zizmor 1.12.0__tar.gz → 1.12.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of zizmor might be problematic. Click here for more details.

Files changed (397) hide show
  1. {zizmor-1.12.0 → zizmor-1.12.1}/Cargo.lock +1 -1
  2. {zizmor-1.12.0 → zizmor-1.12.1}/Cargo.toml +1 -0
  3. {zizmor-1.12.0 → zizmor-1.12.1}/PKG-INFO +1 -1
  4. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-expressions/src/lib.rs +1 -1
  5. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/src/workflow/job.rs +7 -6
  6. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpatch/src/lib.rs +29 -29
  7. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/src/lib.rs +6 -6
  8. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/Cargo.toml +1 -2
  9. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/cache_poisoning.rs +1 -1
  10. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/hardcoded_container_credentials.rs +19 -20
  11. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/registry.rs +3 -1
  12. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshot.rs +6 -0
  13. zizmor-1.12.1/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-16.snap +35 -0
  14. zizmor-1.12.1/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-1081-repro.yml +29 -0
  15. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-expressions/Cargo.toml +0 -0
  16. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-expressions/README.md +0 -0
  17. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-expressions/src/context.rs +0 -0
  18. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-expressions/src/expr.pest +0 -0
  19. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/Cargo.toml +0 -0
  20. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/LICENSE +0 -0
  21. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/README.md +0 -0
  22. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/src/action.rs +0 -0
  23. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/src/common/expr.rs +0 -0
  24. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/src/common.rs +0 -0
  25. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/src/dependabot/mod.rs +0 -0
  26. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/src/dependabot/v2.rs +0 -0
  27. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/src/lib.rs +0 -0
  28. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/src/workflow/event.rs +0 -0
  29. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/src/workflow/mod.rs +0 -0
  30. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-actions/gh-action-pip-audit.yml +0 -0
  31. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-actions/gh-action-pypi-publish.yml +0 -0
  32. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-actions/gh-action-sigstore-python.yml +0 -0
  33. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-actions/no-input-output-descriptions.yml +0 -0
  34. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-actions/setup-python.yml +0 -0
  35. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-dependabot/v2/pip-audit.yml +0 -0
  36. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-dependabot/v2/sigstore-python.yml +0 -0
  37. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/adafruit-circuitpython-run-tests.yml +0 -0
  38. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/false-condition.yml +0 -0
  39. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/gh-action-sigstore-python-selftest.yml +0 -0
  40. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/git-annex-built-windows.yaml +0 -0
  41. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/guacsec-guac-ci.yml +0 -0
  42. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/homebrew-core-automerge-triggers.yml +0 -0
  43. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/homebrew-core-dispatch-rebottle.yml +0 -0
  44. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/intel-llvm-sycl-linux-run-tests.yml +0 -0
  45. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/issue-35.yml +0 -0
  46. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/jazzband-tablib-docs-lint.yml +0 -0
  47. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/letsencrypt-boulder-boulder-ci.yml +0 -0
  48. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/mhils-workflows-python-deploy.yml +0 -0
  49. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/openbao-openbao-test-go.yml +0 -0
  50. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/pip-api-test.yml +0 -0
  51. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/pip-audit-ci.yml +0 -0
  52. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/pip-audit-scorecards.yml +0 -0
  53. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/pwn-requests.yml +0 -0
  54. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/pyca-cryptography-ci.yml +0 -0
  55. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/pypi-attestations-release.yml +0 -0
  56. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/reusable-workflow-unpinned.yml +0 -0
  57. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/rnpgp-rnp-centos-and-fedora.yml +0 -0
  58. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/runs-on-expr.yml +0 -0
  59. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/runs-on-group-only.yml +0 -0
  60. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/scalar-trigger-type.yml +0 -0
  61. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/vil02-puzzle_generator-check_examples.yml +0 -0
  62. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/zizmor-issue-646.yml +0 -0
  63. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/sample-workflows/zizmor-issue-650.yml +0 -0
  64. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/test_action.rs +0 -0
  65. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/test_dependabot_v2.rs +0 -0
  66. {zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/tests/test_workflow.rs +0 -0
  67. {zizmor-1.12.0 → zizmor-1.12.1}/crates/subfeature/.gitignore +0 -0
  68. {zizmor-1.12.0 → zizmor-1.12.1}/crates/subfeature/Cargo.toml +0 -0
  69. {zizmor-1.12.0 → zizmor-1.12.1}/crates/subfeature/LICENSE +0 -0
  70. {zizmor-1.12.0 → zizmor-1.12.1}/crates/subfeature/README.md +0 -0
  71. {zizmor-1.12.0 → zizmor-1.12.1}/crates/subfeature/src/lib.rs +0 -0
  72. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpatch/Cargo.toml +0 -0
  73. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpatch/LICENSE +0 -0
  74. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpatch/README.md +0 -0
  75. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpatch/tests/unit_tests.rs +0 -0
  76. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/Cargo.toml +0 -0
  77. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/LICENSE +0 -0
  78. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/README.md +0 -0
  79. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/tests/integration_test.rs +0 -0
  80. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/tests/testcases/basic.yml +0 -0
  81. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/tests/testcases/comments.yml +0 -0
  82. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/tests/testcases/directives.yml +0 -0
  83. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/tests/testcases/exact-features.yml +0 -0
  84. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/tests/testcases/flow.yml +0 -0
  85. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/tests/testcases/interceding-comment.yml +0 -0
  86. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/tests/testcases/key-only-features.yml +0 -0
  87. {zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/tests/testcases/quoted-key.yml +0 -0
  88. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/README.md +0 -0
  89. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/build.rs +0 -0
  90. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/data/codeql-injection-sinks.json +0 -0
  91. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/data/context-capabilities.csv +0 -0
  92. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/anonymous_definition.rs +0 -0
  93. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/artipacked.rs +0 -0
  94. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/bot_conditions.rs +0 -0
  95. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/dangerous_triggers.rs +0 -0
  96. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/excessive_permissions.rs +0 -0
  97. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/forbidden_uses.rs +0 -0
  98. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/github_env.rs +0 -0
  99. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/impostor_commit.rs +0 -0
  100. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/insecure_commands.rs +0 -0
  101. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/known_vulnerable_actions.rs +0 -0
  102. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/mod.rs +0 -0
  103. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/obfuscation.rs +0 -0
  104. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/overprovisioned_secrets.rs +0 -0
  105. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/ref_confusion.rs +0 -0
  106. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/secrets_inherit.rs +0 -0
  107. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/self_hosted_runner.rs +0 -0
  108. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/stale_action_refs.rs +0 -0
  109. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/template_injection.rs +0 -0
  110. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/unpinned_images.rs +0 -0
  111. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/unpinned_uses.rs +0 -0
  112. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/unredacted_secrets.rs +0 -0
  113. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/unsound_condition.rs +0 -0
  114. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/unsound_contains.rs +0 -0
  115. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/use_trusted_publishing.rs +0 -0
  116. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/config.rs +0 -0
  117. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/data/github-action.json +0 -0
  118. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/data/github-workflow.json +0 -0
  119. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/finding/location.rs +0 -0
  120. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/finding.rs +0 -0
  121. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/github_api.rs +0 -0
  122. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/lsp.rs +0 -0
  123. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/main.rs +0 -0
  124. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/models/action.rs +0 -0
  125. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/models/coordinate.rs +0 -0
  126. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/models/inputs.rs +0 -0
  127. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/models/uses.rs +0 -0
  128. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/models/workflow.rs +0 -0
  129. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/models.rs +0 -0
  130. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/output/fix.rs +0 -0
  131. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/output/github.rs +0 -0
  132. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/output/json/mod.rs +0 -0
  133. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/output/json/v1.rs +0 -0
  134. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/output/mod.rs +0 -0
  135. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/output/plain.rs +0 -0
  136. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/output/sarif.rs +0 -0
  137. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/state.rs +0 -0
  138. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/utils.rs +0 -0
  139. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/acceptance.rs +0 -0
  140. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/common.rs +0 -0
  141. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/e2e/json_v1.rs +0 -0
  142. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__json_v1__json_v1.snap +0 -0
  143. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/e2e.rs +0 -0
  144. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/main.rs +0 -0
  145. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__gha_hazmat.snap +0 -0
  146. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_config_file.snap +0 -0
  147. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_input_not_strict-2.snap +0 -0
  148. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_input_not_strict.snap +0 -0
  149. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-10.snap +0 -0
  150. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-2.snap +0 -0
  151. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-3.snap +0 -0
  152. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-4.snap +0 -0
  153. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-5.snap +0 -0
  154. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-6.snap +0 -0
  155. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-7.snap +0 -0
  156. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-8.snap +0 -0
  157. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-9.snap +0 -0
  158. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs.snap +0 -0
  159. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_569.snap +0 -0
  160. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_612_repro.snap +0 -0
  161. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_726.snap +0 -0
  162. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie-2.snap +0 -0
  163. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie.snap +0 -0
  164. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__e2e__pr_960_backstop.snap +0 -0
  165. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__anonymous_definition-2.snap +0 -0
  166. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__anonymous_definition.snap +0 -0
  167. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-2.snap +0 -0
  168. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-3.snap +0 -0
  169. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-4.snap +0 -0
  170. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-5.snap +0 -0
  171. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked.snap +0 -0
  172. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__bot_conditions.snap +0 -0
  173. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-10.snap +0 -0
  174. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-11.snap +0 -0
  175. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-12.snap +0 -0
  176. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-13.snap +0 -0
  177. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-14.snap +0 -0
  178. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-15.snap +0 -0
  179. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-2.snap +0 -0
  180. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-3.snap +0 -0
  181. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-4.snap +0 -0
  182. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-5.snap +0 -0
  183. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-6.snap +0 -0
  184. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-7.snap +0 -0
  185. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-8.snap +0 -0
  186. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-9.snap +0 -0
  187. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning.snap +0 -0
  188. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve.snap +0 -0
  189. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-10.snap +0 -0
  190. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-11.snap +0 -0
  191. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-12.snap +0 -0
  192. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-2.snap +0 -0
  193. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-3.snap +0 -0
  194. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-4.snap +0 -0
  195. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-5.snap +0 -0
  196. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-6.snap +0 -0
  197. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-7.snap +0 -0
  198. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-8.snap +0 -0
  199. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-9.snap +0 -0
  200. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions.snap +0 -0
  201. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-2.snap +0 -0
  202. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-3.snap +0 -0
  203. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-4.snap +0 -0
  204. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-5.snap +0 -0
  205. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-6.snap +0 -0
  206. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses.snap +0 -0
  207. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-2.snap +0 -0
  208. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-3.snap +0 -0
  209. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env.snap +0 -0
  210. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_output.snap +0 -0
  211. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-2.snap +0 -0
  212. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-3.snap +0 -0
  213. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-4.snap +0 -0
  214. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands.snap +0 -0
  215. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation-2.snap +0 -0
  216. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation.snap +0 -0
  217. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__overprovisioned_secrets.snap +0 -0
  218. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion-2.snap +0 -0
  219. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion.snap +0 -0
  220. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__secrets_inherit.snap +0 -0
  221. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-2.snap +0 -0
  222. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-3.snap +0 -0
  223. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-4.snap +0 -0
  224. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-5.snap +0 -0
  225. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-6.snap +0 -0
  226. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-7.snap +0 -0
  227. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-8.snap +0 -0
  228. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted.snap +0 -0
  229. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__stale_action_refs.snap +0 -0
  230. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-10.snap +0 -0
  231. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-11.snap +0 -0
  232. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-12.snap +0 -0
  233. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-13.snap +0 -0
  234. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-14.snap +0 -0
  235. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-15.snap +0 -0
  236. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-2.snap +0 -0
  237. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-3.snap +0 -0
  238. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-4.snap +0 -0
  239. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-5.snap +0 -0
  240. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-6.snap +0 -0
  241. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-7.snap +0 -0
  242. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-8.snap +0 -0
  243. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-9.snap +0 -0
  244. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection.snap +0 -0
  245. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config-2.snap +0 -0
  246. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config.snap +0 -0
  247. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-default-config.snap +0 -0
  248. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-empty-config.snap +0 -0
  249. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-hash-pin-everything-config.snap +0 -0
  250. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-ref-pin-everything-config.snap +0 -0
  251. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_images.snap +0 -0
  252. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-10.snap +0 -0
  253. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-11.snap +0 -0
  254. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-12.snap +0 -0
  255. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-2.snap +0 -0
  256. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-3.snap +0 -0
  257. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-4.snap +0 -0
  258. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-5.snap +0 -0
  259. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-6.snap +0 -0
  260. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-7.snap +0 -0
  261. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-8.snap +0 -0
  262. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-9.snap +0 -0
  263. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses.snap +0 -0
  264. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unredacted_secrets.snap +0 -0
  265. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_condition.snap +0 -0
  266. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_contains.snap +0 -0
  267. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-2.snap +0 -0
  268. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-3.snap +0 -0
  269. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing.snap +0 -0
  270. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/anonymous-definition.yml +0 -0
  271. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/artipacked/demo-action/action.yml +0 -0
  272. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/artipacked/issue-447-repro.yml +0 -0
  273. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/artipacked.yml +0 -0
  274. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/bot-conditions.yml +0 -0
  275. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-disabled-by-default.yml +0 -0
  276. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-enabled-by-default.yml +0 -0
  277. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-not-configurable.yml +0 -0
  278. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolean-toggle.yml +0 -0
  279. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolish-toggle.yml +0 -0
  280. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-expression.yml +0 -0
  281. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-multi-value-toggle.yml +0 -0
  282. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-out.yml +0 -0
  283. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-343-repro.yml +0 -0
  284. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-378-repro.yml +0 -0
  285. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-642-repro.yml +0 -0
  286. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/no-cache-aware-steps.yml +0 -0
  287. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/publisher-step.yml +0 -0
  288. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-release-branch-trigger.yml +0 -0
  289. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-tag-trigger.yml +0 -0
  290. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/cache-poisoning.yml +0 -0
  291. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/dummy-action-2/action.yml +0 -0
  292. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/another-dummy.yml +0 -0
  293. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/dummy.yml +0 -0
  294. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/ignored.yaml +0 -0
  295. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.gitignore +0 -0
  296. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/e2e-menagerie/README.md +0 -0
  297. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/e2e-menagerie/dummy-action-1/action.yaml +0 -0
  298. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-336-repro.yml +0 -0
  299. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-472-repro.yml +0 -0
  300. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/excessive-permissions/jobs-broaden-permissions.yml +0 -0
  301. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-call.yml +0 -0
  302. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-other-triggers.yml +0 -0
  303. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms-all-jobs-explicit.yml +0 -0
  304. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms.yml +0 -0
  305. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-empty-perms.yml +0 -0
  306. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-read-all.yml +0 -0
  307. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-all.yml +0 -0
  308. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-explicit.yml +0 -0
  309. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/excessive-permissions.yml +0 -0
  310. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-all.yml +0 -0
  311. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some-refs.yml +0 -0
  312. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some.yml +0 -0
  313. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-all.yml +0 -0
  314. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some-refs.yml +0 -0
  315. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some.yml +0 -0
  316. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/forbidden-uses/forbidden-uses-menagerie.yml +0 -0
  317. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/github-env/action.yml +0 -0
  318. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/github-env/github-path.yml +0 -0
  319. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/github-env/issue-397-repro.yml +0 -0
  320. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/github_env.yml +0 -0
  321. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/hardcoded-credentials.yml +0 -0
  322. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/inlined-ignores.yml +0 -0
  323. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/insecure-commands/action.yml +0 -0
  324. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/insecure-commands/issue-839-repro.yml +0 -0
  325. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/insecure-commands.yml +0 -0
  326. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-1.yml +0 -0
  327. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-2.yml +0 -0
  328. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/invalid/blank.yml +0 -0
  329. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/invalid/comment-only.yml +0 -0
  330. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/invalid/empty-action/action.yml +0 -0
  331. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/invalid/empty.yml +0 -0
  332. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/invalid/invalid-action-1/action.yml +0 -0
  333. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/invalid/invalid-action-2/action.yml +0 -0
  334. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow-2.yml +0 -0
  335. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow.yml +0 -0
  336. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/issue-612-repro/action.yml +0 -0
  337. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/obfuscation/computed-indices.yml +0 -0
  338. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/obfuscation.yml +0 -0
  339. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/overprovisioned-secrets.yml +0 -0
  340. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/pr-960-backstop/action.yml +0 -0
  341. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/ref-confusion/issue-518-repro.yml +0 -0
  342. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/ref-confusion.yml +0 -0
  343. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/secrets-inherit.yml +0 -0
  344. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/self-hosted/issue-283-repro.yml +0 -0
  345. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-dimension.yml +0 -0
  346. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-exclusion.yml +0 -0
  347. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-inclusion.yml +0 -0
  348. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-group.yml +0 -0
  349. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-label.yml +0 -0
  350. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/self-hosted.yml +0 -0
  351. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/several-vulnerabilities.yml +0 -0
  352. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/stale-action-refs.yml +0 -0
  353. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/addnab-docker-run-action.yml +0 -0
  354. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/codeql-sinks.yml +0 -0
  355. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/dataflow.yml +0 -0
  356. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/false-positive-menagerie.yml +0 -0
  357. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/input-caps.yml +0 -0
  358. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/issue-22-repro.yml +0 -0
  359. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/issue-339-repro.yml +0 -0
  360. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/issue-418-repro.yml +0 -0
  361. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/issue-749-repro.yml +0 -0
  362. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/issue-883-repro/action.yml +0 -0
  363. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/issue-988-repro.yml +0 -0
  364. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/multiline-expression.yml +0 -0
  365. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/patterns.yml +0 -0
  366. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/pr-317-repro.yml +0 -0
  367. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/pr-425-backstop/action.yml +0 -0
  368. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/pwsh-script.yml +0 -0
  369. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/static-env.yml +0 -0
  370. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/template-injection-dynamic-matrix.yml +0 -0
  371. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection/template-injection-static-matrix.yml +0 -0
  372. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/template-injection.yml +0 -0
  373. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-images.yml +0 -0
  374. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/action.yml +0 -0
  375. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite-2.yml +0 -0
  376. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite.yml +0 -0
  377. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/empty.yml +0 -0
  378. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/hash-pin-everything.yml +0 -0
  379. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-1.yml +0 -0
  380. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-2.yml +0 -0
  381. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-3.yml +0 -0
  382. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-4.yml +0 -0
  383. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-5.yml +0 -0
  384. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-6.yml +0 -0
  385. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-wrong-policy-object.yml +0 -0
  386. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/ref-pin-everything.yml +0 -0
  387. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-433-repro.yml +0 -0
  388. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-659-repro.yml +0 -0
  389. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses/menagerie-of-uses.yml +0 -0
  390. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unpinned-uses.yml +0 -0
  391. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unredacted-secrets.yml +0 -0
  392. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unsound-condition.yml +0 -0
  393. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/unsound-contains.yml +0 -0
  394. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/cargo-publish.yml +0 -0
  395. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/demo-action/action.yml +0 -0
  396. {zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/test-data/use-trusted-publishing.yml +0 -0
  397. {zizmor-1.12.0 → zizmor-1.12.1}/pyproject.toml +0 -0
{zizmor-1.12.0 → zizmor-1.12.1}/Cargo.lock RENAMED
@@ -3832,7 +3832,7 @@ dependencies = [
3832
3832
 
3833
3833
  [[package]]
3834
3834
  name = "zizmor"
3835
- version = "1.12.0"
3835
+ version = "1.12.1"
3836
3836
  dependencies = [
3837
3837
  "annotate-snippets",
3838
3838
  "anstream",
{zizmor-1.12.0 → zizmor-1.12.1}/Cargo.toml RENAMED
@@ -8,6 +8,7 @@ readme = "README.md"
8
8
  homepage = "https://docs.zizmor.sh"
9
9
  edition = "2024"
10
10
  license = "MIT"
11
+ rust-version = "1.88.0"
11
12
 
12
13
  [workspace.dependencies]
13
14
  anyhow = "1.0.98"
{zizmor-1.12.0 → zizmor-1.12.1}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: zizmor
3
- Version: 1.12.0
3
+ Version: 1.12.1
4
4
  License-File: LICENSE
5
5
  Home-Page: https://docs.zizmor.sh
6
6
  Requires-Python: >=3.9
{zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-expressions/src/lib.rs RENAMED
@@ -425,7 +425,7 @@ impl<'src> Expr<'src> {
425
425
  .next()
426
426
  .unwrap();
427
427
 
428
- fn parse_pair(pair: Pair<'_, Rule>) -> Result<Box<SpannedExpr>> {
428
+ fn parse_pair(pair: Pair<'_, Rule>) -> Result<Box<SpannedExpr<'_>>> {
429
429
  // We're parsing a pest grammar, which isn't left-recursive.
430
430
  // As a result, we have constructions like
431
431
  // `or_expr = { and_expr ~ ("||" ~ and_expr)* }`, which
{zizmor-1.12.0 → zizmor-1.12.1}/crates/github-actions-models/src/workflow/job.rs RENAMED
@@ -63,12 +63,13 @@ impl<'de> Deserialize<'de> for RunsOn {
63
63
  // serde lacks the ability to do inter-field invariants at the derive
64
64
  // layer, so we enforce the invariant that a `RunsOn::Group`
65
65
  // has either a `group` or at least one label here.
66
- if let RunsOn::Group { group, labels } = &runs_on {
67
- if group.is_none() && labels.is_empty() {
68
- return Err(custom_error::<D>(
69
- "runs-on must provide either `group` or one or more `labels`",
70
- ));
71
- }
66
+ if let RunsOn::Group { group, labels } = &runs_on
67
+ && group.is_none()
68
+ && labels.is_empty()
69
+ {
70
+ return Err(custom_error::<D>(
71
+ "runs-on must provide either `group` or one or more `labels`",
72
+ ));
72
73
  }
73
74
 
74
75
  Ok(runs_on)
{zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpatch/src/lib.rs RENAMED
@@ -874,35 +874,35 @@ fn apply_value_replacement(
874
874
 
875
875
  if is_multiline_literal {
876
876
  // Check if this is a multiline string value
877
- if let serde_yaml::Value::String(string_content) = value {
878
- if string_content.contains('\n') {
879
- // For multiline literal blocks, use the raw string content
880
- let leading_whitespace = extract_leading_whitespace(doc, feature);
881
- let content_indent = format!("{leading_whitespace} "); // Key indent + 2 spaces for content
882
-
883
- // Format as: key: |\n content\n more content
884
- let indented_content = string_content
885
- .lines()
886
- .map(|line| {
887
- if line.trim().is_empty() {
888
- String::new()
889
- } else {
890
- format!("{}{}", content_indent, line.trim_start())
891
- }
892
- })
893
- .collect::<Vec<_>>()
894
- .join("\n");
895
-
896
- // Find the position of | in the original content and include it
897
- let pipe_pos = value_part.find('|').unwrap();
898
- let key_with_pipe = &current_content_with_ws
899
- [..colon_pos + 1 + value_part[..pipe_pos].len() + 1];
900
- return Ok(format!(
901
- "{}\n{}",
902
- key_with_pipe.trim_end(),
903
- indented_content
904
- ));
905
- }
877
+ if let serde_yaml::Value::String(string_content) = value
878
+ && string_content.contains('\n')
879
+ {
880
+ // For multiline literal blocks, use the raw string content
881
+ let leading_whitespace = extract_leading_whitespace(doc, feature);
882
+ let content_indent = format!("{leading_whitespace} "); // Key indent + 2 spaces for content
883
+
884
+ // Format as: key: |\n content\n more content
885
+ let indented_content = string_content
886
+ .lines()
887
+ .map(|line| {
888
+ if line.trim().is_empty() {
889
+ String::new()
890
+ } else {
891
+ format!("{}{}", content_indent, line.trim_start())
892
+ }
893
+ })
894
+ .collect::<Vec<_>>()
895
+ .join("\n");
896
+
897
+ // Find the position of | in the original content and include it
898
+ let pipe_pos = value_part.find('|').unwrap();
899
+ let key_with_pipe = &current_content_with_ws
900
+ [..colon_pos + 1 + value_part[..pipe_pos].len() + 1];
901
+ return Ok(format!(
902
+ "{}\n{}",
903
+ key_with_pipe.trim_end(),
904
+ indented_content
905
+ ));
906
906
  }
907
907
  }
908
908
  }
{zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/src/lib.rs RENAMED
@@ -347,7 +347,7 @@ impl Document {
347
347
  ///
348
348
  /// This is typically useful as a "fallback" feature, e.g. for positioning
349
349
  /// relative to the "top" of the document.
350
- pub fn top_feature(&self) -> Result<Feature, QueryError> {
350
+ pub fn top_feature(&self) -> Result<Feature<'_>, QueryError> {
351
351
  let top_node = self.top_object()?;
352
352
  Ok(top_node.into())
353
353
  }
@@ -388,7 +388,7 @@ impl Document {
388
388
  ///
389
389
  /// For example, querying `foo: bar` for `foo` will return
390
390
  /// `foo: bar` instead of just `bar`.
391
- pub fn query_pretty(&self, route: &Route) -> Result<Feature, QueryError> {
391
+ pub fn query_pretty(&self, route: &Route) -> Result<Feature<'_>, QueryError> {
392
392
  self.query_node(route, QueryMode::Pretty).map(|n| n.into())
393
393
  }
394
394
 
@@ -401,7 +401,7 @@ impl Document {
401
401
  ///
402
402
  /// For example, querying `foo: bar` for `foo` will return
403
403
  /// just `bar` instead of `foo: bar`.
404
- pub fn query_exact(&self, route: &Route) -> Result<Option<Feature>, QueryError> {
404
+ pub fn query_exact(&self, route: &Route) -> Result<Option<Feature<'_>>, QueryError> {
405
405
  let node = self.query_node(route, QueryMode::Exact)?;
406
406
 
407
407
  if node.kind_id() == self.block_mapping_pair_id || node.kind_id() == self.flow_pair_id {
@@ -423,7 +423,7 @@ impl Document {
423
423
  ///
424
424
  /// For example, querying `foo: bar` for `foo` will return
425
425
  /// just `foo` instead of `foo: bar` or `bar`.
426
- pub fn query_key_only(&self, route: &Route) -> Result<Feature, QueryError> {
426
+ pub fn query_key_only(&self, route: &Route) -> Result<Feature<'_>, QueryError> {
427
427
  if !matches!(route.route.last(), Some(Component::Key(_))) {
428
428
  return Err(QueryError::Other(
429
429
  "route must end with a key component for key-only routes".into(),
@@ -543,7 +543,7 @@ impl Document {
543
543
 
544
544
  /// Returns the topmost semantic object in the YAML document,
545
545
  /// i.e. the node corresponding to the first block or flow feature.
546
- fn top_object(&self) -> Result<Node, QueryError> {
546
+ fn top_object(&self) -> Result<Node<'_>, QueryError> {
547
547
  // All tree-sitter-yaml trees start with a `stream` node.
548
548
  let stream = self.tree.root_node();
549
549
 
@@ -567,7 +567,7 @@ impl Document {
567
567
  Ok(top_node)
568
568
  }
569
569
 
570
- fn query_node(&self, route: &Route, mode: QueryMode) -> Result<Node, QueryError> {
570
+ fn query_node(&self, route: &Route, mode: QueryMode) -> Result<Node<'_>, QueryError> {
571
571
  let mut focus_node = self.top_object()?;
572
572
  for component in &route.route {
573
573
  match self.descend(&focus_node, component) {
{zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/Cargo.toml RENAMED
@@ -1,12 +1,11 @@
1
1
  [package]
2
2
  name = "zizmor"
3
3
  description = "Static analysis for GitHub Actions"
4
- version = "1.12.0"
4
+ version = "1.12.1"
5
5
  repository = "https://github.com/zizmorcore/zizmor"
6
6
  documentation = "https://docs.zizmor.sh"
7
7
  keywords = ["cli", "github-actions", "static-analysis", "security"]
8
8
  categories = ["command-line-utilities", "security"]
9
- rust-version = "1.85.0"
10
9
 
11
10
  homepage.workspace = true
12
11
  license.workspace = true
{zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/cache_poisoning.rs RENAMED
@@ -75,7 +75,7 @@ static KNOWN_CACHE_AWARE_ACTIONS: LazyLock<Vec<ActionCoordinate>> = LazyLock::ne
75
75
  ActionCoordinate::Configurable {
76
76
  uses_pattern: "astral-sh/setup-uv".parse().unwrap(),
77
77
  control: ControlExpr::single(
78
- Toggle::OptOut,
78
+ Toggle::OptIn,
79
79
  "enable-cache",
80
80
  ControlFieldType::Boolean,
81
81
  true,
{zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/audit/hardcoded_container_credentials.rs RENAMED
@@ -73,28 +73,27 @@ impl Audit for HardcodedContainerCredentials {
73
73
  }),
74
74
  ..
75
75
  } = &config
76
+ && ExplicitExpr::from_curly(password).is_none()
76
77
  {
77
- if ExplicitExpr::from_curly(password).is_none() {
78
- findings.push(
79
- Self::finding()
80
- .severity(Severity::High)
81
- .confidence(Confidence::High)
82
- .add_location(
83
- job.location()
84
- .primary()
85
- .with_keys([
86
- "services".into(),
87
- service.as_str().into(),
88
- "credentials".into(),
89
- ])
90
- .annotated(format!(
91
- "service {service}: container registry password is \
78
+ findings.push(
79
+ Self::finding()
80
+ .severity(Severity::High)
81
+ .confidence(Confidence::High)
82
+ .add_location(
83
+ job.location()
84
+ .primary()
85
+ .with_keys([
86
+ "services".into(),
87
+ service.as_str().into(),
88
+ "credentials".into(),
89
+ ])
90
+ .annotated(format!(
91
+ "service {service}: container registry password is \
92
92
  hard-coded"
93
- )),
94
- )
95
- .build(workflow)?,
96
- )
97
- }
93
+ )),
94
+ )
95
+ .build(workflow)?,
96
+ )
98
97
  }
99
98
  }
100
99
  }
{zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/src/registry.rs RENAMED
@@ -381,7 +381,9 @@ impl AuditRegistry {
381
381
  self.audits.insert(ident, audit);
382
382
  }
383
383
 
384
- pub(crate) fn iter_audits(&self) -> indexmap::map::Iter<&str, Box<dyn Audit + Send + Sync>> {
384
+ pub(crate) fn iter_audits(
385
+ &self,
386
+ ) -> indexmap::map::Iter<'_, &str, Box<dyn Audit + Send + Sync>> {
385
387
  self.audits.iter()
386
388
  }
387
389
  }
{zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/tests/integration/snapshot.rs RENAMED
@@ -537,6 +537,12 @@ fn cache_poisoning() -> Result<()> {
537
537
  .run()?
538
538
  );
539
539
 
540
+ insta::assert_snapshot!(
541
+ zizmor()
542
+ .input(input_under_test("cache-poisoning/issue-1081-repro.yml"))
543
+ .run()?
544
+ );
545
+
540
546
  Ok(())
541
547
  }
542
548
 
zizmor-1.12.1/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-16.snap ADDED
@@ -0,0 +1,35 @@
1
+ ---
2
+ source: crates/zizmor/tests/integration/snapshot.rs
3
+ expression: "zizmor().input(input_under_test(\"cache-poisoning/issue-1081-repro.yml\")).run()?"
4
+ snapshot_kind: text
5
+ ---
6
+ error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
7
+ --> @@INPUT@@:5:1
8
+ |
9
+ 5 | on: release
10
+ | ^^^^^^^^^^^ generally used when publishing artifacts generated at runtime
11
+ 6 |
12
+ ...
13
+ 14 | # TRUE POSITIVE: enable-cache enabled by default
14
+ 15 | - uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
15
+ | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cache enabled by default here
16
+ |
17
+ = note: audit confidence → Low
18
+ = note: this finding has an auto-fix
19
+
20
+ error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
21
+ --> @@INPUT@@:5:1
22
+ |
23
+ 5 | on: release
24
+ | ^^^^^^^^^^^ generally used when publishing artifacts generated at runtime
25
+ 6 |
26
+ ...
27
+ 18 | - uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
28
+ 19 | / with:
29
+ 20 | | enable-cache: true
30
+ | |____________________________^ opt-in for caching here
31
+ |
32
+ = note: audit confidence → Low
33
+ = note: this finding has an auto-fix
34
+
35
+ 2 findings (2 fixable): 0 unknown, 0 informational, 0 low, 0 medium, 2 high
zizmor-1.12.1/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-1081-repro.yml ADDED
@@ -0,0 +1,29 @@
1
+ # repro case for https://github.com/zizmorcore/zizmor/issues/1081
2
+
3
+ name: issue-1081
4
+
5
+ on: release
6
+
7
+ permissions: {}
8
+
9
+ jobs:
10
+ issue-1081-true-positive:
11
+ name: issue-1081-true-positive
12
+ runs-on: ubuntu-latest
13
+ steps:
14
+ # TRUE POSITIVE: enable-cache enabled by default
15
+ - uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
16
+
17
+ # TRUE POSITIVE: enable-cache explicitly set to true
18
+ - uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
19
+ with:
20
+ enable-cache: true
21
+
22
+ issue-1081-true-negative:
23
+ name: issue-1081-true-negative
24
+ runs-on: ubuntu-latest
25
+ steps:
26
+ # TRUE NEGATIVE: enable-cache explicitly set to false
27
+ - uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
28
+ with:
29
+ enable-cache: false
{zizmor-1.12.0 → zizmor-1.12.1}/crates/yamlpath/LICENSE RENAMED
File without changes
{zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/README.md RENAMED
File without changes
{zizmor-1.12.0 → zizmor-1.12.1}/crates/zizmor/build.rs RENAMED
File without changes