  if (key === 'allocUnsafe' || key === 'allocUnsafeSlow') continue
-  Safer[key] = Buffer[key]
-}
-
-safer.Buffer.prototype = Buffer.prototype
-
-if (!Safer.from || Safer.from === Uint8Array.from) {
-  Safer.from = function (value, encodingOrOffset, length) {
-    if (typeof value === 'number') {
-      throw new TypeError('The "value" argument must not be of type number. Received type ' + typeof value)
-    }
-    if (value && typeof value.length === 'undefined') {
-      throw new TypeError('The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type ' + typeof value)
-    }
-    return Buffer(value, encodingOrOffset, length)
-  }
-}
-
-if (!Safer.alloc) {
-  Safer.alloc = function (size, fill, encoding) {
-    if (typeof size !== 'number') {
-      throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
-    }
-    if (size < 0 || size >= 2 * (1 << 30)) {
-      throw new RangeError('The value "' + size + '" is invalid for option "size"')
-    }
-    var buf = Buffer(size)
-    if (!fill || fill.length === 0) {
-      buf.fill(0)
-    } else if (typeof encoding === 'string') {
-      buf.fill(fill, encoding)
-    } else {
-      buf.fill(fill)
-    }
-    return buf
-  }
-}
-
-if (!safer.kStringMaxLength) {
-  try {
-    safer.kStringMaxLength = process.binding('buffer').kStringMaxLength
-  } catch (e) {
-    // we can't determine kStringMaxLength in environments where process.binding
-    // is unsupported, so let's not set it
-  }
-}
-
-if (!safer.constants) {
-  safer.constants = {
-    MAX_LENGTH: safer.kMaxLength
-  }
-  if (safer.kStringMaxLength) {
-    safer.constants.MAX_STRING_LENGTH = safer.kStringMaxLength
-  }
-}
-
-module.exports = safer

dist/node_modules/safer-buffer/tests.js

@@ -1,406 +0,0 @@
-/* eslint-disable node/no-deprecated-api */
-
-'use strict'
-
-var test = require('tape')
-
-var buffer = require('buffer')
-
-var index = require('./')
-var safer = require('./safer')
-var dangerous = require('./dangerous')
-
-/* Inheritance tests */
-
-test('Default is Safer', function (t) {
-  t.equal(index, safer)
-  t.notEqual(safer, dangerous)
-  t.notEqual(index, dangerous)
-  t.end()
-})
-
-test('Is not a function', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(typeof impl, 'object')
-    t.equal(typeof impl.Buffer, 'object')
-  });
-  [buffer].forEach(function (impl) {
-    t.equal(typeof impl, 'object')
-    t.equal(typeof impl.Buffer, 'function')
-  })
-  t.end()
-})
-
-test('Constructor throws', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.throws(function () { impl.Buffer() })
-    t.throws(function () { impl.Buffer(0) })
-    t.throws(function () { impl.Buffer('a') })
-    t.throws(function () { impl.Buffer('a', 'utf-8') })
-    t.throws(function () { return new impl.Buffer() })
-    t.throws(function () { return new impl.Buffer(0) })
-    t.throws(function () { return new impl.Buffer('a') })
-    t.throws(function () { return new impl.Buffer('a', 'utf-8') })
-  })
-  t.end()
-})
-
-test('Safe methods exist', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(typeof impl.Buffer.alloc, 'function', 'alloc')
-    t.equal(typeof impl.Buffer.from, 'function', 'from')
-  })
-  t.end()
-})
-
-test('Unsafe methods exist only in Dangerous', function (t) {
-  [index, safer].forEach(function (impl) {
-    t.equal(typeof impl.Buffer.allocUnsafe, 'undefined')
-    t.equal(typeof impl.Buffer.allocUnsafeSlow, 'undefined')
-  });
-  [dangerous].forEach(function (impl) {
-    t.equal(typeof impl.Buffer.allocUnsafe, 'function')
-    t.equal(typeof impl.Buffer.allocUnsafeSlow, 'function')
-  })
-  t.end()
-})
-
-test('Generic methods/properties are defined and equal', function (t) {
-  ['poolSize', 'isBuffer', 'concat', 'byteLength'].forEach(function (method) {
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl.Buffer[method], buffer.Buffer[method], method)
-      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-test('Built-in buffer static methods/properties are inherited', function (t) {
-  Object.keys(buffer).forEach(function (method) {
-    if (method === 'SlowBuffer' || method === 'Buffer') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl[method], buffer[method], method)
-      t.notEqual(typeof impl[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-test('Built-in Buffer static methods/properties are inherited', function (t) {
-  Object.keys(buffer.Buffer).forEach(function (method) {
-    if (method === 'allocUnsafe' || method === 'allocUnsafeSlow') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl.Buffer[method], buffer.Buffer[method], method)
-      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-test('.prototype property of Buffer is inherited', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(impl.Buffer.prototype, buffer.Buffer.prototype, 'prototype')
-    t.notEqual(typeof impl.Buffer.prototype, 'undefined', 'prototype')
-  })
-  t.end()
-})
-
-test('All Safer methods are present in Dangerous', function (t) {
-  Object.keys(safer).forEach(function (method) {
-    if (method === 'Buffer') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl[method], safer[method], method)
-      if (method !== 'kStringMaxLength') {
-        t.notEqual(typeof impl[method], 'undefined', method)
-      }
-    })
-  })
-  Object.keys(safer.Buffer).forEach(function (method) {
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl.Buffer[method], safer.Buffer[method], method)
-      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-test('Safe methods from Dangerous methods are present in Safer', function (t) {
-  Object.keys(dangerous).forEach(function (method) {
-    if (method === 'Buffer') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl[method], dangerous[method], method)
-      if (method !== 'kStringMaxLength') {
-        t.notEqual(typeof impl[method], 'undefined', method)
-      }
-    })
-  })
-  Object.keys(dangerous.Buffer).forEach(function (method) {
-    if (method === 'allocUnsafe' || method === 'allocUnsafeSlow') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl.Buffer[method], dangerous.Buffer[method], method)
-      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-/* Behaviour tests */
-
-test('Methods return Buffers', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0)))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0, 10)))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0, 'a')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(10)))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(10, 'x')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(9, 'ab')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('string')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('string', 'utf-8')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from([0, 42, 3])))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from(new Uint8Array([0, 42, 3]))))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from([])))
-  });
-  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
-    t.ok(buffer.Buffer.isBuffer(dangerous.Buffer[method](0)))
-    t.ok(buffer.Buffer.isBuffer(dangerous.Buffer[method](10)))
-  })
-  t.end()
-})
-
-test('Constructor is buffer.Buffer', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(impl.Buffer.alloc(0).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(0, 10).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(0, 'a').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(10).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(10, 'x').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(9, 'ab').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from('').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from('string').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from('string', 'utf-8').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from([0, 42, 3]).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from(new Uint8Array([0, 42, 3])).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from([]).constructor, buffer.Buffer)
-  });
-  [0, 10, 100].forEach(function (arg) {
-    t.equal(dangerous.Buffer.allocUnsafe(arg).constructor, buffer.Buffer)
-    t.equal(dangerous.Buffer.allocUnsafeSlow(arg).constructor, buffer.SlowBuffer(0).constructor)
-  })
-  t.end()
-})
-
-test('Invalid calls throw', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.throws(function () { impl.Buffer.from(0) })
-    t.throws(function () { impl.Buffer.from(10) })
-    t.throws(function () { impl.Buffer.from(10, 'utf-8') })
-    t.throws(function () { impl.Buffer.from('string', 'invalid encoding') })
-    t.throws(function () { impl.Buffer.from(-10) })
-    t.throws(function () { impl.Buffer.from(1e90) })
-    t.throws(function () { impl.Buffer.from(Infinity) })
-    t.throws(function () { impl.Buffer.from(-Infinity) })
-    t.throws(function () { impl.Buffer.from(NaN) })
-    t.throws(function () { impl.Buffer.from(null) })
-    t.throws(function () { impl.Buffer.from(undefined) })
-    t.throws(function () { impl.Buffer.from() })
-    t.throws(function () { impl.Buffer.from({}) })
-    t.throws(function () { impl.Buffer.alloc('') })
-    t.throws(function () { impl.Buffer.alloc('string') })
-    t.throws(function () { impl.Buffer.alloc('string', 'utf-8') })
-    t.throws(function () { impl.Buffer.alloc('b25ldHdvdGhyZWU=', 'base64') })
-    t.throws(function () { impl.Buffer.alloc(-10) })
-    t.throws(function () { impl.Buffer.alloc(1e90) })
-    t.throws(function () { impl.Buffer.alloc(2 * (1 << 30)) })
-    t.throws(function () { impl.Buffer.alloc(Infinity) })
-    t.throws(function () { impl.Buffer.alloc(-Infinity) })
-    t.throws(function () { impl.Buffer.alloc(null) })
-    t.throws(function () { impl.Buffer.alloc(undefined) })
-    t.throws(function () { impl.Buffer.alloc() })
-    t.throws(function () { impl.Buffer.alloc([]) })
-    t.throws(function () { impl.Buffer.alloc([0, 42, 3]) })
-    t.throws(function () { impl.Buffer.alloc({}) })
-  });
-  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
-    t.throws(function () { dangerous.Buffer[method]('') })
-    t.throws(function () { dangerous.Buffer[method]('string') })
-    t.throws(function () { dangerous.Buffer[method]('string', 'utf-8') })
-    t.throws(function () { dangerous.Buffer[method](2 * (1 << 30)) })
-    t.throws(function () { dangerous.Buffer[method](Infinity) })
-    if (dangerous.Buffer[method] === buffer.Buffer.allocUnsafe) {
-      t.skip('Skipping, older impl of allocUnsafe coerced negative sizes to 0')
-    } else {
-      t.throws(function () { dangerous.Buffer[method](-10) })
-      t.throws(function () { dangerous.Buffer[method](-1e90) })
-      t.throws(function () { dangerous.Buffer[method](-Infinity) })
-    }
-    t.throws(function () { dangerous.Buffer[method](null) })
-    t.throws(function () { dangerous.Buffer[method](undefined) })
-    t.throws(function () { dangerous.Buffer[method]() })
-    t.throws(function () { dangerous.Buffer[method]([]) })
-    t.throws(function () { dangerous.Buffer[method]([0, 42, 3]) })
-    t.throws(function () { dangerous.Buffer[method]({}) })
-  })
-  t.end()
-})
-
-test('Buffers have appropriate lengths', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(impl.Buffer.alloc(0).length, 0)
-    t.equal(impl.Buffer.alloc(10).length, 10)
-    t.equal(impl.Buffer.from('').length, 0)
-    t.equal(impl.Buffer.from('string').length, 6)
-    t.equal(impl.Buffer.from('string', 'utf-8').length, 6)
-    t.equal(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64').length, 11)
-    t.equal(impl.Buffer.from([0, 42, 3]).length, 3)
-    t.equal(impl.Buffer.from(new Uint8Array([0, 42, 3])).length, 3)
-    t.equal(impl.Buffer.from([]).length, 0)
-  });
-  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
-    t.equal(dangerous.Buffer[method](0).length, 0)
-    t.equal(dangerous.Buffer[method](10).length, 10)
-  })
-  t.end()
-})
-
-test('Buffers have appropriate lengths (2)', function (t) {
-  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
-  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
-  var ok = true;
-  [ safer.Buffer.alloc,
-    dangerous.Buffer.allocUnsafe,
-    dangerous.Buffer.allocUnsafeSlow
-  ].forEach(function (method) {
-    for (var i = 0; i < 1e2; i++) {
-      var length = Math.round(Math.random() * 1e5)
-      var buf = method(length)
-      if (!buffer.Buffer.isBuffer(buf)) ok = false
-      if (buf.length !== length) ok = false
-    }
-  })
-  t.ok(ok)
-  t.end()
-})
-
-test('.alloc(size) is zero-filled and has correct length', function (t) {
-  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
-  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
-  var ok = true
-  for (var i = 0; i < 1e2; i++) {
-    var length = Math.round(Math.random() * 2e6)
-    var buf = index.Buffer.alloc(length)
-    if (!buffer.Buffer.isBuffer(buf)) ok = false
-    if (buf.length !== length) ok = false
-    var j
-    for (j = 0; j < length; j++) {
-      if (buf[j] !== 0) ok = false
-    }
-    buf.fill(1)
-    for (j = 0; j < length; j++) {
-      if (buf[j] !== 1) ok = false
-    }
-  }
-  t.ok(ok)
-  t.end()
-})
-
-test('.allocUnsafe / .allocUnsafeSlow are fillable and have correct lengths', function (t) {
-  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
-    var ok = true
-    for (var i = 0; i < 1e2; i++) {
-      var length = Math.round(Math.random() * 2e6)
-      var buf = dangerous.Buffer[method](length)
-      if (!buffer.Buffer.isBuffer(buf)) ok = false
-      if (buf.length !== length) ok = false
-      buf.fill(0, 0, length)
-      var j
-      for (j = 0; j < length; j++) {
-        if (buf[j] !== 0) ok = false
-      }
-      buf.fill(1, 0, length)
-      for (j = 0; j < length; j++) {
-        if (buf[j] !== 1) ok = false
-      }
-    }
-    t.ok(ok, method)
-  })
-  t.end()
-})
-
-test('.alloc(size, fill) is `fill`-filled', function (t) {
-  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
-  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
-  var ok = true
-  for (var i = 0; i < 1e2; i++) {
-    var length = Math.round(Math.random() * 2e6)
-    var fill = Math.round(Math.random() * 255)
-    var buf = index.Buffer.alloc(length, fill)
-    if (!buffer.Buffer.isBuffer(buf)) ok = false
-    if (buf.length !== length) ok = false
-    for (var j = 0; j < length; j++) {
-      if (buf[j] !== fill) ok = false
-    }
-  }
-  t.ok(ok)
-  t.end()
-})
-
-test('.alloc(size, fill) is `fill`-filled', function (t) {
-  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
-  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
-  var ok = true
-  for (var i = 0; i < 1e2; i++) {
-    var length = Math.round(Math.random() * 2e6)
-    var fill = Math.round(Math.random() * 255)
-    var buf = index.Buffer.alloc(length, fill)
-    if (!buffer.Buffer.isBuffer(buf)) ok = false
-    if (buf.length !== length) ok = false
-    for (var j = 0; j < length; j++) {
-      if (buf[j] !== fill) ok = false
-    }
-  }
-  t.ok(ok)
-  t.deepEqual(index.Buffer.alloc(9, 'a'), index.Buffer.alloc(9, 97))
-  t.notDeepEqual(index.Buffer.alloc(9, 'a'), index.Buffer.alloc(9, 98))
-
-  var tmp = new buffer.Buffer(2)
-  tmp.fill('ok')
-  if (tmp[1] === tmp[0]) {
-    // Outdated Node.js
-    t.deepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('ooooo'))
-  } else {
-    t.deepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('okoko'))
-  }
-  t.notDeepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('kokok'))
-
-  t.end()
-})
-
-test('safer.Buffer.from returns results same as Buffer constructor', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.deepEqual(impl.Buffer.from(''), new buffer.Buffer(''))
-    t.deepEqual(impl.Buffer.from('string'), new buffer.Buffer('string'))
-    t.deepEqual(impl.Buffer.from('string', 'utf-8'), new buffer.Buffer('string', 'utf-8'))
-    t.deepEqual(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'), new buffer.Buffer('b25ldHdvdGhyZWU=', 'base64'))
-    t.deepEqual(impl.Buffer.from([0, 42, 3]), new buffer.Buffer([0, 42, 3]))
-    t.deepEqual(impl.Buffer.from(new Uint8Array([0, 42, 3])), new buffer.Buffer(new Uint8Array([0, 42, 3])))
-    t.deepEqual(impl.Buffer.from([]), new buffer.Buffer([]))
-  })
-  t.end()
-})
-
-test('safer.Buffer.from returns consistent results', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.deepEqual(impl.Buffer.from(''), impl.Buffer.alloc(0))
-    t.deepEqual(impl.Buffer.from([]), impl.Buffer.alloc(0))
-    t.deepEqual(impl.Buffer.from(new Uint8Array([])), impl.Buffer.alloc(0))
-    t.deepEqual(impl.Buffer.from('string', 'utf-8'), impl.Buffer.from('string'))
-    t.deepEqual(impl.Buffer.from('string'), impl.Buffer.from([115, 116, 114, 105, 110, 103]))
-    t.deepEqual(impl.Buffer.from('string'), impl.Buffer.from(impl.Buffer.from('string')))
-    t.deepEqual(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'), impl.Buffer.from('onetwothree'))
-    t.notDeepEqual(impl.Buffer.from('b25ldHdvdGhyZWU='), impl.Buffer.from('onetwothree'))
-  })
-  t.end()
-})

dist/pgp_keys.asc

@@ -1,52 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBGCsMn0BEACiCKZOhkbhUjb+obvhH49p3ShjJzU5b/GqAXSDhRhdXUq7ZoGq
-KEKCd7sQHrCf16Pi5UVacGIyE9hS93HwY15kMlLwM+lNeAeCglEscOjpCly1qUIr
-sN1wjkd2cwDXS6zHBJTqJ7wSOiXbZfTAeKhd6DuLEpmA+Rz4Yc+4qZP+fVxVG3Pv
-2v06m+E5CP/JQVQPO8HYi+S36hJImTh+zaDspu+VujSai5KzJ6YKmgwslVNIp5X5
-GnEr2uAh5w6UTnt9UQUjFFliAvQ3lPLWzm7DWs6AP9hslYxSWzwbzVF5qbOIjUJL
-KfoUpvCYDs2ObgRn8WUQO0ndkRCBIxhlF3HGGYWKQaCEsiom7lyi8VbAszmUCDjw
-HdbQHFmm5yHLpTXJbg+iaxQzKnhWVXzye5/x92IJmJswW81Ky346VxYdC1XFL/+Y
-zBaj9oMmV7WfRpdch09Gf4TgosMzWf3NjJbtKE5xkaghJckIgxwzcrRmF/RmCJue
-IMqZ8A5qUUlK7NBzj51xmAQ4BtkUa2bcCBRV/vP+rk9wcBWz2LiaW+7Mwlfr/C/Q
-Swvv/JW2LsQ4iWc1BY7m7ksn9dcdypEq/1JbIzVLCRDG7pbMj9yLgYmhe5TtjOM3
-ygk25584EhXSgUA3MZw+DIqhbHQBYgrKndTr2N/wuBQY62zZg1YGQByD4QARAQAB
-tEpDb2RlY292IFVwbG9hZGVyIChDb2RlY292IFVwbG9hZGVyIFZlcmlmaWNhdGlv
-biBLZXkpIDxzZWN1cml0eUBjb2RlY292LmlvPokCTgQTAQoAOBYhBCcDTn/bhQ4L
-vCxi/4Brsortd5hpBQJgrDJ9AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
-EIBrsortd5hpxLMP/3Fbgx5EG7zUUOqPZ+Ya9z8JlZFIkh3FxYMfMFE8jH9Es26F
-V2ZTJLO259MxM+5N0XzObi3h4XqIzBn42pDRfwtojY5wl2STJ9Bzu+ykPog7OB1u
-yfWXDRKcqPTUIxI1/WdU+c0/WNE6wjyzK+lRc1YUlp4pdNU7l+j2vKN+jGi2b6nV
-PTPRsMcwy3B90fKf5h2wNMNqO+KX/rjgpG9Uhej+xyFWkGM1tZDQQYFj+ugQUj61
-BMsQrUmxOnaVVnix21cHnACDCaxqgQZH3iZyEOKPNMsRFRP+0fLEnUMP+DVnQE6J
-Brk1Z+XhtjGI9PISQVx5KKDKscreS/D5ae2Cw/FUlQMf57kir6mkbZVhz2khtccz
-atD0r59WomNywIDyk1QfAKV0+O0WeJg8A69/Jk6yegsrUb5qEfkih/I38vvI0OVL
-BYve/mQIHuQo5ziBptNytCrN5TXHXzguX9GOW1V1+3DR+w/vXcnz67sjlYDysf1f
-JUZv9edZ2RGKW7agbrgOw2hB+zuWZ10tjoEcsaSGOLtKRGFDfmu/dBxzl8yopUpa
-Tn79QKOieleRm5+uCcKCPTeKV0GbhDntCZJ+Yiw6ZPmrpcjDowAoMQ9kiMVa10+Q
-WwwoaRWuqhf+dL6Q2OLFOxlyCDKVSyW0YF4Vrf3fKGyxKJmszAL+NS1mVcdxuQIN
-BGCsMn0BEADLrIesbpfdAfWRvUFDN+PoRfa0ROwa/JOMhEgVsowQuk9No8yRva/X
-VyiA6oCq6na7IvZXMxT7di4FWDjDtw5xHjbtFg336IJTGBcnzm7WIsjvyyw8kKfB
-8cvG7D2OkzAUF8SVXLarJ1zdBP/Dr1Nz6F/gJsx5+BM8wGHEz4DsdMRV7ZMTVh6b
-PaGuPZysPjSEw62R8MFJ1fSyDGCKJYwMQ/sKFzseNaY/kZVR5lq0dmhiYjNVQeG9
-HJ6ZCGSGT5PKNOwx/UEkT6jhvzWgfr2eFVGJTcdwSLEgIrJIDzP7myHGxuOiuCmJ
-ENgL1f7mzGkJ/hYXq1RWqsn1Fh2I9KZMHggqu4a+s3RiscmNcbIlIhJLXoE1bxZ/
-TfYZ9Aod6Bd5TsSMTZNwV2am9zelhDiFF60FWww/5nEbhm/X4suC9W86qWBxs3Kh
-vk1dxhElRjtgwUEHA5OFOO48ERHfR7COH719D/YmqLU3EybBgJbGoC/yjlGJxv0R
-kOMAiG2FneNKEZZihReh8A5Jt6jYrSoHFRwL6oJIZfLezB7Rdajx1uH7uYcUyIaE
-SiDWlkDw/IFM315NYFA8c1TCSIfnabUYaAxSLNFRmXnt+GQpm44qAK1x8EGhY633
-e5B4FWorIXx0tTmsVM4rkQ6IgAodeywKG+c2Ikd+5dQLFmb7dW/6CwARAQABiQI2
-BBgBCgAgFiEEJwNOf9uFDgu8LGL/gGuyiu13mGkFAmCsMn0CGwwACgkQgGuyiu13
-mGkYWxAAkzF64SVpYvY9nY/QSYikL8UHlyyqirs6eFZ3Mj9lMRpHM2Spn9a3c701
-0Ge4wDbRP2oftCyPP+p9pdUA77ifMTlRcoMYX8oXAuyE5RT2emBDiWvSR6hQQ8bZ
-WFNXal+bUPpaRiruCCUPD2b8Od1ftzLqbYOosxr/m5Du0uahgOuGw6zlGBJCVOo7
-UB2Y++oZ8P7oDGF722opepWQ+bl2a6TRMLNWWlj4UANknyjlhyZZ7PKhWLjoC6MU
-dAKcwQUdp+XYLc/3b00bvgju0e99QgHZMX2fN3d3ktdN5Q2fqiAi5R6BmCCO4ISF
-o5j10gGU/sdqGHvNhv5C21ibun7HEzMtxBhnhGmytfBJzrsj7GOReePsfTLoCoUq
-dFMOAVUDciVfRtL2m8cv42ZJOXtPfDjsFOf8AKJk40/tc8mMMqZP7RVBr9RWOoq5
-y9D37NfI6UB8rPZ6qs0a1Vfm8lIh2/k1AFECduXgftMDTsmmXOgXXS37HukGW7AL
-QKWiWJQF/XopkXwkyAYpyuyRMZ77oF7nuqLFnl5VVEiRo0Fwu45erebc6ccSwYZU
-8pmeSx7s0aJtxCZPSZEKZ3mn0BXOR32Cgs48CjzFWf6PKucTwOy/YO0/4Gt/upNJ
-3DyeINcYcKyD08DEIF9f5tLyoiD4xz+N23ltTBoMPyv4f3X/wCQ=
-=ch7z
------END PGP PUBLIC KEY BLOCK-----

hooks/pre-commit

@@ -2,8 +2,12 @@
 
 set -e
 
-npm install
-npm run lint
-npm run build
-git add dist/
-git add package-lock.json
+cp src/scripts/dist/codecov.sh dist/codecov.sh
+git add dist/codecov.sh
+
+git diff --cached --name-only | if grep --quiet "src/version"
+then
+    python changelog.py
+fi
+
+git add CHANGELOG.md

jest.config.js

@@ -1,4 +0,0 @@
-module.exports = {
-  preset: 'ts-jest',
-  testEnvironment: 'node',
-};

package.json

@@ -1,45 +0,0 @@
-{
-  "name": "codecov-action",
-  "version": "2.0.1",
-  "description": "Upload coverage reports to Codecov from GitHub Actions",
-  "main": "index.js",
-  "scripts": {
-    "build": "ncc build src/index.ts --source-map",
-    "lint": "eslint src/**/*.ts",
-    "test": "npm run test-script && npm run test-calculator && npm run test-coverage",
-    "test-calculator": "jest --testPathPattern=demo/calculator/ --coverage --coverageDirectory=coverage/calculator",
-    "test-coverage": "jest --testPathPattern=demo/coverage-test/ --coverage --coverageDirectory=coverage/coverage-test",
-    "test-script": "jest --testPathPattern=src/ --coverage --coverageDirectory=coverage/script"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/codecov/codecov-action.git"
-  },
-  "keywords": [],
-  "author": "Ibrahim Ali",
-  "license": "MIT",
-  "bugs": {
-    "url": "https://github.com/codecov/codecov-action/issues"
-  },
-  "homepage": "https://github.com/codecov/codecov-action#readme",
-  "dependencies": {
-    "@actions/core": "^1.4.0",
-    "@actions/exec": "^1.1.0",
-    "@actions/github": "^5.0.0",
-    "node-fetch": "^2.6.1",
-    "openpgp": "^4.10.10"
-  },
-  "devDependencies": {
-    "@types/jest": "^26.0.24",
-    "@types/node": "^16.3.3",
-    "@typescript-eslint/eslint-plugin": "^4.28.3",
-    "@typescript-eslint/parser": "^4.28.3",
-    "@vercel/ncc": "^0.29.0",
-    "eslint": "^7.30.0",
-    "eslint-config-google": "^0.14.0",
-    "jest": "^26.6.3",
-    "jest-junit": "^12.2.0",
-    "ts-jest": "^26.5.6",
-    "typescript": "^4.3.5"
-  }
-}

src/buildExec.test.ts

@@ -1,108 +0,0 @@
-import * as github from '@actions/github';
-
-import buildExec from './buildExec';
-
-/* eslint-disable  @typescript-eslint/no-var-requires */
-const {version} = require('../package.json');
-
-const context = github.context;
-
-test('no arguments', () => {
-  const {execArgs, failCi} = buildExec();
-
-  const args = [
-    '-n',
-    '',
-    '-Q',
-    `github-action-${version}`,
-  ];
-  if (context.eventName == 'pull_request') {
-    args.push('-C', `${context.payload.pull_request.head.sha}`);
-  }
-  expect(execArgs).toEqual(args);
-  expect(failCi).toBeFalsy();
-});
-
-test('all arguments', () => {
-  const envs = {
-    'commit_parent': '83231650328f11695dfb754ca0f540516f188d27',
-    'directory': 'coverage/',
-    'dry_run': 'true',
-    'env_vars': 'OS,PYTHON',
-    'fail_ci_if_error': 'true',
-    'file': 'coverage.xml',
-    'files': 'dir1/coverage.xml,dir2/coverage.xml',
-    'flags': 'test,test2',
-    'functionalities':
-      'network',
-    'move_coverage_to_trash': 'true',
-    'name': 'codecov',
-    'override_branch': 'thomasrockhu/test',
-    'override_build': '1',
-    'override_commit': '9caabca5474b49de74ef5667deabaf74cdacc244',
-    'override_pr': '2',
-    'override_tag': 'v1.2',
-    'path_to_write_report': 'codecov/',
-    'root_dir': 'root/',
-    'slug': 'fakeOwner/fakeRepo',
-    'token': 'd3859757-ab80-4664-924d-aef22fa7557b',
-    'url': 'https://codecov.enterprise.com',
-    'verbose': 't',
-    'working-directory': 'src',
-  };
-
-  for (const env of Object.keys(envs)) {
-    process.env['INPUT_' + env.toUpperCase()] = envs[env];
-  }
-
-  const {execArgs, failCi} = buildExec();
-  expect(execArgs).toEqual([
-    '-n',
-    'codecov',
-    '-Q',
-    `github-action-${version}`,
-    '-c',
-    '-N',
-    '83231650328f11695dfb754ca0f540516f188d27',
-    '-d',
-    '-e',
-    'OS,PYTHON',
-    '-X',
-    'network',
-    '-Z',
-    '-f',
-    'coverage.xml',
-    '-f',
-    'dir1/coverage.xml',
-    '-f',
-    'dir2/coverage.xml',
-    '-F',
-    'test',
-    '-F',
-    'test2',
-    '-B',
-    'thomasrockhu/test',
-    '-b',
-    '1',
-    '-C',
-    '9caabca5474b49de74ef5667deabaf74cdacc244',
-    '-P',
-    '2',
-    '-T',
-    'v1.2',
-    '-R',
-    'root/',
-    '-s',
-    'coverage/',
-    '-r',
-    'fakeOwner/fakeRepo',
-    '-u',
-    'https://codecov.enterprise.com',
-    '-v',
-  ]);
-  expect(failCi).toBeTruthy();
-
-  for (const env of Object.keys(envs)) {
-    delete process.env['INPUT_' + env.toUpperCase()];
-  }
-});

src/buildExec.ts

@@ -1,153 +0,0 @@
-import * as core from '@actions/core';
-import * as github from '@actions/github';
-
-/* eslint-disable  @typescript-eslint/no-var-requires */
-const {version} = require('../package.json');
-
-const context = github.context;
-
-const isTrue = (variable) => {
-  const lowercase = variable.toLowerCase();
-  return (
-    lowercase === '1' ||
-    lowercase === 't' ||
-    lowercase === 'true' ||
-    lowercase === 'y' ||
-    lowercase === 'yes'
-  );
-};
-
-const buildExec = () => {
-  const clean = core.getInput('move_coverage_to_trash');
-  const commitParent = core.getInput('commit_parent');
-  const envVars = core.getInput('env_vars');
-  const dryRun = isTrue(core.getInput('dry_run'));
-  const failCi = isTrue(core.getInput('fail_ci_if_error'));
-  const file = core.getInput('file');
-  const files = core.getInput('files');
-  const flags = core.getInput('flags');
-  const functionalities = core.getInput('functionalities');
-  const name = core.getInput('name');
-  const overrideBranch = core.getInput('override_branch');
-  const overrideBuild = core.getInput('override_build');
-  const overrideCommit = core.getInput('override_commit');
-  const overridePr = core.getInput('override_pr');
-  const overrideTag = core.getInput('override_tag');
-  const rootDir = core.getInput('root_dir');
-  const searchDir = core.getInput('directory');
-  const slug = core.getInput('slug');
-  const token = core.getInput('token');
-  const verbose = isTrue(core.getInput('verbose'));
-  const url = core.getInput('url');
-  const workingDir = core.getInput('working-directory');
-
-  const execArgs = [];
-  execArgs.push(
-      '-n',
-      `${name}`,
-      '-Q',
-      `github-action-${version}`,
-  );
-
-  const options:any = {};
-  options.env = Object.assign(process.env, {
-    GITHUB_ACTION: process.env.GITHUB_ACTION,
-    GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
-    GITHUB_REF: process.env.GITHUB_REF,
-    GITHUB_REPOSITORY: process.env.GITHUB_REPOSITORY,
-    GITHUB_SHA: process.env.GITHUB_SHA,
-    GITHUB_HEAD_REF: process.env.GITHUB_HEAD_REF || '',
-  });
-
-  const envVarsArg = [];
-  for (const envVar of envVars.split(',')) {
-    const envVarClean = envVar.trim();
-    if (envVarClean) {
-      options.env[envVarClean] = process.env[envVarClean];
-      envVarsArg.push(envVarClean);
-    }
-  }
-
-  if (token) {
-    options.env.CODECOV_TOKEN = token;
-  }
-  if (clean) {
-    execArgs.push('-c');
-  }
-  if (commitParent) {
-    execArgs.push('-N', `${commitParent}`);
-  }
-  if (dryRun) {
-    execArgs.push('-d');
-  }
-  if (envVarsArg.length) {
-    execArgs.push('-e', envVarsArg.join(','));
-  }
-  if (functionalities) {
-    functionalities.split(',').forEach((f) => {
-      execArgs.push('-X', `${f}`);
-    });
-  }
-  if (failCi) {
-    execArgs.push('-Z');
-  }
-  if (file) {
-    execArgs.push('-f', `${file}`);
-  }
-  if (files) {
-    files.split(',').forEach((f) => {
-      execArgs.push('-f', `${f}`);
-    });
-  }
-  if (flags) {
-    flags.split(',').forEach((f) => {
-      execArgs.push('-F', `${f}`);
-    });
-  }
-  if (overrideBranch) {
-    execArgs.push('-B', `${overrideBranch}`);
-  }
-  if (overrideBuild) {
-    execArgs.push('-b', `${overrideBuild}`);
-  }
-  if (overrideCommit) {
-    execArgs.push('-C', `${overrideCommit}`);
-  } else if (
-    `${context.eventName}` == 'pull_request' ||
-    `${context.eventName}` == 'pull_request_target'
-  ) {
-    execArgs.push('-C', `${context.payload.pull_request.head.sha}`);
-  }
-  if (overridePr) {
-    execArgs.push('-P', `${overridePr}`);
-  } else if (
-    `${context.eventName}` == 'pull_request_target'
-  ) {
-    execArgs.push('-P', `${context.payload.number}`);
-  }
-  if (overrideTag) {
-    execArgs.push('-T', `${overrideTag}`);
-  }
-  if (rootDir) {
-    execArgs.push('-R', `${rootDir}`);
-  }
-  if (searchDir) {
-    execArgs.push('-s', `${searchDir}`);
-  }
-  if (slug) {
-    execArgs.push('-r', `${slug}`);
-  }
-  if (url) {
-    execArgs.push('-u', `${url}`);
-  }
-  if (verbose) {
-    execArgs.push('-v');
-  }
-  if (workingDir) {
-    options.cwd = workingDir;
-  }
-
-  return {execArgs, options, failCi};
-};
-
-export default buildExec;

src/helpers.ts

@@ -1,41 +0,0 @@
-import * as core from '@actions/core';
-
-const PLATFORMS = ['alpine', 'linux', 'macos', 'windows'];
-
-const setFailure = (message: string, failCi: boolean): void => {
-    failCi ? core.setFailed(message) : core.warning(message);
-    if (failCi) {
-      process.exit();
-    }
-};
-
-const getUploaderName = (): string => {
-  if (isWindows()) {
-    return 'codecov.exe';
-  } else {
-    return 'codecov';
-  }
-};
-
-const isValidPlatform = (): boolean => {
-  return PLATFORMS.includes(getPlatform());
-};
-
-const isWindows = (): boolean => {
-  return getPlatform() === 'windows';
-};
-
-const getPlatform = (): string => {
-  return process.env.RUNNER_OS.toLowerCase();
-};
-
-const BASEURL = `https://uploader.codecov.io/latest/${getPlatform()}/${getUploaderName()}`;
-
-export {
-  BASEURL,
-  getPlatform,
-  getUploaderName,
-  isValidPlatform,
-  isWindows,
-  setFailure,
-};

src/index.ts

@@ -1,69 +0,0 @@
-import * as fs from 'fs';
-import * as https from 'https';
-import * as path from 'path';
-
-import * as exec from '@actions/exec';
-
-import buildExec from './buildExec';
-import {
-  BASEURL,
-  getPlatform,
-  getUploaderName,
-  isValidPlatform,
-  setFailure,
-} from './helpers';
-
-import verify from './validate';
-
-let failCi;
-
-try {
-  const {execArgs, options, failCi} = buildExec();
-  const platform = getPlatform();
-  if (!isValidPlatform()) {
-    setFailure(
-        `Codecov: Encountered an unexpected platform: ${platform}`,
-        failCi,
-    );
-  }
-  const filename = path.join( __dirname, getUploaderName());
-  https.get(BASEURL, (res) => {
-    // Image will be stored at this path
-    const filePath = fs.createWriteStream(filename);
-    res.pipe(filePath);
-    filePath
-        .on('error', (err) => {
-          setFailure(
-              `Codecov: Failed to write uploader binary: ${err.message}`,
-              true,
-          );
-        }).on('finish', async () => {
-          filePath.close();
-
-          await verify(filename);
-          await fs.chmodSync(filename, '777');
-
-          const unlink = () => {
-            fs.unlink(filename, (err) => {
-              if (err) {
-                setFailure(
-                    `Codecov: Could not unlink uploader: ${err.message}`,
-                    failCi,
-                );
-              }
-            });
-          };
-          await exec.exec(filename, execArgs, options)
-              .catch((err) => {
-                setFailure(
-                    `Codecov: Failed to properly upload: ${err.message}`,
-                    failCi,
-                );
-              }).then(() => {
-                unlink();
-              });
-        });
-  });
-} catch (err) {
-  setFailure(`Codecov: Encountered an unexpected error ${err.message}`, failCi);
-}

src/pgp_keys.asc

@@ -1,52 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBGCsMn0BEACiCKZOhkbhUjb+obvhH49p3ShjJzU5b/GqAXSDhRhdXUq7ZoGq
-KEKCd7sQHrCf16Pi5UVacGIyE9hS93HwY15kMlLwM+lNeAeCglEscOjpCly1qUIr
-sN1wjkd2cwDXS6zHBJTqJ7wSOiXbZfTAeKhd6DuLEpmA+Rz4Yc+4qZP+fVxVG3Pv
-2v06m+E5CP/JQVQPO8HYi+S36hJImTh+zaDspu+VujSai5KzJ6YKmgwslVNIp5X5
-GnEr2uAh5w6UTnt9UQUjFFliAvQ3lPLWzm7DWs6AP9hslYxSWzwbzVF5qbOIjUJL
-KfoUpvCYDs2ObgRn8WUQO0ndkRCBIxhlF3HGGYWKQaCEsiom7lyi8VbAszmUCDjw
-HdbQHFmm5yHLpTXJbg+iaxQzKnhWVXzye5/x92IJmJswW81Ky346VxYdC1XFL/+Y
-zBaj9oMmV7WfRpdch09Gf4TgosMzWf3NjJbtKE5xkaghJckIgxwzcrRmF/RmCJue
-IMqZ8A5qUUlK7NBzj51xmAQ4BtkUa2bcCBRV/vP+rk9wcBWz2LiaW+7Mwlfr/C/Q
-Swvv/JW2LsQ4iWc1BY7m7ksn9dcdypEq/1JbIzVLCRDG7pbMj9yLgYmhe5TtjOM3
-ygk25584EhXSgUA3MZw+DIqhbHQBYgrKndTr2N/wuBQY62zZg1YGQByD4QARAQAB
-tEpDb2RlY292IFVwbG9hZGVyIChDb2RlY292IFVwbG9hZGVyIFZlcmlmaWNhdGlv
-biBLZXkpIDxzZWN1cml0eUBjb2RlY292LmlvPokCTgQTAQoAOBYhBCcDTn/bhQ4L
-vCxi/4Brsortd5hpBQJgrDJ9AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
-EIBrsortd5hpxLMP/3Fbgx5EG7zUUOqPZ+Ya9z8JlZFIkh3FxYMfMFE8jH9Es26F
-V2ZTJLO259MxM+5N0XzObi3h4XqIzBn42pDRfwtojY5wl2STJ9Bzu+ykPog7OB1u
-yfWXDRKcqPTUIxI1/WdU+c0/WNE6wjyzK+lRc1YUlp4pdNU7l+j2vKN+jGi2b6nV
-PTPRsMcwy3B90fKf5h2wNMNqO+KX/rjgpG9Uhej+xyFWkGM1tZDQQYFj+ugQUj61
-BMsQrUmxOnaVVnix21cHnACDCaxqgQZH3iZyEOKPNMsRFRP+0fLEnUMP+DVnQE6J
-Brk1Z+XhtjGI9PISQVx5KKDKscreS/D5ae2Cw/FUlQMf57kir6mkbZVhz2khtccz
-atD0r59WomNywIDyk1QfAKV0+O0WeJg8A69/Jk6yegsrUb5qEfkih/I38vvI0OVL
-BYve/mQIHuQo5ziBptNytCrN5TXHXzguX9GOW1V1+3DR+w/vXcnz67sjlYDysf1f
-JUZv9edZ2RGKW7agbrgOw2hB+zuWZ10tjoEcsaSGOLtKRGFDfmu/dBxzl8yopUpa
-Tn79QKOieleRm5+uCcKCPTeKV0GbhDntCZJ+Yiw6ZPmrpcjDowAoMQ9kiMVa10+Q
-WwwoaRWuqhf+dL6Q2OLFOxlyCDKVSyW0YF4Vrf3fKGyxKJmszAL+NS1mVcdxuQIN
-BGCsMn0BEADLrIesbpfdAfWRvUFDN+PoRfa0ROwa/JOMhEgVsowQuk9No8yRva/X
-VyiA6oCq6na7IvZXMxT7di4FWDjDtw5xHjbtFg336IJTGBcnzm7WIsjvyyw8kKfB
-8cvG7D2OkzAUF8SVXLarJ1zdBP/Dr1Nz6F/gJsx5+BM8wGHEz4DsdMRV7ZMTVh6b
-PaGuPZysPjSEw62R8MFJ1fSyDGCKJYwMQ/sKFzseNaY/kZVR5lq0dmhiYjNVQeG9
-HJ6ZCGSGT5PKNOwx/UEkT6jhvzWgfr2eFVGJTcdwSLEgIrJIDzP7myHGxuOiuCmJ
-ENgL1f7mzGkJ/hYXq1RWqsn1Fh2I9KZMHggqu4a+s3RiscmNcbIlIhJLXoE1bxZ/
-TfYZ9Aod6Bd5TsSMTZNwV2am9zelhDiFF60FWww/5nEbhm/X4suC9W86qWBxs3Kh
-vk1dxhElRjtgwUEHA5OFOO48ERHfR7COH719D/YmqLU3EybBgJbGoC/yjlGJxv0R
-kOMAiG2FneNKEZZihReh8A5Jt6jYrSoHFRwL6oJIZfLezB7Rdajx1uH7uYcUyIaE
-SiDWlkDw/IFM315NYFA8c1TCSIfnabUYaAxSLNFRmXnt+GQpm44qAK1x8EGhY633
-e5B4FWorIXx0tTmsVM4rkQ6IgAodeywKG+c2Ikd+5dQLFmb7dW/6CwARAQABiQI2
-BBgBCgAgFiEEJwNOf9uFDgu8LGL/gGuyiu13mGkFAmCsMn0CGwwACgkQgGuyiu13
-mGkYWxAAkzF64SVpYvY9nY/QSYikL8UHlyyqirs6eFZ3Mj9lMRpHM2Spn9a3c701
-0Ge4wDbRP2oftCyPP+p9pdUA77ifMTlRcoMYX8oXAuyE5RT2emBDiWvSR6hQQ8bZ
-WFNXal+bUPpaRiruCCUPD2b8Od1ftzLqbYOosxr/m5Du0uahgOuGw6zlGBJCVOo7
-UB2Y++oZ8P7oDGF722opepWQ+bl2a6TRMLNWWlj4UANknyjlhyZZ7PKhWLjoC6MU
-dAKcwQUdp+XYLc/3b00bvgju0e99QgHZMX2fN3d3ktdN5Q2fqiAi5R6BmCCO4ISF
-o5j10gGU/sdqGHvNhv5C21ibun7HEzMtxBhnhGmytfBJzrsj7GOReePsfTLoCoUq
-dFMOAVUDciVfRtL2m8cv42ZJOXtPfDjsFOf8AKJk40/tc8mMMqZP7RVBr9RWOoq5
-y9D37NfI6UB8rPZ6qs0a1Vfm8lIh2/k1AFECduXgftMDTsmmXOgXXS37HukGW7AL
-QKWiWJQF/XopkXwkyAYpyuyRMZ77oF7nuqLFnl5VVEiRo0Fwu45erebc6ccSwYZU
-8pmeSx7s0aJtxCZPSZEKZ3mn0BXOR32Cgs48CjzFWf6PKucTwOy/YO0/4Gt/upNJ
-3DyeINcYcKyD08DEIF9f5tLyoiD4xz+N23ltTBoMPyv4f3X/wCQ=
-=ch7z
------END PGP PUBLIC KEY BLOCK-----

src/validate.ts

@@ -1,69 +0,0 @@
-import * as crypto from 'crypto';
-import * as fs from 'fs';
-import * as path from 'path';
-
-import * as core from '@actions/core';
-import * as openpgp from 'openpgp';
-import * as fetch from 'node-fetch';
-
-import {
-  BASEURL,
-  getUploaderName,
-  setFailure,
-} from './helpers';
-
-const verify = async (filename: string) => {
-  try {
-    const uploaderName = getUploaderName();
-
-    // Read in public key
-    const publicKeyArmored = await fs.readFileSync(
-        path.join(__dirname, 'pgp_keys.asc'),
-        'utf-8',
-    );
-
-    // Get SHASUM and SHASUM signature files
-    const shasumRes = await fetch( `${BASEURL}.SHA256SUM`);
-    const shasum = await shasumRes.text();
-
-    const shaSigRes = await fetch( `${BASEURL}.SHA256SUM.sig`);
-    const shaSig = await shaSigRes.text();
-
-    // Verify shasum
-    const verified = await openpgp.verify({
-      message: await openpgp.cleartext.fromText(shasum),
-      signature: await openpgp.signature.readArmored(shaSig),
-      publicKeys: (await openpgp.key.readArmored(publicKeyArmored)).keys,
-    });
-    const {valid} = verified.signatures[0];
-    if (valid) {
-      core.info('==> SHASUM file signed by key id ' +
-          verified.signatures[0].keyid.toHex(),
-      );
-    } else {
-      setFailure('Codecov: Error validating SHASUM signature', true);
-    }
-
-    // Verify uploader
-    const uploaderSha = crypto.createHash(`sha256`);
-    const stream = fs.createReadStream(filename);
-    await stream
-        .on('data', (data) => {
-          uploaderSha.update(data);
-        }).on('end', async () => {
-          const hash = `${uploaderSha.digest('hex')}  ${uploaderName}`;
-          if (hash !== shasum) {
-            setFailure(
-                'Codecov: Uploader shasum does not match ' +
-                  `uploader hash: ${hash}, public hash: ${shasum}`,
-                true,
-            );
-          } else {
-            core.info('==> Uploader SHASUM verified');
-          }
-        });
-  } catch (err) {
-    setFailure(`Codecov: Error validating uploader: ${err.message}`, true);
-  }
-};
-export default verify;

src/version

@@ -0,0 +1 @@
+CODECOV_ACTION_VERSION="5.0.4"

tsconfig.json

@@ -1,16 +0,0 @@
-{
-  "compilerOptions": {
-    "esModuleInterop": true,
-    "moduleResolution": "node",
-    "outDir": "./dist",
-    "rootDir": "./src",
-    "sourceMap": true,
-    "target": "es2015"
-  },
-  "include": [
-    "src/**/*.ts"
-  ],
-  "exclude": [
-    "src/**/*.test.ts"
-  ]
-}